commit cc8f7fe1f5eab010191aa4570f27641876fa1267 upstream Add __GFP_ZERO flag for alloc_page in function bio_copy_kern to initialize the buffer of a bio. Signed-off-by: Haimin Zhang <tcs.kernel@xxxxxxxxx> Reviewed-by: Chaitanya Kulkarni <kch@xxxxxxxxxx> Reviewed-by: Christoph Hellwig <hch@xxxxxx> Link: https://lore.kernel.org/r/20220216084038.15635-1-tcs.kernel@xxxxxxxxx Signed-off-by: Jens Axboe <axboe@xxxxxxxxx> [nobelbarakat: Backported to 5.4: Manually added __GFP_ZERO flag] Signed-off-by: Nobel Barakat <nobelbarakat@xxxxxxxxxx> --- This changes fixes a kernel info leak since it's possible for bio_copy_kern to copy unitialized memory into userspace. This change had to be manually backported since bio_copy_kern is in a different file (bio.c) than the upstream commit (blk-map.c) block/bio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/bio.c b/block/bio.c index b1170ec18464..363294afc394 100644 --- a/block/bio.c +++ b/block/bio.c @@ -1570,7 +1570,7 @@ struct bio *bio_copy_kern(struct request_queue *q, void *data, unsigned int len, if (bytes > len) bytes = len; - page = alloc_page(q->bounce_gfp | gfp_mask); + page = alloc_page(q->bounce_gfp | __GFP_ZERO | gfp_mask); if (!page) goto cleanup; -- 2.36.0.464.gb9c8b46e94-goog
