accel/habanalabs: fix information leak in sec_attest_info()

This function may copy the pad0 field of struct hl_info_sec_attest to user mode which has not been initialized, resulting in leakage of kernel heap data to user mode. To prevent this, use kzalloc() to allocate and zero out the buffer, which can also eliminate other uninitialized holes, if any. Fixes: 0c88760f8f5e ("habanalabs/gaudi2: add secured attestation info uapi") Signed-off-by: Xingyuan Mo <hdthky0@gmail.com> Reviewed-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Oded Gabbay <ogabbay@kernel.org>
author: Xingyuan Mo <hdthky0@gmail.com> 2023-12-08 21:00:59 +0800
committer: Oded Gabbay <ogabbay@kernel.org> 2023-12-19 11:09:44 +0200
commit: a9f07790a4b2250f0140e9a61c7f842fd9b618c7 (patch)
tree: 9e35c9895056311508f4e8ea75d170472acfcdbb /drivers/accel
parent: bc5f15abcf95ce7e4c2e33daddcb5850ee5e671d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/accel/habanalabs/common/habanalabs_ioctl.c b/drivers/accel/habanalabs/common/habanalabs_ioctl.c
index a92713e0e580..1dd6e23172ca 100644
--- a/drivers/accel/habanalabs/common/habanalabs_ioctl.c
+++ b/drivers/accel/habanalabs/common/habanalabs_ioctl.c
@@ -688,7 +688,7 @@ static int sec_attest_info(struct hl_fpriv *hpriv, struct hl_info_args *args)
 	if (!sec_attest_info)
 		return -ENOMEM;
 
-	info = kmalloc(sizeof(*info), GFP_KERNEL);
+	info = kzalloc(sizeof(*info), GFP_KERNEL);
 	if (!info) {
 		rc = -ENOMEM;
 		goto free_sec_attest_info;
author	Xingyuan Mo <hdthky0@gmail.com>	2023-12-08 21:00:59 +0800
committer	Oded Gabbay <ogabbay@kernel.org>	2023-12-19 11:09:44 +0200
commit	a9f07790a4b2250f0140e9a61c7f842fd9b618c7 (patch)
tree	9e35c9895056311508f4e8ea75d170472acfcdbb /drivers/accel
parent	bc5f15abcf95ce7e4c2e33daddcb5850ee5e671d (diff)