diff mbox series

[5.10] block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern

Message ID 20220504201207.2352621-1-nobelbarakat@google.com
State New
Headers show
Series [5.10] block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern | expand

Commit Message

Nobel Barakat May 4, 2022, 8:12 p.m. UTC 
[ Upstream commit cc8f7fe1f5eab010191aa4570f27641876fa1267 ]

Add __GFP_ZERO flag for alloc_page in function bio_copy_kern to initialize
the buffer of a bio.

Signed-off-by: Haimin Zhang <tcs.kernel@gmail.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220216084038.15635-1-tcs.kernel@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
[nobelbarakat: Backported to 5.10: Manually added flag] 
Signed-off-by: Nobel Barakat <nobelbarakat@google.com>
---
This changes fixes a kernel info leak since it's possible for bio_copy_kern to
copy unitialized memory into userspace. 

For the backport, I had to manually add the __GFP_ZERO
flag since alloc_page on 5.10 uses a different parameter
than on 5.15. On 5.10, alloc_page is called with q->bounce_gfp
whereas on 5.15 it's called with GFP_NOIO.

Version 5.4 is also affected, and I intend to submit a backport
there as well.

 block/blk-map.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/block/blk-map.c b/block/blk-map.c
index 21630dccac62..ede73f4f7014 100644
--- a/block/blk-map.c
+++ b/block/blk-map.c
@@ -488,7 +488,7 @@ 
 		if (bytes > len)
 			bytes = len;
 
-		page = alloc_page(q->bounce_gfp | gfp_mask);
+		page = alloc_page(q->bounce_gfp | __GFP_ZERO | gfp_mask);
 		if (!page)
 			goto cleanup;