Re: [PATCH v2] habanalabs: fix information leak in sec_attest_info()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 08, 2023 at 09:00:59PM +0800, Xingyuan Mo wrote:
> This function may copy the pad0 field of struct hl_info_sec_attest to user
> mode which has not been initialized, resulting in leakage of kernel heap
> data to user mode. To prevent this, use kzalloc() to allocate and zero out
> the buffer, which can also eliminate other uninitilized holes, if any.
> 
> Fixes: 0c88760f8f5e ("habanalabs/gaudi2: add secured attestation info uapi")
> Signed-off-by: Xingyuan Mo <hdthky0@xxxxxxxxx>
> ---
>  drivers/accel/habanalabs/common/habanalabs_ioctl.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/accel/habanalabs/common/habanalabs_ioctl.c b/drivers/accel/habanalabs/common/habanalabs_ioctl.c
> index 8ef36effb95b..a7cd625d82c0 100644
> --- a/drivers/accel/habanalabs/common/habanalabs_ioctl.c
> +++ b/drivers/accel/habanalabs/common/habanalabs_ioctl.c
> @@ -685,7 +685,7 @@ static int sec_attest_info(struct hl_fpriv *hpriv, struct hl_info_args *args)
>  	if (!sec_attest_info)
>  		return -ENOMEM;
>  
> -	info = kmalloc(sizeof(*info), GFP_KERNEL);
> +	info = kzalloc(sizeof(*info), GFP_KERNEL);
>  	if (!info) {
>  		rc = -ENOMEM;
>  		goto free_sec_attest_info;
> -- 
> 2.34.1
> 

Reviewed-by: Oded Gabbay <ogabbay@xxxxxxxxxx>
Applied to -next.

Thanks,
Oded




[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux