projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bc5f15a)
accel/habanalabs: fix information leak in sec_attest_info()
authorXingyuan Mo <hdthky0@gmail.com>
Fri, 8 Dec 2023 13:00:59 +0000 (21:00 +0800)
committerOded Gabbay <ogabbay@kernel.org>
Tue, 19 Dec 2023 09:09:44 +0000 (11:09 +0200)
This function may copy the pad0 field of struct hl_info_sec_attest to user
mode which has not been initialized, resulting in leakage of kernel heap
data to user mode. To prevent this, use kzalloc() to allocate and zero out
the buffer, which can also eliminate other uninitialized holes, if any.

Fixes: 0c88760f8f5e ("habanalabs/gaudi2: add secured attestation info uapi")
Signed-off-by: Xingyuan Mo <hdthky0@gmail.com>
Reviewed-by: Oded Gabbay <ogabbay@kernel.org>
Signed-off-by: Oded Gabbay <ogabbay@kernel.org>
drivers/accel/habanalabs/common/habanalabs_ioctl.c patch | blob | history

diff --git a/drivers/accel/habanalabs/common/habanalabs_ioctl.c b/drivers/accel/habanalabs/common/habanalabs_ioctl.c
index a92713e0e580174240823ce1a4350d5cb7af12f6..1dd6e23172caa3a4d9f8e0132c49574a0b1a9932 100644 (file)
--- a/drivers/accel/habanalabs/common/habanalabs_ioctl.c
+++ b/drivers/accel/habanalabs/common/habanalabs_ioctl.c
@@ -688,7 +688,7 @@ static int sec_attest_info(struct hl_fpriv *hpriv, struct hl_info_args *args)
        if (!sec_attest_info)
                return -ENOMEM;
 
-       info = kmalloc(sizeof(*info), GFP_KERNEL);
+       info = kzalloc(sizeof(*info), GFP_KERNEL);
        if (!info) {
                rc = -ENOMEM;
                goto free_sec_attest_info;
ep93xx device tree rework repo: git://git.maquefel.me/linux.git