From: Tony Nguyen anthony.l.nguyen@intel.com
stable inclusion from stable-v4.19.270 commit ef1d739dd1f362aec081278ff92f943c31eb177a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRIW CVE: CVE-2022-48949
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
commit de5dc44370fbd6b46bd7f1a1e00369be54a041c8 upstream.
When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that information may be leaked to the VM. Initialize the message buffer to 0 so that no information is passed to the VM in this case.
Fixes: 6ddbc4cf1f4d ("igb: Indicate failure on vf reset for empty mac address") Reported-by: Akihiko Odaki akihiko.odaki@daynix.com Signed-off-by: Tony Nguyen anthony.l.nguyen@intel.com Reviewed-by: Akihiko Odaki akihiko.odaki@daynix.com Reviewed-by: Leon Romanovsky leonro@nvidia.com Link: https://lore.kernel.org/r/20221212190031.3983342-1-anthony.l.nguyen@intel.co... Signed-off-by: Jakub Kicinski kuba@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Wang Liang wangliang74@huawei.com --- drivers/net/ethernet/intel/igb/igb_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c index 6b7e4a718630..ef5d11723d56 100644 --- a/drivers/net/ethernet/intel/igb/igb_main.c +++ b/drivers/net/ethernet/intel/igb/igb_main.c @@ -7151,7 +7151,7 @@ static void igb_vf_reset_msg(struct igb_adapter *adapter, u32 vf) { struct e1000_hw *hw = &adapter->hw; unsigned char *vf_mac = adapter->vf_data[vf].vf_mac_addresses; - u32 reg, msgbuf[3]; + u32 reg, msgbuf[3] = {}; u8 *addr = (u8 *)(&msgbuf[1]);
/* process all the same items cleared in a function level reset */