From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Bjorn Helgaas <bhelgaas@google.com>, Borislav Petkov <bp@suse.de>
Subject: [PATCH 3.14 05/43] PCI/AER: Avoid info leak in __print_tlp_header()
Date: Fri, 17 Apr 2015 15:28:39 +0200 [thread overview]
Message-ID: <20150417132556.245738384@linuxfoundation.org> (raw)
In-Reply-To: <20150417132556.014766917@linuxfoundation.org>
3.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
commit a1b7f2f6367944d445c6853035830a35c6343939 upstream.
Commit fab4c256a58b ("PCI/AER: Add a TLP header print helper") introduced
the helper function __print_tlp_header(), but contrary to the intention,
the behaviour did change: Since we're taking the address of the parameter
t, the first 4 or 8 bytes printed will be the value of the pointer t
itself, and the remaining 12 or 8 bytes will be who-knows-what (something
from the stack).
We want to show the values of the four members of the struct
aer_header_log_regs; that can be done without ugly and error-prone casts.
On little-endian this should produce the same output as originally
intended, and since no-one has complained about getting garbage output so
far, I think big-endian should be ok too.
Fixes: fab4c256a58b ("PCI/AER: Add a TLP header print helper")
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pcie/aer/aerdrv_errprint.c | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
--- a/drivers/pci/pcie/aer/aerdrv_errprint.c
+++ b/drivers/pci/pcie/aer/aerdrv_errprint.c
@@ -127,16 +127,8 @@ static const char *aer_agent_string[] =
static void __print_tlp_header(struct pci_dev *dev,
struct aer_header_log_regs *t)
{
- unsigned char *tlp = (unsigned char *)&t;
-
- dev_err(&dev->dev, " TLP Header:"
- " %02x%02x%02x%02x %02x%02x%02x%02x"
- " %02x%02x%02x%02x %02x%02x%02x%02x\n",
- *(tlp + 3), *(tlp + 2), *(tlp + 1), *tlp,
- *(tlp + 7), *(tlp + 6), *(tlp + 5), *(tlp + 4),
- *(tlp + 11), *(tlp + 10), *(tlp + 9),
- *(tlp + 8), *(tlp + 15), *(tlp + 14),
- *(tlp + 13), *(tlp + 12));
+ dev_err(&dev->dev, " TLP Header: %08x %08x %08x %08x\n",
+ t->dw0, t->dw1, t->dw2, t->dw3);
}
static void __aer_print_error(struct pci_dev *dev,
next prev parent reply other threads:[~2015-04-17 14:18 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-17 13:28 [PATCH 3.14 00/43] 3.14.39-stable review Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 01/43] ALSA: hda - Add one more node in the EAPD supporting candidate list Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 02/43] ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 03/43] ALSA: hda/realtek - Make more stable to get pin sense for ALC283 Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 04/43] ALSA: hda - Fix headphone pin config for Lifebook T731 Greg Kroah-Hartman
2015-04-17 13:28 ` Greg Kroah-Hartman [this message]
2015-04-17 13:28 ` [PATCH 3.14 06/43] ARC: SA_SIGINFO ucontext regs off-by-one Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 07/43] selinux: fix sel_write_enforce broken return value Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 08/43] tcp: Fix crash in TCP Fast Open Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 09/43] btrfs: simplify insert_orphan_item Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 10/43] IB/core: Avoid leakage from kernel to user space Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 11/43] IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 12/43] iwlwifi: dvm: run INIT firmware again upon .start() Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 13/43] nbd: fix possible memory leak Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 14/43] mm/memory hotplug: postpone the reset of obsolete pgdat Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 15/43] sched: Fix RLIMIT_RTTIME when PI-boosting to RT Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 16/43] writeback: add missing INITIAL_JIFFIES init in global_update_bandwidth() Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 17/43] writeback: fix possible underflow in write bandwidth calculation Greg Kroah-Hartman
2015-04-17 13:28 ` Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 19/43] USB: ftdi_sio: Added custom PID for Synapse Wireless product Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 20/43] USB: ftdi_sio: Use jtag quirk for SNAP Connect E10 Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 21/43] Defer processing of REQ_PREEMPT requests for blocked devices Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 22/43] iio: inv_mpu6050: Clear timestamps fifo while resetting hardware fifo Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 23/43] iio: imu: Use iio_trigger_get for indio_dev->trig assignment Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 24/43] dmaengine: omap-dma: Fix memory leak when terminating running transfer Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.14 25/43] x86/reboot: Add ASRock Q1900DC-ITX mainboard reboot quirk Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 26/43] can: flexcan: Deferred on Regulator return EPROBE_DEFER Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 27/43] cpuidle: remove state_count field from struct cpuidle_device Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 28/43] cpuidle: ACPI: do not overwrite name and description of C0 Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 29/43] usb: xhci: handle Config Error Change (CEC) in xhci driver Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 30/43] usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 31/43] tty: serial: fsl_lpuart: clear receive flag on FIFO flush Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 32/43] n_tty: Fix read buffer overwrite when no newline Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 33/43] cifs: smb2_clone_range() - exit on unhandled error Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 34/43] cifs: fix use-after-free bug in find_writable_file Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 35/43] be2iscsi: Fix kernel panic when device initialization fails Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 36/43] ocfs2: _really_ sync the right range Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 37/43] ioctx_alloc(): fix vma (and file) leak on failure Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 38/43] iscsi target: fix oops when adding reject pdu Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 39/43] [media] sh_veu: v4l2_dev wasnt set Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 40/43] [media] media: s5p-mfc: fix mmap support for 64bit arch Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 41/43] net: rds: use correct size for max unacked packets and bytes Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 42/43] net: llc: use correct size for sysctl timeout entries Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.14 43/43] IB/mlx4: Saturate RoCE port PMA counters in case of overflow Greg Kroah-Hartman
2015-04-17 17:35 ` [PATCH 3.14 00/43] 3.14.39-stable review Shuah Khan
2015-04-17 20:02 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150417132556.245738384@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bhelgaas@google.com \
--cc=bp@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.