From: Dan Carpenter <dan.carpenter@oracle.com>
To: "Rafael J. Wysocki" <rafael@kernel.org>, Chen Yu <yu.c.chen@intel.com>
Cc: Len Brown <lenb@kernel.org>,
linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: [PATCH] ACPI: pfr_telemetry: Fix info leak in pfrt_log_ioctl()
Date: Fri, 7 Jan 2022 10:34:07 +0300 [thread overview]
Message-ID: <20220107073407.GG22086@kili> (raw)
The "data_info" struct is copied to the user. It has a 4 byte struct
hole after the last struct member so we need to memset that to avoid
copying uninitialized stack data to the user.
Fixes: b0013e037a8b ("ACPI: Introduce Platform Firmware Runtime Telemetry driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
When you're adding a new driver to the kernel then please use the new
driver's prefix instead of just the subsystem prefix.
Bad: ACPI: Introduce Platform Firmware Runtime Telemetry driver
Good: ACPI / pfr_telemetry: Introduce Platform Firmware Runtime Telemetry driver
Otherwise it's just up to me to guess what prefix you wanted.
drivers/acpi/pfr_telemetry.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/acpi/pfr_telemetry.c b/drivers/acpi/pfr_telemetry.c
index da50dd80192c..9abf350bd7a5 100644
--- a/drivers/acpi/pfr_telemetry.c
+++ b/drivers/acpi/pfr_telemetry.c
@@ -83,6 +83,7 @@ static int get_pfrt_log_data_info(struct pfrt_log_data_info *data_info,
union acpi_object *out_obj, in_obj, in_buf;
int ret = -EBUSY;
+ memset(data_info, 0, sizeof(*data_info));
memset(&in_obj, 0, sizeof(in_obj));
memset(&in_buf, 0, sizeof(in_buf));
in_obj.type = ACPI_TYPE_PACKAGE;
--
2.20.1
next reply other threads:[~2022-01-07 7:34 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-07 7:34 Dan Carpenter [this message]
2022-01-07 13:46 ` [PATCH] ACPI: pfr_telemetry: Fix info leak in pfrt_log_ioctl() Chen Yu
2022-01-10 6:17 ` Dan Carpenter
2022-01-10 15:39 ` Rafael J. Wysocki
2022-01-11 1:09 ` Chen Yu
2022-01-11 0:56 ` Chen Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220107073407.GG22086@kili \
--to=dan.carpenter@oracle.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=yu.c.chen@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.