Make sure to clear the transfer buffer before fetching the EDID to
avoid leaking slab data to the logs on errors that leave the buffer
unchanged.
Fixes: 69c7717c20cc ("drm/edid: Dump the EDID when drm_edid_get_panel_id() has an error")
Cc: [email protected] # 6.2
Cc: Douglas Anderson <[email protected]>
Signed-off-by: Johan Hovold <[email protected]>
---
drivers/gpu/drm/drm_edid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c
index 3841aba17abd..8707fe72a028 100644
--- a/drivers/gpu/drm/drm_edid.c
+++ b/drivers/gpu/drm/drm_edid.c
@@ -2797,7 +2797,7 @@ u32 drm_edid_get_panel_id(struct i2c_adapter *adapter)
* the EDID then we'll just return 0.
*/
- base_block = kmalloc(EDID_LENGTH, GFP_KERNEL);
+ base_block = kzalloc(EDID_LENGTH, GFP_KERNEL);
if (!base_block)
return 0;
--
2.39.2
On Thu, 02 Mar 2023, Johan Hovold <[email protected]> wrote:
> Make sure to clear the transfer buffer before fetching the EDID to
> avoid leaking slab data to the logs on errors that leave the buffer
> unchanged.
>
> Fixes: 69c7717c20cc ("drm/edid: Dump the EDID when drm_edid_get_panel_id() has an error")
> Cc: [email protected] # 6.2
> Cc: Douglas Anderson <[email protected]>
> Signed-off-by: Johan Hovold <[email protected]>
Reviewed-by: Jani Nikula <[email protected]>
> ---
> drivers/gpu/drm/drm_edid.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c
> index 3841aba17abd..8707fe72a028 100644
> --- a/drivers/gpu/drm/drm_edid.c
> +++ b/drivers/gpu/drm/drm_edid.c
> @@ -2797,7 +2797,7 @@ u32 drm_edid_get_panel_id(struct i2c_adapter *adapter)
> * the EDID then we'll just return 0.
> */
>
> - base_block = kmalloc(EDID_LENGTH, GFP_KERNEL);
> + base_block = kzalloc(EDID_LENGTH, GFP_KERNEL);
> if (!base_block)
> return 0;
--
Jani Nikula, Intel Open Source Graphics Center
Hi,
On Wed, Mar 1, 2023 at 11:49 PM Johan Hovold <[email protected]> wrote:
>
> Make sure to clear the transfer buffer before fetching the EDID to
> avoid leaking slab data to the logs on errors that leave the buffer
> unchanged.
>
> Fixes: 69c7717c20cc ("drm/edid: Dump the EDID when drm_edid_get_panel_id() has an error")
> Cc: [email protected] # 6.2
> Cc: Douglas Anderson <[email protected]>
> Signed-off-by: Johan Hovold <[email protected]>
> ---
> drivers/gpu/drm/drm_edid.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c
> index 3841aba17abd..8707fe72a028 100644
> --- a/drivers/gpu/drm/drm_edid.c
> +++ b/drivers/gpu/drm/drm_edid.c
> @@ -2797,7 +2797,7 @@ u32 drm_edid_get_panel_id(struct i2c_adapter *adapter)
> * the EDID then we'll just return 0.
> */
>
> - base_block = kmalloc(EDID_LENGTH, GFP_KERNEL);
> + base_block = kzalloc(EDID_LENGTH, GFP_KERNEL);
Good catch! I'm landing this to drm-misc-fixes right away.
4d8457fe0eb9 drm/edid: fix info leak when failing to get panel id
I'm sure I copied the kmalloc() from _drm_do_get_edid(), but it looks
like in _that_ case if the read fails we never print the buffer so
that one is OK.
-Doug