From: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Date: Mon, 9 Jan 2017 15:53:36 +0000 (+0700)
Subject: i2c: fix kernel memory disclosure in dev interface
X-Git-Tag: firefly_0821_release~176^2~4^2~3^2~25
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=ae76af2518067cfbd9c3912f3c2558e5235b6e02;p=firefly-linux-kernel-4.4.55.git

i2c: fix kernel memory disclosure in dev interface

commit 30f939feaeee23e21391cfc7b484f012eb189c3c upstream.

i2c_smbus_xfer() does not always fill an entire block, allowing
kernel stack memory disclosure through the temp variable. Clear
it before it's read to.

Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c
index 2413ec9f8207..94c837046786 100644
--- a/drivers/i2c/i2c-dev.c
+++ b/drivers/i2c/i2c-dev.c
@@ -329,7 +329,7 @@ static noinline int i2cdev_ioctl_smbus(struct i2c_client *client,
 		unsigned long arg)
 {
 	struct i2c_smbus_ioctl_data data_arg;
-	union i2c_smbus_data temp;
+	union i2c_smbus_data temp = {};
 	int datasize, res;
 
 	if (copy_from_user(&data_arg,