lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 28 Jan 2022 14:29:50 -0500
From:   Lyude Paul <lyude@...hat.com>
To:     nouveau@...ts.freedesktop.org
Cc:     dri-devel@...ts.freedesktop.org,
        Greg KH <gregkh@...uxfoundation.org>,
        Ben Skeggs <bskeggs@...hat.com>,
        Karol Herbst <kherbst@...hat.com>,
        David Airlie <airlied@...ux.ie>,
        Daniel Vetter <daniel@...ll.ch>,
        Zhou Qingyang <zhou1615@....edu>,
        linux-kernel@...r.kernel.org (open list)
Subject: [PATCH] Revert "drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl()"

This reverts commit 2343bcdb4747d4f418a4daf2e898b94f86c24a59.

Unfortunately, as Greg pointed out I totally missed the fact that this
patch came from a umn.edu patch. umn.edu is still banned from contributing
to the Linux kernel, so let's revert this for the time being. I'll
re-evaluate this fix myself later and send another fix if this ends up
being valid.

Signed-off-by: Lyude Paul <lyude@...hat.com>
Cc: Greg KH <gregkh@...uxfoundation.org>
Cc: Ben Skeggs <bskeggs@...hat.com>
Cc: Karol Herbst <kherbst@...hat.com>
---
 drivers/gpu/drm/nouveau/nvkm/subdev/acr/hsfw.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/acr/hsfw.c b/drivers/gpu/drm/nouveau/nvkm/subdev/acr/hsfw.c
index a6ea89a5d51a..667fa016496e 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/acr/hsfw.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/acr/hsfw.c
@@ -142,12 +142,11 @@ nvkm_acr_hsfw_load_bl(struct nvkm_acr *acr, const char *name, int ver,
 
 	hsfw->imem_size = desc->code_size;
 	hsfw->imem_tag = desc->start_tag;
-	hsfw->imem = kmemdup(data + desc->code_off, desc->code_size, GFP_KERNEL);
+	hsfw->imem = kmalloc(desc->code_size, GFP_KERNEL);
+	memcpy(hsfw->imem, data + desc->code_off, desc->code_size);
+
 	nvkm_firmware_put(fw);
-	if (!hsfw->imem)
-		return -ENOMEM;
-	else
-		return 0;
+	return 0;
 }
 
 int
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ