| commit | 2c03944867ab41b03fc93aa2876782f116d3097e | [log] [tgz] |
|---|---|---|
| author | Linux Patches Robot <linux-patches-robot@chromeos-missing-patches.google.com.iam.gserviceaccount.com> | Sat Mar 25 01:18:03 2023 |
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Mar 27 18:42:18 2023 |
| tree | 48737369fc6329954b76c0da5981ae8aa6c0bef9 | |
| parent | 8f00acbf315f72b455448720683509e1aa4619e1 [diff] |
UPSTREAM: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by using zeroed memory. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74 Fixes: eda2e30c6684 ("mfd / platform: cros_ec: Miscellaneous character device to talk with the EC") Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org> Reviewed-by: Guenter Roeck <groeck@chromium.org> Link: https://lore.kernel.org/r/20230324010658.1082361-1-tzungbi@kernel.org (cherry picked from commit b20cf3f89c56b5f6a38b7f76a8128bf9f291bbd3) BUG=chromium:972644 TEST=Compile Signed-off-by: Linux Patches Robot <linux-patches-robot@chromeos-missing-patches.google.com.iam.gserviceaccount.com> Change-Id: I634988f102aa2b5165056a9ec533ba65659a318c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4371518 Commit-Queue: Gwendal Grignou <gwendal@chromium.org> Reviewed-by: Benson Leung <bleung@google.com> Reviewed-by: Gwendal Grignou <gwendal@chromium.org> Tested-by: Gwendal Grignou <gwendal@chromium.org>