Re: [PATCH] drm/amdgpu: fix a potential information leaking bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



在 2019/7/27 17:30, Wang Xiayang 写道:
> Coccinelle reports a path that the array "data" is never initialized.
> The path skips the checks in the conditional branches when either
> of callback functions, read_wave_vgprs and read_wave_sgprs, is not
> registered. Later, the uninitialized "data" array is read
> in the while-loop below and passed to put_user().
>
> Fix the path by allocating the array with kcalloc().
>
> The patch is simplier than adding a fall-back branch that explicitly
> calls memset(data, 0, ...). Also it does not need the multiplication
> 1024*sizeof(*data) as the size parameter for memset() though there is
> no risk of integer overflow.
>
> Signed-off-by: Wang Xiayang <xywang.sjtu@xxxxxxxxxxx>

Reviewed-by: Chunming Zhou <david1.zhou@xxxxxxx>

-David

> ---
>   drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> index 6d54decef7f8..5652cc72ed3a 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> @@ -707,7 +707,7 @@ static ssize_t amdgpu_debugfs_gpr_read(struct file *f, char __user *buf,
>   	thread = (*pos & GENMASK_ULL(59, 52)) >> 52;
>   	bank = (*pos & GENMASK_ULL(61, 60)) >> 60;
>   
> -	data = kmalloc_array(1024, sizeof(*data), GFP_KERNEL);
> +	data = kcalloc(1024, sizeof(*data), GFP_KERNEL);
>   	if (!data)
>   		return -ENOMEM;
>   
_______________________________________________
amd-gfx mailing list
amd-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/amd-gfx




[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux