UPSTREAM: HID: core: zero-initialize the report buffer

Jiri Kosina · lag-google · commit 2284ba26e8a8 · 2024-12-02T10:56:36.000Z
[ Upstream commit 177f25d ] Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. Bug: 380395346 Fixes: 27ce405 ("HID: fix data access in implement()") Reported-by: Benoît Sevens <bsevens@google.com> Acked-by: Benjamin Tissoires <bentiss@kernel.org> Signed-off-by: Jiri Kosina <jkosina@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 9d9f5c7) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I31f64f2745347137bbc415eb35b7fab5761867f3
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
@@ -1875,7 +1875,7 @@ u8 *hid_alloc_report_buf(struct hid_report *report, gfp_t flags)
 
 	u32 len = hid_report_len(report) + 7;
 
-	return kmalloc(len, flags);
+	return kzalloc(len, flags);
 }
 EXPORT_SYMBOL_GPL(hid_alloc_report_buf);
 

Original file line number	Diff line number	Diff line change
`@@ -1875,7 +1875,7 @@ u8 hid_alloc_report_buf(struct hid_report report, gfp_t flags)`
`1875`	`1875`
`1876`	`1876`	`u32 len = hid_report_len(report) + 7;`
`1877`	`1877`
`1878`		`- return kmalloc(len, flags);`
	`1878`	`+ return kzalloc(len, flags);`
`1879`	`1879`	`}`
`1880`	`1880`	`EXPORT_SYMBOL_GPL(hid_alloc_report_buf);`
`1881`	`1881`