video: tegra: nvmap: fix information leak in pin/unpin

When the NVMAP_IOC_PIN_MULT_32 and NVMAP_IOC_UNPIN_MULT_32 are called it is possible that the op.addr is not initialized. This can cause write to some random address thus causing corruption. This patch fixes Google Bug 31668540 bug 1832092 Change-Id: I4d12d1a6c777131ba1fa2a753ea640861f8e82a6 Signed-off-by: Sri Krishna chowdary <schowdary@nvidia.com> Reviewed-on: http://git-master/r/1314406 (cherry picked from commit da0c43534bb61e2e0849e297d389517d5e4ed168) Reviewed-on: http://git-master/r/1504673 GVS: Gerrit_Virtual_Submit Reviewed-by: Bibek Basu <bbasu@nvidia.com> Tested-by: Bibek Basu <bbasu@nvidia.com> Reviewed-by: Winnie Hsu <whsu@nvidia.com>
author: Sri Krishna chowdary <schowdary@nvidia.com> 2017-03-03 10:44:08 +0530
committer: Winnie Hsu <whsu@nvidia.com> 2017-06-21 16:52:34 -0700
commit: d45c4c5cae287106a349c4f85d12c45920147fb0 (patch)
tree: 702ca7445ee94207097eb5d2c3e7d2ca89039bba
parent: 707cd5f568f3521090d31dec663f54d7fca08347 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/video/tegra/nvmap/nvmap_ioctl.c b/drivers/video/tegra/nvmap/nvmap_ioctl.c
index 98b9c78f278b..a52dbab922b4 100644
--- a/drivers/video/tegra/nvmap/nvmap_ioctl.c
+++ b/drivers/video/tegra/nvmap/nvmap_ioctl.c
@@ -88,6 +88,7 @@ int nvmap_ioctl_pinop(struct file *filp, bool is_pin, void __user *arg,
 			return -EFAULT;
 		op.handles = (__u32 *)(uintptr_t)op32.handles;
 		op.count = op32.count;
+		op.addr = (unsigned long *)(uintptr_t)op32.addr;
 	} else
 #endif
 		if (copy_from_user(&op, arg, sizeof(op)))
author	Sri Krishna chowdary <schowdary@nvidia.com>	2017-03-03 10:44:08 +0530
committer	Winnie Hsu <whsu@nvidia.com>	2017-06-21 16:52:34 -0700
commit	d45c4c5cae287106a349c4f85d12c45920147fb0 (patch)
tree	702ca7445ee94207097eb5d2c3e7d2ca89039bba
parent	707cd5f568f3521090d31dec663f54d7fca08347 (diff)