This is a note to let you know that I've just added the patch titled
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
gma-gma500-fix-a-memory-disclosure-bug-due-to-uninit.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 32bae30f8a7c32d397709e83273851a858e14b14
Author: Kangjie Lu <kjlu@xxxxxxx>
Date: Thu Oct 17 23:29:53 2019 -0500
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
[ Upstream commit 57a25a5f754ce27da2cfa6f413cfd366f878db76 ]
`best_clock` is an object that may be sent out. Object `clock`
contains uninitialized bytes that are copied to `best_clock`,
which leads to memory disclosure and information leak.
Signed-off-by: Kangjie Lu <kjlu@xxxxxxx>
Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxx>
Link: https://patchwork.freedesktop.org/patch/msgid/20191018042953.31099-1-kjlu@xxxxxxx
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/gpu/drm/gma500/cdv_intel_display.c b/drivers/gpu/drm/gma500/cdv_intel_display.c
index 17db4b4749d5a..2e8479744ca4a 100644
--- a/drivers/gpu/drm/gma500/cdv_intel_display.c
+++ b/drivers/gpu/drm/gma500/cdv_intel_display.c
@@ -415,6 +415,8 @@ static bool cdv_intel_find_dp_pll(const struct gma_limit_t *limit,
struct gma_crtc *gma_crtc = to_gma_crtc(crtc);
struct gma_clock_t clock;
+ memset(&clock, 0, sizeof(clock));
+
switch (refclk) {
case 27000:
if (target < 200000) {
