On Wed, May 04, 2022 at 08:12:07PM +0000, Nobel Barakat wrote: > [ Upstream commit cc8f7fe1f5eab010191aa4570f27641876fa1267 ] > > Add __GFP_ZERO flag for alloc_page in function bio_copy_kern to initialize > the buffer of a bio. > > Signed-off-by: Haimin Zhang <tcs.kernel@xxxxxxxxx> > Reviewed-by: Chaitanya Kulkarni <kch@xxxxxxxxxx> > Reviewed-by: Christoph Hellwig <hch@xxxxxx> > Link: https://lore.kernel.org/r/20220216084038.15635-1-tcs.kernel@xxxxxxxxx > Signed-off-by: Jens Axboe <axboe@xxxxxxxxx> > [nobelbarakat: Backported to 5.10: Manually added flag] > Signed-off-by: Nobel Barakat <nobelbarakat@xxxxxxxxxx> > --- > This changes fixes a kernel info leak since it's possible for bio_copy_kern to > copy unitialized memory into userspace. > > For the backport, I had to manually add the __GFP_ZERO > flag since alloc_page on 5.10 uses a different parameter > than on 5.15. On 5.10, alloc_page is called with q->bounce_gfp > whereas on 5.15 it's called with GFP_NOIO. > > Version 5.4 is also affected, and I intend to submit a backport > there as well. > > block/blk-map.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/block/blk-map.c b/block/blk-map.c > index 21630dccac62..ede73f4f7014 100644 > --- a/block/blk-map.c > +++ b/block/blk-map.c > @@ -488,7 +488,7 @@ > if (bytes > len) > bytes = len; > > - page = alloc_page(q->bounce_gfp | gfp_mask); > + page = alloc_page(q->bounce_gfp | __GFP_ZERO | gfp_mask); > if (!page) > goto cleanup; > > -- > 2.36.0.464.gb9c8b46e94-goog > Both now queued up, thanks. greg k-h
