From patchwork Thu Dec  7 13:50:16 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
X-Patchwork-Id: 845580
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	by ozlabs.org (Postfix) with ESMTP id 3ysxh51pfdz9sNV;
	Fri,  8 Dec 2017 00:50:29 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1eMwZF-0004fy-Fq; Thu, 07 Dec 2017 13:50:25 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <kleber.souza@canonical.com>)
	id 1eMwZD-0004fJ-B8
	for kernel-team@lists.ubuntu.com; Thu, 07 Dec 2017 13:50:23 +0000
Received: from mail-wr0-f197.google.com ([209.85.128.197])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <kleber.souza@canonical.com>)
	id 1eMwZD-0000TV-3r
	for kernel-team@lists.ubuntu.com; Thu, 07 Dec 2017 13:50:23 +0000
Received: by mail-wr0-f197.google.com with SMTP id j4so4109739wrg.15
	for <kernel-team@lists.ubuntu.com>;
	Thu, 07 Dec 2017 05:50:23 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=wFfp0OwFZ61GLU38cCzDHC1dSH7QzvXUW74EHZPklTA=;
	b=ih1MILo4vprK8K1xo9ALkVo4gyB9+CxnO+IWYFUEDsQVVDENF6BR5rx+/s/HPHxfYv
	rIsYMof6eALSi3wxC4vVqwi5QIU/Gp4+lcN4AAjJ29M+7f0xjGYwZCk5Gjptj5cYw6Wd
	3zydcXl32xN80zV++Zo1b7D2gMvB41dPESI1TZLy6nt/C7Wg/2oTjpLKodHdbdf8L5pX
	b6aDXdf2B0nNKETkbxWblFNeTehbrMhh4/1lC06La8Klc4jl+qP69ctTVmS0aFE4tag1
	+PUVPI6K8AqiRxMPgWHo2IWuh58m9/OJgOVmWrsKZldC7oezHtK2SjRgiMm9F1F+MBmq
	N1oA==
X-Gm-Message-State: AJaThX5ms6Ja8BvCM099XbQIF7FatMsk7/TI+oBOMMTY3mdhf7PM/RIB
	MrCNYwT6eVJMH1TbtMZirBl5ro/kF6I5UjgUAqKj9RJ346OSqq9AiPKKeAmDcRcvFTSI+hnjBKe
	7G2pGHUi7vOmqHc7Xb9NsWHX5meBOsBQkZ3kCGNDr3Q==
X-Received: by 10.223.155.131 with SMTP id d3mr25352757wrc.29.1512654622414;
	Thu, 07 Dec 2017 05:50:22 -0800 (PST)
X-Google-Smtp-Source: 
 AGs4zMZuyny66eFf381ozyZ7dqIso611Y98Sehi8hLcxMMBtMUoBmsMXQCKe/j3jmeCGcwJJrDyJyQ==
X-Received: by 10.223.155.131 with SMTP id d3mr25352739wrc.29.1512654622177;
	Thu, 07 Dec 2017 05:50:22 -0800 (PST)
Received: from localhost ([2a02:8109:98c0:1604:b972:f7ea:7fbe:5583])
	by smtp.gmail.com with ESMTPSA id
	v195sm5524649wmf.25.2017.12.07.05.50.20
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Thu, 07 Dec 2017 05:50:21 -0800 (PST)
From: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Trusty][PATCH 1/1] video: fbdev: aty: do not leak
	uninitialized padding in clk to userspace
Date: Thu,  7 Dec 2017 14:50:16 +0100
Message-Id: <20171207135017.4754-2-kleber.souza@canonical.com>
X-Mailer: git-send-email 2.14.1
In-Reply-To: <20171207135017.4754-1-kleber.souza@canonical.com>
References: <20171207135017.4754-1-kleber.souza@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Vladis Dronov <vdronov@redhat.com>

'clk' is copied to a userland with padding byte(s) after 'vclk_post_div'
field unitialized, leaking data from the stack. Fix this ensuring all of
'clk' is initialized to zero.

References: https://github.com/torvalds/linux/pull/441
Reported-by: sohu0106 <sohu0106@126.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

CVE-2017-14156
(backported from commit 8e75f7a7a00461ef6d91797a60b606367f6e344d)
[klebers: adapted file path, which has been moved by f7018c213502 upstream]
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
---
 drivers/video/aty/atyfb_base.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/video/aty/atyfb_base.c b/drivers/video/aty/atyfb_base.c
index 28fafbf864a5..fc17085ae1f7 100644
--- a/drivers/video/aty/atyfb_base.c
+++ b/drivers/video/aty/atyfb_base.c
@@ -1852,7 +1852,7 @@ static int atyfb_ioctl(struct fb_info *info, u_int cmd, u_long arg)
 #if defined(DEBUG) && defined(CONFIG_FB_ATY_CT)
 	case ATYIO_CLKR:
 		if (M64_HAS(INTEGRATED)) {
-			struct atyclk clk;
+			struct atyclk clk = { 0 };
 			union aty_pll *pll = &par->pll;
 			u32 dsp_config = pll->ct.dsp_config;
 			u32 dsp_on_off = pll->ct.dsp_on_off;