On Wed, 2018-11-07 at 07:37 -0700, Keith Busch wrote:
> If the kernel allocates a bounce buffer for user read data, this
> memory
> needs to be cleared before copying it to the user, otherwise it may
> leak
> kernel memory to user space.
>
> Signed-off-by: Keith Busch <keith.busch@xxxxxxxxx>
> ---
> block/bio.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/block/bio.c b/block/bio.c
> index d5368a445561..a50d59236b19 100644
> --- a/block/bio.c
> +++ b/block/bio.c
> @@ -1260,6 +1260,7 @@ struct bio *bio_copy_user_iov(struct
> request_queue *q,
> if (ret)
> goto cleanup;
> } else {
> + zero_fill_bio(bio);
> iov_iter_advance(iter, bio->bi_iter.bi_size);
> }
>
Straightforward, looks good from my view.
Reviewed-by:
Laurence Oberman <loberman@xxxxxxxxxx>
