Re: [PATCH] drm/edid: fix info leak when failing to get panel id

From: Doug Anderson
Date: Thu Mar 02 2023 - 13:29:59 EST

Next message: pr-tracker-bot: "Re: [GIT PULL] SPI fixes for v6.3"
Previous message: aloktiagi: "[RFC 3/3] file, epoll: Implement do_replace() and eventpoll_replace()"
In reply to: Jani Nikula: "Re: [PATCH] drm/edid: fix info leak when failing to get panel id"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Wed, Mar 1, 2023 at 11:49 PM Johan Hovold <johan+linaro@xxxxxxxxxx> wrote:
>
> Make sure to clear the transfer buffer before fetching the EDID to
> avoid leaking slab data to the logs on errors that leave the buffer
> unchanged.
>
> Fixes: 69c7717c20cc ("drm/edid: Dump the EDID when drm_edid_get_panel_id() has an error")
> Cc: stable@xxxxxxxxxxxxxxx # 6.2
> Cc: Douglas Anderson <dianders@xxxxxxxxxxxx>
> Signed-off-by: Johan Hovold <johan+linaro@xxxxxxxxxx>
> ---
> drivers/gpu/drm/drm_edid.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c
> index 3841aba17abd..8707fe72a028 100644
> --- a/drivers/gpu/drm/drm_edid.c
> +++ b/drivers/gpu/drm/drm_edid.c
> @@ -2797,7 +2797,7 @@ u32 drm_edid_get_panel_id(struct i2c_adapter *adapter)
> * the EDID then we'll just return 0.
> */
>
> - base_block = kmalloc(EDID_LENGTH, GFP_KERNEL);
> + base_block = kzalloc(EDID_LENGTH, GFP_KERNEL);

Good catch! I'm landing this to drm-misc-fixes right away.

4d8457fe0eb9 drm/edid: fix info leak when failing to get panel id

I'm sure I copied the kmalloc() from _drm_do_get_edid(), but it looks
like in _that_ case if the read fails we never print the buffer so
that one is OK.

-Doug

Next message: pr-tracker-bot: "Re: [GIT PULL] SPI fixes for v6.3"
Previous message: aloktiagi: "[RFC 3/3] file, epoll: Implement do_replace() and eventpoll_replace()"
In reply to: Jani Nikula: "Re: [PATCH] drm/edid: fix info leak when failing to get panel id"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]