--- /dev/null
+From 19ab233989d0f7ab1de19a036e247afa4a0a1e9c Mon Sep 17 00:00:00 2001
+From: Phillip Potter <phil@philpotter.co.uk>
+Date: Wed, 31 Mar 2021 23:07:19 +0100
+Subject: fbdev: zero-fill colormap in fbcmap.c
+
+From: Phillip Potter <phil@philpotter.co.uk>
+
+commit 19ab233989d0f7ab1de19a036e247afa4a0a1e9c upstream.
+
+Use kzalloc() rather than kmalloc() for the dynamically allocated parts
+of the colormap in fb_alloc_cmap_gfp, to prevent a leak of random kernel
+data to userspace under certain circumstances.
+
+Fixes a KMSAN-found infoleak bug reported by syzbot at:
+https://syzkaller.appspot.com/bug?id=741578659feabd108ad9e06696f0c1f2e69c4b6e
+
+Reported-by: syzbot+47fa9c9c648b765305b9@syzkaller.appspotmail.com
+Cc: stable <stable@vger.kernel.org>
+Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Signed-off-by: Phillip Potter <phil@philpotter.co.uk>
+Link: https://lore.kernel.org/r/20210331220719.1499743-1-phil@philpotter.co.uk
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/core/fbcmap.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/video/fbdev/core/fbcmap.c
++++ b/drivers/video/fbdev/core/fbcmap.c
+@@ -101,17 +101,17 @@ int fb_alloc_cmap_gfp(struct fb_cmap *cm
+ if (!len)
+ return 0;
+
+- cmap->red = kmalloc(size, flags);
++ cmap->red = kzalloc(size, flags);
+ if (!cmap->red)
+ goto fail;
+- cmap->green = kmalloc(size, flags);
++ cmap->green = kzalloc(size, flags);
+ if (!cmap->green)
+ goto fail;
+- cmap->blue = kmalloc(size, flags);
++ cmap->blue = kzalloc(size, flags);
+ if (!cmap->blue)
+ goto fail;
+ if (transp) {
+- cmap->transp = kmalloc(size, flags);
++ cmap->transp = kzalloc(size, flags);
+ if (!cmap->transp)
+ goto fail;
+ } else {
projects / thirdparty / kernel / stable-queue.git / commitdiff
