diff mbox series

[5.8,012/118] habanalabs: prevent user buff overflow

Message ID	20200921162036.900249682@linuxfoundation.org
State	New
Headers	show Return-Path: <SRS0=lyed=C6=vger.kernel.org=stable-owner@kernel.org> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org, Moti Haimovski <mhaimovski@habana.ai>, Oded Gabbay <oded.gabbay@gmail.com>, Sasha Levin <sashal@kernel.org> Subject: [PATCH 5.8 012/118] habanalabs: prevent user buff overflow Date: Mon, 21 Sep 2020 18:27:04 +0200 Message-Id: <20200921162036.900249682@linuxfoundation.org> In-Reply-To: <20200921162036.324813383@linuxfoundation.org> References: <20200921162036.324813383@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	None \| expand [5.8,002/118] dt-bindings: spi: Fix spi-bcm-qspi compatible ordering [5.8,003/118] mptcp: sendmsg: reset iter on error [5.8,004/118] net: handle the return value of pskb_carve_frag_list() correctly [5.8,005/118] dt-bindings: PCI: intel,lgm-pcie: Fix matching on all snps,dw-pcie instances [5.8,006/118] hv_netvsc: Remove "unlikely" from netvsc_select_queue [5.8,007/118] loop: Set correct device size when using LOOP_CONFIGURE [5.8,008/118] firmware_loader: fix memory leak for paged buffer [5.8,009/118] xprtrdma: Release in-flight MRs on disconnect [5.8,010/118] NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall [5.8,011/118] phy: omap-usb2-phy: disable PHY charger detect [5.8,012/118] habanalabs: prevent user buff overflow [5.8,013/118] habanalabs: fix report of RAZWI initiator coordinates [5.8,014/118] scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort [5.8,015/118] scsi: libfc: Fix for double free() [5.8,016/118] scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery [5.8,017/118] scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events [5.8,018/118] regulator: pwm: Fix machine constraints application [5.8,019/118] spi: spi-loopback-test: Fix out-of-bounds read [5.8,020/118] interconnect: Show bandwidth for disabled paths as zero in debugfs [5.8,021/118] NFS: Zero-stateid SETATTR should first return delegation [5.8,022/118] SUNRPC: stop printk reading past end of string [5.8,023/118] rapidio: Replace select DMAENGINES with depends on [5.8,024/118] cifs: fix DFS mount with cifsacl/modefromsid [5.8,025/118] openrisc: Fix cache API compile issue when not inlining [5.8,026/118] nvme-fc: cancel async events before freeing event struct [5.8,027/118] nvme-rdma: cancel async events before freeing event struct [5.8,028/118] nvme-tcp: cancel async events before freeing event struct [5.8,029/118] block: only call sched requeue_request() for scheduled requests [5.8,030/118] f2fs: fix indefinite loop scanning for free nid [5.8,031/118] f2fs: Return EOF on unaligned end of file DIO read [5.8,032/118] i2c: algo: pca: Reapply i2c bus settings after reset [5.8,033/118] spi: Fix memory leak on splited transfers [5.8,034/118] KVM: Check the allocation of pv cpu mask [5.8,035/118] KVM: MIPS: Change the definition of kvm type [5.8,036/118] clk: davinci: Use the correct size when allocating memory [5.8,037/118] clk: rockchip: Fix initialization of mux_pll_src_4plls_p [5.8,038/118] ASoC: Intel: skl_hda_dsp_generic: Fix NULLptr dereference in autosuspend delay [5.8,039/118] ASoC: qcom: Set card->owner to avoid warnings [5.8,040/118] ASoC: rt1308-sdw: Fix return check for devm_regmap_init_sdw() [5.8,041/118] ASoC: rt711: Fix return check for devm_regmap_init_sdw() [5.8,042/118] ASoC: rt715: Fix return check for devm_regmap_init_sdw() [5.8,043/118] ASoC: rt700: Fix return check for devm_regmap_init_sdw() [5.8,044/118] ASoC: qcom: common: Fix refcount imbalance on error [5.8,045/118] drm/mediatek: dsi: Fix scrolling of panel with small hfp or hbp [5.8,046/118] powerpc/book3s64/radix: Fix boot failure with large amount of guest memory [5.8,047/118] ASoC: soc-core: add snd_soc_find_dai_with_mutex() [5.8,048/118] ASoC: meson: axg-toddr: fix channel order on g12 platforms [5.8,049/118] ASoC: tlv320adcx140: Fix accessing uninitialized adcx140->dev [5.8,050/118] ASoC: Intel: haswell: Fix power transition refactor [5.8,051/118] ASoC: core: Do not cleanup uninitialized dais on soc_pcm_open failure [5.8,052/118] Drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() [5.8,053/118] scsi: libsas: Fix error path in sas_notify_lldd_dev_found() [5.8,054/118] arm64: Allow CPUs unffected by ARM erratum 1418040 to come in late [5.8,055/118] Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload [5.8,056/118] perf test: Fix the "signal" test inline assembly [5.8,057/118] perf record: Dont clear events period if set by a term [5.8,058/118] MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT [5.8,059/118] perf test: Free aliases for PMU event map aliases test [5.8,060/118] perf metric: Fix some memory leaks [5.8,061/118] perf evlist: Fix cpu/thread map leak [5.8,062/118] perf parse-event: Fix memory leak in evsel->unit [5.8,063/118] perf test: Free formats for perf pmu parse test [5.8,064/118] drm/i915/gem: Reduce context termination list iteration guard to RCU [5.8,065/118] fbcon: Fix user font detection test at fbcon_resize(). [5.8,066/118] MIPS: SNI: Fix spurious interrupts [5.8,067/118] drm/mediatek: Use CPU when fail to get cmdq event [5.8,068/118] drm/mediatek: Add missing put_device() call in mtk_ddp_comp_init() [5.8,069/118] drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail [5.8,070/118] drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() [5.8,071/118] drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() [5.8,072/118] arm64: bpf: Fix branch offset in JIT [5.8,073/118] iommu/amd: Fix potential @entry null deref [5.8,074/118] iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode [5.8,075/118] kconfig: qconf: use delete[] instead of delete to free array (again) [5.8,076/118] i2c: mediatek: Fix generic definitions for bus frequency [5.8,077/118] i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK [5.8,078/118] riscv: Add sfence.vma after early page table changes [5.8,079/118] locking/lockdep: Fix "USED" <- "IN-NMI" inversions [5.8,080/118] efi: efibc: check for efivars write capability [5.8,081/118] locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count [5.8,082/118] x86/unwind/fp: Fix FP unwinding in ret_from_fork [5.8,083/118] drm/kfd: fix a system crash issue during GPU recovery [5.8,084/118] drm/i915/gem: Delay tracking the GEM context until it is registered [5.8,085/118] drm/i915: Filter wake_flags passed to default_wake_function [5.8,086/118] USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook [5.8,087/118] USB: UAS: fix disconnect by unplugging a hub [5.8,088/118] usblp: fix race between disconnect() and read() [5.8,089/118] usb: typec: ucsi: acpi: Increase command completion timeout value [5.8,090/118] usb: typec: ucsi: Prevent mode overrun [5.8,091/118] i2c: i801: Fix resume bug [5.8,092/118] Revert "ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO" [5.8,093/118] ALSA: hda: fixup headset for ASUS GX502 laptop [5.8,094/118] ALSA: hda/realtek - The Mic on a RedmiBook doesnt work [5.8,095/118] percpu: fix first chunk size calculation for populated bitmap [5.8,096/118] Input: trackpoint - add new trackpoint variant IDs [5.8,097/118] Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists [5.8,098/118] thunderbolt: Retry DROM read once if parsing fails [5.8,099/118] serial: 8250_pci: Add Realtek 816a and 816b [5.8,100/118] serial: core: fix port-lock initialisation [5.8,101/118] serial: core: fix console port-lock regression [5.8,102/118] x86/boot/compressed: Disable relocation relaxation [5.8,103/118] ksm: reinstate memcg charge on copied pages [5.8,104/118] kprobes: fix kill kprobe which has been marked as gone [5.8,105/118] mm/thp: fix __split_huge_pmd_locked() for migration PMD [5.8,106/118] s390: add 3f program exception handler [5.8,107/118] s390/pci: fix leak of DMA tables on hard unplug [5.8,108/118] s390/zcrypt: fix kmalloc 256k failure [5.8,109/118] ehci-hcd: Move include to keep CRC stable [5.8,110/118] arm64: paravirt: Initialize steal time when cpu is online [5.8,111/118] powerpc/dma: Fix dma_map_ops::get_required_mask [5.8,112/118] selftests/vm: fix display of page size in map_hugetlb [5.8,113/118] dm/dax: Fix table reference counts [5.8,114/118] mm/memory_hotplug: drain per-cpu pages again during memory offline [5.8,115/118] dm: Call proper helper to determine dax support [5.8,116/118] dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX [5.8,117/118] mm: memcg: fix memcg reclaim soft lockup [5.8,118/118] nvme-loop: set ctrl state connecting after init

Commit Message

Greg Kroah-Hartman Sept. 21, 2020, 4:27 p.m. UTC

From: Moti Haimovski <mhaimovski@habana.ai>

[ Upstream commit 6396feabf7a4104a4ddfecc00b8aac535c631a66 ]

This commit fixes a potential debugfs issue that may occur when
reading the clock gating mask into the user buffer since the
user buffer size was not taken into consideration.

Signed-off-by: Moti Haimovski <mhaimovski@habana.ai>
Reviewed-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/misc/habanalabs/debugfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff mbox series

Patch

diff --git a/drivers/misc/habanalabs/debugfs.c b/drivers/misc/habanalabs/debugfs.c
index 6c2b9cf45e831..650922061bdc7 100644
--- a/drivers/misc/habanalabs/debugfs.c
+++ b/drivers/misc/habanalabs/debugfs.c
@@ -982,7 +982,7 @@  static ssize_t hl_clk_gate_read(struct file *f, char __user *buf,
 		return 0;
 
 	sprintf(tmp_buf, "0x%llx\n", hdev->clock_gating_mask);
-	rc = simple_read_from_buffer(buf, strlen(tmp_buf) + 1, ppos, tmp_buf,
+	rc = simple_read_from_buffer(buf, count, ppos, tmp_buf,
 			strlen(tmp_buf) + 1);
 
 	return rc;