[ Upstream commit cc8f7fe1f5eab010191aa4570f27641876fa1267 ] Add __GFP_ZERO flag for alloc_page in function bio_copy_kern to initialize the buffer of a bio. Signed-off-by: Haimin Zhang <tcs.kernel@xxxxxxxxx> Reviewed-by: Chaitanya Kulkarni <kch@xxxxxxxxxx> Reviewed-by: Christoph Hellwig <hch@xxxxxx> Link: https://lore.kernel.org/r/20220216084038.15635-1-tcs.kernel@xxxxxxxxx Signed-off-by: Jens Axboe <axboe@xxxxxxxxx> [nobelbarakat: Backported to 5.10: Manually added flag] Signed-off-by: Nobel Barakat <nobelbarakat@xxxxxxxxxx> --- This changes fixes a kernel info leak since it's possible for bio_copy_kern to copy unitialized memory into userspace. For the backport, I had to manually add the __GFP_ZERO flag since alloc_page on 5.10 uses a different parameter than on 5.15. On 5.10, alloc_page is called with q->bounce_gfp whereas on 5.15 it's called with GFP_NOIO. Version 5.4 is also affected, and I intend to submit a backport there as well. block/blk-map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/blk-map.c b/block/blk-map.c index 21630dccac62..ede73f4f7014 100644 --- a/block/blk-map.c +++ b/block/blk-map.c @@ -488,7 +488,7 @@ if (bytes > len) bytes = len; - page = alloc_page(q->bounce_gfp | gfp_mask); + page = alloc_page(q->bounce_gfp | __GFP_ZERO | gfp_mask); if (!page) goto cleanup; -- 2.36.0.464.gb9c8b46e94-goog
