commit 54d4e2f02f9738e854d0415f661b76d05abf858e
author Jilai Wang <jilaiw@codeaurora.org> Wed Dec 16 10:00:12 2020 -0500
committer Eva Huang <evahuang@google.com> Fri Jul 23 09:10:00 2021 +0000
tree 4354861a21778c72fcbabe92d1e8a52793df3eaa
parent 5e200c52d23d1ea9ac48b5b73414a0e18717ece9

msm: npu: memset npu_kevent to prevent leak stack information

npu_kevent will be copied to user buffer, so it is possible that
user will be able to access some stack memory via the uninitialized
padding data. This change is to use memset to make sure this stack
information won't be leaked.

Bug: 184564237
Change-Id: I77acafe11e67093f17906176720508674e1d35e8
Signed-off-by: Jilai Wang <jilaiw@codeaurora.org>

drivers/media/platform/msm/npu/npu_mgr.c

diff --git a/drivers/media/platform/msm/npu/npu_mgr.c b/drivers/media/platform/msm/npu/npu_mgr.c
index 44b68e3..4590a1f 100644
--- a/drivers/media/platform/msm/npu/npu_mgr.c
+++ b/drivers/media/platform/msm/npu/npu_mgr.c
@@ -725,6 +725,7 @@ static void app_msg_proc(struct npu_host_ctx *host_ctx, uint32_t *msg)
 	struct npu_kevent kevt;
 	struct npu_device *npu_dev = host_ctx->npu_dev;
 
+	memset(&kevt, 0, sizeof(kevt));
 	msg_id = msg[1];
 	switch (msg_id) {
 	case NPU_IPC_MSG_EXECUTE_DONE: