diff options
| author | Nitin Gote <nitin.r.gote@intel.com> | 2025-07-18 16:20:51 +0530 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-08-28 16:34:43 +0200 |
| commit | 6b14c9c9140648e2a4c4daaec767c5a3dd5ab8b9 (patch) | |
| tree | 9c2cd10da87d1a23e47614a85e2e5b7b6f03e2ac /rust/kernel/net.rs | |
| parent | 9ab05797198c17ee26b2364d72cd73fd229a0e9d (diff) | |
iosys-map: Fix undefined behavior in iosys_map_clear()
[ Upstream commit 5634c8cb298a7146b4e38873473e280b50e27a2c ]
The current iosys_map_clear() implementation reads the potentially
uninitialized 'is_iomem' boolean field to decide which union member
to clear. This causes undefined behavior when called on uninitialized
structures, as 'is_iomem' may contain garbage values like 0xFF.
UBSAN detects this as:
UBSAN: invalid-load in include/linux/iosys-map.h:267
load of value 255 is not a valid value for type '_Bool'
Fix by unconditionally clearing the entire structure with memset(),
eliminating the need to read uninitialized data and ensuring all
fields are set to known good values.
Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14639
Fixes: 01fd30da0474 ("dma-buf: Add struct dma-buf-map for storing struct dma_buf.vaddr_ptr")
Signed-off-by: Nitin Gote <nitin.r.gote@intel.com>
Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com>
Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://lore.kernel.org/r/20250718105051.2709487-1-nitin.r.gote@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'rust/kernel/net.rs')
0 files changed, 0 insertions, 0 deletions