From: Prathu Baronia prathubaronia2011@gmail.com
From: Prathu Baronia prathubaronia2011@gmail.com
commit 4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9 upstream
Use kzalloc() to allocate new zeroed out msg node instead of memsetting a node allocated with kmalloc().
Signed-off-by: Prathu Baronia prathubaronia2011@gmail.com Message-Id: 20230522085019.42914-1-prathubaronia2011@gmail.com Signed-off-by: Michael S. Tsirkin mst@redhat.com Reviewed-by: Stefano Garzarella sgarzare@redhat.com [Ajay: This is a security fix as per CVE-2024-0340] Signed-off-by: Ajay Kaher ajay.kaher@broadcom.com --- drivers/vhost/vhost.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index 07427302084955..ecb3b397bb3888 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2563,12 +2563,11 @@ EXPORT_SYMBOL_GPL(vhost_disable_notify); /* Create a new message. */ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) { - struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL); + /* Make sure all padding within the structure is initialized. */ + struct vhost_msg_node *node = kzalloc(sizeof(*node), GFP_KERNEL); if (!node) return NULL;
- /* Make sure all padding within the structure is initialized. */ - memset(&node->msg, 0, sizeof node->msg); node->vq = vq; node->msg.type = type; return node;