summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikita Zhandarovich <n.zhandarovich@fintech.ru>2023-03-06 08:06:56 -0800
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2023-03-22 13:38:09 +0100
commitb5693d4b374b3bff94a3c89f937e4e876b6ed9aa (patch)
treedbd297aa1b9c034327c0a7bbc65bf9655cc77693
parentf934b8588f45d6928b81864a8fef226940d560d9 (diff)
downloadlinux-b5693d4b374b3bff94a3c89f937e4e876b6ed9aa.tar.gz
linux-b5693d4b374b3bff94a3c89f937e4e876b6ed9aa.tar.bz2
linux-b5693d4b374b3bff94a3c89f937e4e876b6ed9aa.zip
x86/mm: Fix use of uninitialized buffer in sme_enable()
commit cbebd68f59f03633469f3ecf9bea99cd6cce3854 upstream. cmdline_find_option() may fail before doing any initialization of the buffer array. This may lead to unpredictable results when the same buffer is used later in calls to strncmp() function. Fix the issue by returning early if cmdline_find_option() returns an error. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: aca20d546214 ("x86/mm: Add support to make use of Secure Memory Encryption") Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Cc: <stable@kernel.org> Link: https://lore.kernel.org/r/20230306160656.14844-1-n.zhandarovich@fintech.ru Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat
-rw-r--r--arch/x86/mm/mem_encrypt_identity.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
index 88cccd65029d..c6efcf559d88 100644
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -600,7 +600,8 @@ void __init sme_enable(struct boot_params *bp)
cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
((u64)bp->ext_cmd_line_ptr << 32));
- cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer));
+ if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0)
+ return;
if (!strncmp(buffer, cmdline_on, sizeof(buffer)))
sme_me_mask = me_mask;
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-06 16:21:46 +0000