All of lore.kernel.org
 help / color / mirror / Atom feed
From: Chaitanya Kulkarni <chaitanyak@nvidia.com>
To: Maxime Coquelin <maxime.coquelin@redhat.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"virtualization@lists.linux-foundation.org" 
	<virtualization@lists.linux-foundation.org>,
	Eli Cohen <elic@nvidia.com>,
	"guanjun@linux.alibaba.com" <guanjun@linux.alibaba.com>,
	Parav Pandit <parav@nvidia.com>,
	"gautam.dawar@xilinx.com" <gautam.dawar@xilinx.com>,
	"dan.carpenter@oracle.com" <dan.carpenter@oracle.com>,
	"xieyongji@bytedance.com" <xieyongji@bytedance.com>,
	"jasowang@redhat.com" <jasowang@redhat.com>,
	"mst@redhat.com" <mst@redhat.com>
Cc: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
	"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [PATCH v3] vduse: prevent uninitialized memory accesses
Date: Wed, 31 Aug 2022 16:57:59 +0000	[thread overview]
Message-ID: <fc475f95-3523-6c03-2508-23617eb26422@nvidia.com> (raw)
In-Reply-To: <20220831154923.97809-1-maxime.coquelin@redhat.com>

On 8/31/22 08:49, Maxime Coquelin wrote:
> If the VDUSE application provides a smaller config space
> than the driver expects, the driver may use uninitialized
> memory from the stack.
> 
> This patch prevents it by initializing the buffer passed by
> the driver to store the config value.
> 
> This fix addresses CVE-2022-2308.
> 
> Cc: stable@vger.kernel.org # v5.15+
> Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace")
> Reviewed-by: Xie Yongji <xieyongji@bytedance.com>
> Acked-by: Jason Wang <jasowang@redhat.com>
> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> ---

Looks good.

Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>

      reply	other threads:[~2022-08-31 16:59 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-31 15:49 [PATCH v3] vduse: prevent uninitialized memory accesses Maxime Coquelin
2022-08-31 15:49 ` Maxime Coquelin
2022-08-31 16:57 ` Chaitanya Kulkarni [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fc475f95-3523-6c03-2508-23617eb26422@nvidia.com \
    --to=chaitanyak@nvidia.com \
    --cc=dan.carpenter@oracle.com \
    --cc=elic@nvidia.com \
    --cc=gautam.dawar@xilinx.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=guanjun@linux.alibaba.com \
    --cc=jasowang@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maxime.coquelin@redhat.com \
    --cc=mst@redhat.com \
    --cc=parav@nvidia.com \
    --cc=stable@vger.kernel.org \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=xieyongji@bytedance.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.