From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
Nikita Zhandarovich <n.zhandarovich@fintech.ru>,
"Borislav Petkov (AMD)" <bp@alien8.de>,
Tom Lendacky <thomas.lendacky@amd.com>,
stable@kernel.org
Subject: [PATCH 4.19 32/36] x86/mm: Fix use of uninitialized buffer in sme_enable()
Date: Mon, 20 Mar 2023 15:54:58 +0100 [thread overview]
Message-ID: <20230320145425.433875798@linuxfoundation.org> (raw)
In-Reply-To: <20230320145424.191578432@linuxfoundation.org>
From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
commit cbebd68f59f03633469f3ecf9bea99cd6cce3854 upstream.
cmdline_find_option() may fail before doing any initialization of
the buffer array. This may lead to unpredictable results when the same
buffer is used later in calls to strncmp() function. Fix the issue by
returning early if cmdline_find_option() returns an error.
Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.
Fixes: aca20d546214 ("x86/mm: Add support to make use of Secure Memory Encryption")
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/20230306160656.14844-1-n.zhandarovich@fintech.ru
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/mem_encrypt_identity.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -563,7 +563,8 @@ void __init sme_enable(struct boot_param
cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
((u64)bp->ext_cmd_line_ptr << 32));
- cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer));
+ if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0)
+ return;
if (!strncmp(buffer, cmdline_on, sizeof(buffer)))
sme_me_mask = me_mask;
next prev parent reply other threads:[~2023-03-20 15:03 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-20 14:54 [PATCH 4.19 00/36] 4.19.279-rc1 review Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 01/36] ext4: fix cgroup writeback accounting with fs-layer encryption Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 02/36] fs: sysfs_emit_at: Remove PAGE_SIZE alignment check Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 03/36] clk: HI655X: select REGMAP instead of depending on it Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 04/36] tcp: tcp_make_synack() can be called from process context Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 05/36] nfc: pn533: initialize struct pn533_out_arg properly Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 06/36] qed/qed_dev: guard against a possible division by zero Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 07/36] net: tunnels: annotate lockless accesses to dev->needed_headroom Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 08/36] net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 09/36] nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 10/36] net: usb: smsc75xx: Limit packet length to skb->len Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 11/36] nvmet: avoid potential UAF in nvmet_req_complete() Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 12/36] block: sunvdc: add check for mdesc_grab() returning NULL Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 13/36] ipv4: Fix incorrect table ID in IOCTL path Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 14/36] net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 15/36] net/iucv: Fix size of interrupt data Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 16/36] ethernet: sun: add check for the mdesc_grab() Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 17/36] hwmon: (adt7475) Display smoothing attributes in correct order Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 18/36] hwmon: (adt7475) Fix masking of hysteresis registers Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 19/36] hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 20/36] media: m5mols: fix off-by-one loop termination error Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 21/36] mmc: atmel-mci: fix race between stop command and start of next command Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 22/36] jffs2: correct logic when creating a hole in jffs2_write_begin Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 23/36] rust: arch/um: Disable FP/SIMD instruction to match x86 Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 24/36] ext4: fail ext4_iget if special inode unallocated Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 25/36] ext4: fix task hung in ext4_xattr_delete_inode Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 26/36] drm/amdkfd: Fix an illegal memory access Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 27/36] sh: intc: Avoid spurious sizeof-pointer-div warning Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 28/36] tracing: Check field value in hist_field_name() Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 29/36] tracing: Make tracepoint lockdep check actually test something Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 30/36] ftrace: Fix invalid address access in lookup_rec() when index is 0 Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.19 31/36] fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks Greg Kroah-Hartman
2023-03-20 14:54 ` Greg Kroah-Hartman [this message]
2023-03-20 14:54 ` [PATCH 4.19 33/36] drm/i915: Dont use stolen memory for ring buffers with LLC Greg Kroah-Hartman
2023-03-20 14:55 ` [PATCH 4.19 34/36] serial: 8250_em: Fix UART port type Greg Kroah-Hartman
2023-03-20 14:55 ` [PATCH 4.19 35/36] HID: core: Provide new max_buffer_size attribute to over-ride the default Greg Kroah-Hartman
2023-03-20 14:55 ` [PATCH 4.19 36/36] HID: uhid: Over-ride the default maximum data buffer value with our own Greg Kroah-Hartman
2023-03-20 17:19 ` [PATCH 4.19 00/36] 4.19.279-rc1 review Chris Paterson
2023-03-20 23:15 ` Shuah Khan
2023-03-21 7:31 ` Naresh Kamboju
2023-03-21 11:53 ` Jon Hunter
2023-03-21 23:13 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230320145425.433875798@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bp@alien8.de \
--cc=n.zhandarovich@fintech.ru \
--cc=patches@lists.linux.dev \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).