From patchwork Thu Dec  7 13:50:17 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
X-Patchwork-Id: 845581
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	by ozlabs.org (Postfix) with ESMTP id 3ysxh746Nlz9s84;
	Fri,  8 Dec 2017 00:50:31 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1eMwZH-0004hB-K3; Thu, 07 Dec 2017 13:50:27 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <kleber.souza@canonical.com>)
	id 1eMwZF-0004fw-Hd
	for kernel-team@lists.ubuntu.com; Thu, 07 Dec 2017 13:50:25 +0000
Received: from mail-wr0-f200.google.com ([209.85.128.200])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <kleber.souza@canonical.com>)
	id 1eMwZF-0000Tr-A9
	for kernel-team@lists.ubuntu.com; Thu, 07 Dec 2017 13:50:25 +0000
Received: by mail-wr0-f200.google.com with SMTP id l4so4121503wre.10
	for <kernel-team@lists.ubuntu.com>;
	Thu, 07 Dec 2017 05:50:25 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=XAeorOGFtIuP9SIh5EeN0mlfnaq2KmgsxSLrDyxTrkw=;
	b=ONyhcaDGNj6d74P2CWxFUWLkNlFXFleqdKJ2MrC2yAd79XidJjKRhsd4czvv4f6qVA
	IoZ4eA4aDgQzfgu3AkuhW/nj+0858E/b3a72JZ1AOzEGocj+KNTBSNhpLpcW1hmPPBD4
	3pjSPTEVOkt+/f9obFcgITgW+p3a1WSCXAHvQG2nGh/XTeMb7/cJ4nyvHa6Mbgk6vXAE
	QDQaY9OI8tgXQ4Ja8PhfjRY0my3AqG8LdyiA7TQPgUAX2FQ/Cy3CNUhTn4z9Ic2DQ9Fc
	0TuFZKz5taro4T0iD4sa4Z5B0sA2n7nfDvE79B7UvxNLM+9gph4Kch1UytTDxZHp6Yjy
	hKIg==
X-Gm-Message-State: AKGB3mIp//kXy29XXG3Ye5T0qNGHIIegoSMELZNmttYOJQ2L/5pl0NWW
	qt06pIOKLWN3HAiAp0NuKOkuvWtshD0OSl9cF4FbHV2iLVdgpI1zPd19ZHTWCWJQCH/eMgVazMX
	R3XoYXiHJzEk3v18HmNpudfVI0MUQNHiAPcGVt5rE7w==
X-Received: by 10.28.29.207 with SMTP id d198mr1195873wmd.106.1512654624652;
	Thu, 07 Dec 2017 05:50:24 -0800 (PST)
X-Google-Smtp-Source: 
 AGs4zMZuqKgWpAZRzAv70w626Oeh9njsNwf/73e+p5aThzm0GEmpv5z+nnY0nIQgkWnXOBzd3B07TQ==
X-Received: by 10.28.29.207 with SMTP id d198mr1195863wmd.106.1512654624435;
	Thu, 07 Dec 2017 05:50:24 -0800 (PST)
Received: from localhost ([2a02:8109:98c0:1604:b972:f7ea:7fbe:5583])
	by smtp.gmail.com with ESMTPSA id
	i3sm5136706wre.33.2017.12.07.05.50.23
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Thu, 07 Dec 2017 05:50:23 -0800 (PST)
From: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Zesty][PATCH 1/1] video: fbdev: aty: do not leak uninitialized
	padding in clk to userspace
Date: Thu,  7 Dec 2017 14:50:17 +0100
Message-Id: <20171207135017.4754-3-kleber.souza@canonical.com>
X-Mailer: git-send-email 2.14.1
In-Reply-To: <20171207135017.4754-1-kleber.souza@canonical.com>
References: <20171207135017.4754-1-kleber.souza@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Vladis Dronov <vdronov@redhat.com>

'clk' is copied to a userland with padding byte(s) after 'vclk_post_div'
field unitialized, leaking data from the stack. Fix this ensuring all of
'clk' is initialized to zero.

References: https://github.com/torvalds/linux/pull/441
Reported-by: sohu0106 <sohu0106@126.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

CVE-2017-14156
(cherry picked from commit 8e75f7a7a00461ef6d91797a60b606367f6e344d)
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
---
 drivers/video/fbdev/aty/atyfb_base.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/video/fbdev/aty/atyfb_base.c b/drivers/video/fbdev/aty/atyfb_base.c
index 11026e726b68..81367cf0af77 100644
--- a/drivers/video/fbdev/aty/atyfb_base.c
+++ b/drivers/video/fbdev/aty/atyfb_base.c
@@ -1861,7 +1861,7 @@ static int atyfb_ioctl(struct fb_info *info, u_int cmd, u_long arg)
 #if defined(DEBUG) && defined(CONFIG_FB_ATY_CT)
 	case ATYIO_CLKR:
 		if (M64_HAS(INTEGRATED)) {
-			struct atyclk clk;
+			struct atyclk clk = { 0 };
 			union aty_pll *pll = &par->pll;
 			u32 dsp_config = pll->ct.dsp_config;
 			u32 dsp_on_off = pll->ct.dsp_on_off;