From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5BD7F30B514 for ; Fri, 1 May 2026 04:12:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.171 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777608745; cv=none; b=pMn57RbfMesSTeh14rs+FQXgTa/XamzY2xhdDE60kTtnPQTKhrlBQw/gmYVFiTX8mC7sCWmHAjZcSZnhiP9SK24GrYXe6pEJXKWpND+GLjXW/e4hTSpTyQ5r8TTqT+n42dtJAdtS0b6Y+RYVlINuPJuVQfjzmnUX2yn1dg80D+Q= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777608745; c=relaxed/simple; bh=yTxnDirvmnH5LGk1im4CZr5o+rO8DwmekAa/5S50bt4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=C3aC9NtTB8qBZ/4R5O/kE3PatEcYjd/S96Y2T+A8OjyqChOTQ3Fiuek8BFNdPGNcQATGXmaR7NuajTCWoXDVBxxthQxbULvKxI1BhKfMSEH4I9gAqTHznym5Rf6qQwz3TIyPTasuvA9KnYYMoWV22X/8If2JDo1QAVWRyArqVAU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=aU4dpX23; arc=none smtp.client-ip=209.85.210.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="aU4dpX23" Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-8296d553142so1110682b3a.3 for ; Thu, 30 Apr 2026 21:12:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777608744; x=1778213544; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=t0UuqUvbVXxe7PO3IdsW6Ps33YC23onFgbsbMbzoM7M=; b=aU4dpX232Zx83qBZozzV8NNyNHSHipEWPFQE1bsAYUrugqMIyuhUYGiy0I3awW11xI YSBnMbKrLVGlMeFzROcH4m5w0ZE5CxiJzhrHUMnLThw1vKncxTJHpoT2EgUjUxfXyaUR KCvAB/amIr+XvV6Y7MRdsa4NZZafNtIMb7xU64AJBnme59/vftbgDYboWvISjW3gmk6D AEQDHaIxgvEoSdODa3rPpWjkDPxP3cwob9xNcEF/IBsx2oG/UqEkKFHvrTYAFYJocNkV mdo/k1e/g+xmza4Wj3HI73DyJAEmJ4GO6ngoRlhUH8CUt/zzBENeRo29lRmnlLUnc4Ep Tk7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777608744; x=1778213544; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=t0UuqUvbVXxe7PO3IdsW6Ps33YC23onFgbsbMbzoM7M=; b=Th5nblHv8ebHjLdGU1svc315j0VQ6Hm/JWfy/BNT4mIjUbKH+Z937LJwY1vo21iSqc Y0NTNG32pSWYgRvhtBVgHZDXRsOAF3vEu4EClhh9OTH6h5icKwtg8GYzYfyiTKuOFwbt 6thghjaZdjj2YtKeB1QJ9Av0Of4EAah0NRO1PHayKjm6JEo9J7WptiHGd4T4x8bDiD0R 5N4AOJvUBTWH6jLkA4+bxQ8FDowD5dWTmVrd8pCZzy6CiwpI05GJZNvoSVt74X4ey4zu iP2qHyuglrWlL0SmIiD+15nGhCu2JTabI4Vbomnpnual7462QwMJJ2F1V5ld5JZYU/7g s6Yg== X-Forwarded-Encrypted: i=1; AFNElJ8H8NWOnbdrPUCjXPRnvR5ld8qBbw3RIUkm4t0M6J5UBen7NV8apdsKao7inEXSF56mvnTJqcSm03d/Gbw=@vger.kernel.org X-Gm-Message-State: AOJu0YwBeETNzB51tpmE8KTNmC17eNkIWTl+2qL3+Aj3qx19TECdKpdg qHZpWCZ0L7fc3G0jyQIaAf913UxHA8kXFozrU4UAU7WsQuAwZW/JCCCU X-Gm-Gg: AeBDietiGJ8Wz3O14I5QnKFW6ksUH7tqRcVEAYriLQD2u/OVIdo0ubjAGNbbG7vk+D6 R/c4UiEfDVDcVA8UaLnBKcoo+RG4h9IYm2YiiYNHxmhVz3qdN+OusLP6jg1VmtFkDDACbfthWfZ co8yR9/RdgWudTpVmSKhiubGQd2losYA1XEuyIu8n3RdlP8OAxDBA0W6/0I6mK9/rOxNwstqRJR Mfp6QNVpJ2nN9Zd5mvchns+er632+gTLGFZOXLbbJrKi3F6I+0nx+aE2t4Ut/ZZFqA9d4XNjVLu sEnzjFkCg+rmzlB3j0juedHWHWBUC85x6/ty4zLc5g13z43uy36URksGOSWcOCFgHfYPZp/S8fB CAv2pEo7nLVkzCPWcHhTNwfutjsCEO1SGsnsAH4xsM0wlBDQhTHYBuo48EW1jMvLBG3/dY5VNde 0OT/Bk0z73bni46B9LWrDT9SWpPt/jdp4lXn31tJz9zwXFsb0siMQGYx80gOZJVaw= X-Received: by 2002:a05:6a00:181f:b0:82c:6b23:6d10 with SMTP id d2e1a72fcca58-834fdb58c54mr6377026b3a.3.1777608743787; Thu, 30 Apr 2026 21:12:23 -0700 (PDT) Received: from localhost.localdomain ([49.205.216.49]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-83515b485eesm1159428b3a.48.2026.04.30.21.12.19 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Thu, 30 Apr 2026 21:12:22 -0700 (PDT) From: "Ritesh Harjani (IBM)" To: linuxppc-dev@lists.ozlabs.org, Haren Myneni Cc: Madhavan Srinivasan , Christophe Leroy , Venkat Rao Bagalkote , Nicholas Piggin , linux-kernel@vger.kernel.org, "Ritesh Harjani (IBM)" , stable@vger.kernel.org Subject: [PATCH v3 2/9] pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace Date: Fri, 1 May 2026 09:41:41 +0530 Message-ID: <7bfe03b65a282c856ed8182d1871bb973c0b78f2.1777606826.git.ritesh.list@gmail.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized explicitly. Because the struct papr_hvpipe_hdr contains reserved padding bytes (reserved[3] and reserved2[40]), these could leak the uninitialized bytes to userspace after copy_to_user(). This patch fixes that by initializing the whole struct to 0. Cc: stable@vger.kernel.org Fixes: cebdb522fd3ed ("powerpc/pseries: Receive payload with ibm,receive-hvpipe-msg RTAS") Signed-off-by: Ritesh Harjani (IBM) --- arch/powerpc/platforms/pseries/papr-hvpipe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/platforms/pseries/papr-hvpipe.c b/arch/powerpc/platforms/pseries/papr-hvpipe.c index c41d45e1986d..3392874ebdf6 100644 --- a/arch/powerpc/platforms/pseries/papr-hvpipe.c +++ b/arch/powerpc/platforms/pseries/papr-hvpipe.c @@ -327,7 +327,7 @@ static ssize_t papr_hvpipe_handle_read(struct file *file, { struct hvpipe_source_info *src_info = file->private_data; - struct papr_hvpipe_hdr hdr; + struct papr_hvpipe_hdr hdr = {}; long ret; /* -- 2.39.5