| From bf9216f922612d2db7666aae01e65064da2ffb3a Mon Sep 17 00:00:00 2001 |
| From: "Darrick J. Wong" <darrick.wong@oracle.com> |
| Date: Mon, 3 Apr 2017 12:22:39 -0700 |
| Subject: xfs: fix kernel memory exposure problems |
| |
| From: Darrick J. Wong <darrick.wong@oracle.com> |
| |
| commit bf9216f922612d2db7666aae01e65064da2ffb3a upstream. |
| |
| Fix a memory exposure problems in inumbers where we allocate an array of |
| structures with holes, fail to zero the holes, then blindly copy the |
| kernel memory contents (junk and all) into userspace. |
| |
| Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> |
| Reviewed-by: Christoph Hellwig <hch@lst.de> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/xfs/xfs_itable.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/fs/xfs/xfs_itable.c |
| +++ b/fs/xfs/xfs_itable.c |
| @@ -585,7 +585,7 @@ xfs_inumbers( |
| return error; |
| |
| bcount = MIN(left, (int)(PAGE_SIZE / sizeof(*buffer))); |
| - buffer = kmem_alloc(bcount * sizeof(*buffer), KM_SLEEP); |
| + buffer = kmem_zalloc(bcount * sizeof(*buffer), KM_SLEEP); |
| do { |
| struct xfs_inobt_rec_incore r; |
| int stat; |
