iommufd: Make sure to zero vfio_iommu_type1_info before copying to user - linux

diff options

author	Jason Gunthorpe <jgg@nvidia.com>	2023-02-13 15:32:21 +0100
committer	Jason Gunthorpe <jgg@nvidia.com>	2023-02-14 21:49:55 +0100
commit	b3551ead616318ea155558cdbe7e91495b8d9b33 (patch)
tree	9ac199f32398b8bea2cfbbe085a4bc9fcb707ac2 /fs
parent	Merge branch 'vfio-no-iommu' into iommufd.git for-next (diff)
download	linux-b3551ead616318ea155558cdbe7e91495b8d9b33.tar.xz linux-b3551ead616318ea155558cdbe7e91495b8d9b33.zip

iommufd: Make sure to zero vfio_iommu_type1_info before copying to user

Missed a zero initialization here. Most of the struct is filled with a copy_from_user(), however minsz for that copy is smaller than the actual struct by 8 bytes, thus we don't fill the padding. Cc: stable@vger.kernel.org # 6.1+ Fixes: d624d6652a65 ("iommufd: vfio container FD ioctl compatibility") Link: https://lore.kernel.org/r/0-v1-a74499ece799+1a-iommufd_get_info_leak_jgg@nvidia.com Reviewed-by: Kevin Tian <kevin.tian@intel.com> Reported-by: syzbot+cb1e0978f6bf46b83a58@syzkaller.appspotmail.com Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

Diffstat (limited to 'fs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: