ACK: [PATCH] scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
Stefan Bader
stefan.bader at canonical.com
Tue Jul 24 12:29:44 UTC 2018
On 24.07.2018 13:16, Paolo Pisati wrote:
> From: Alexander Potapenko <glider at google.com>
>
> CVE-2018-1000204
>
> This shall help avoid copying uninitialized memory to the userspace when
> calling ioctl(fd, SG_IO) with an empty command.
>
> Reported-by: syzbot+7d26fc1eea198488deab at syzkaller.appspotmail.com
> Cc: stable at vger.kernel.org
> Signed-off-by: Alexander Potapenko <glider at google.com>
> Acked-by: Douglas Gilbert <dgilbert at interlog.com>
> Reviewed-by: Johannes Thumshirn <jthumshirn at suse.de>
> Signed-off-by: Martin K. Petersen <martin.petersen at oracle.com>
> (cherry picked from commit a45b599ad808c3c982fdcdc12b0b8611c2f92824)
> Signed-off-by: Paolo Pisati <paolo.pisati at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---
> drivers/scsi/sg.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
> index 47b8f7b..1ab6147 100644
> --- a/drivers/scsi/sg.c
> +++ b/drivers/scsi/sg.c
> @@ -1826,7 +1826,7 @@ retry:
> num = (rem_sz > scatter_elem_sz_prev) ?
> scatter_elem_sz_prev : rem_sz;
>
> - schp->pages[k] = alloc_pages(gfp_mask, order);
> + schp->pages[k] = alloc_pages(gfp_mask | __GFP_ZERO, order);
> if (!schp->pages[k])
> goto out;
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180724/0a8a12c6/attachment.sig>
More information about the kernel-team
mailing list