1 From a01421e4484327fe44f8e126793ed5a48a221e24 Mon Sep 17 00:00:00 2001
2 From: Vlad Tsyrklevich <vlad@tsyrklevich.net>
3 Date: Fri, 11 Jan 2019 14:34:38 +0100
4 Subject: omap2fb: Fix stack memory disclosure
6 From: Vlad Tsyrklevich <vlad@tsyrklevich.net>
8 commit a01421e4484327fe44f8e126793ed5a48a221e24 upstream.
10 Using [1] for static analysis I found that the OMAPFB_QUERY_PLANE,
11 OMAPFB_GET_COLOR_KEY, OMAPFB_GET_DISPLAY_INFO, and OMAPFB_GET_VRAM_INFO
12 cases could all leak uninitialized stack memory--either due to
13 uninitialized padding or 'reserved' fields.
15 Fix them by clearing the shared union used to store copied out data.
17 [1] https://github.com/vlad902/kernel-uninitialized-memory-checker
19 Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
20 Reviewed-by: Kees Cook <keescook@chromium.org>
21 Fixes: b39a982ddecf ("OMAP: DSS2: omapfb driver")
22 Cc: security@kernel.org
23 [b.zolnierkie: prefix patch subject with "omap2fb: "]
24 Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
25 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
28 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 2 ++
29 1 file changed, 2 insertions(+)
31 --- a/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c
32 +++ b/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c
33 @@ -609,6 +609,8 @@ int omapfb_ioctl(struct fb_info *fbi, un
37 + memset(&p, 0, sizeof(p));
41 DBG("ioctl SYNC_GFX\n");