From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DB00C433B4 for ; Sun, 11 Apr 2021 06:29:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E7BCD6101D for ; Sun, 11 Apr 2021 06:29:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235229AbhDKG33 (ORCPT ); Sun, 11 Apr 2021 02:29:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:54494 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235277AbhDKG32 (ORCPT ); Sun, 11 Apr 2021 02:29:28 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 5D78F611C9; Sun, 11 Apr 2021 06:29:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618122552; bh=YEa86afLveTkZ9mRfteJ4uQnBGpMSJTm7LtgDUvSql4=; h=Subject:To:From:Date:From; b=oVPPgLOAkSyv1+g/crFZXeSyTDlFHR5hFk+3ZeEGtFSKGuT8Bq61RwVkDGnnR7tLX WiGpLKJvrYvn1guQ1bhPPh24HCOq93sMy+azkMbGTqEF8qxb7kx2g9koOv/arAUeAX Yxp7gKJsxZnURmfJb2EQ2WAHGou0N8ZDMxWkLLUs= Subject: patch "fbdev: zero-fill colormap in fbcmap.c" added to char-misc-next To: phil@philpotter.co.uk, geert+renesas@glider.be, gregkh@linuxfoundation.org, stable@vger.kernel.org From: Date: Sun, 11 Apr 2021 08:28:14 +0200 Message-ID: <16181224949422@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org This is a note to let you know that I've just added the patch titled fbdev: zero-fill colormap in fbcmap.c to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 19ab233989d0f7ab1de19a036e247afa4a0a1e9c Mon Sep 17 00:00:00 2001 From: Phillip Potter Date: Wed, 31 Mar 2021 23:07:19 +0100 Subject: fbdev: zero-fill colormap in fbcmap.c Use kzalloc() rather than kmalloc() for the dynamically allocated parts of the colormap in fb_alloc_cmap_gfp, to prevent a leak of random kernel data to userspace under certain circumstances. Fixes a KMSAN-found infoleak bug reported by syzbot at: https://syzkaller.appspot.com/bug?id=741578659feabd108ad9e06696f0c1f2e69c4b6e Reported-by: syzbot+47fa9c9c648b765305b9@syzkaller.appspotmail.com Cc: stable Reviewed-by: Geert Uytterhoeven Signed-off-by: Phillip Potter Link: https://lore.kernel.org/r/20210331220719.1499743-1-phil@philpotter.co.uk Signed-off-by: Greg Kroah-Hartman --- drivers/video/fbdev/core/fbcmap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/video/fbdev/core/fbcmap.c b/drivers/video/fbdev/core/fbcmap.c index 757d5c3f620b..ff09e57f3c38 100644 --- a/drivers/video/fbdev/core/fbcmap.c +++ b/drivers/video/fbdev/core/fbcmap.c @@ -101,17 +101,17 @@ int fb_alloc_cmap_gfp(struct fb_cmap *cmap, int len, int transp, gfp_t flags) if (!len) return 0; - cmap->red = kmalloc(size, flags); + cmap->red = kzalloc(size, flags); if (!cmap->red) goto fail; - cmap->green = kmalloc(size, flags); + cmap->green = kzalloc(size, flags); if (!cmap->green) goto fail; - cmap->blue = kmalloc(size, flags); + cmap->blue = kzalloc(size, flags); if (!cmap->blue) goto fail; if (transp) { - cmap->transp = kmalloc(size, flags); + cmap->transp = kzalloc(size, flags); if (!cmap->transp) goto fail; } else { -- 2.31.1