4.19-stable review patch. If anyone has any objections, please let me know.
------------------
[ Upstream commit f3587d76da05f68098ddb1cb3c98cc6a9e8a402c ]
If the kernel allocates a bounce buffer for user read data, this memory needs to be cleared before copying it to the user, otherwise it may leak kernel memory to user space.
Laurence Oberman loberman@redhat.com Signed-off-by: Keith Busch keith.busch@intel.com Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: Sasha Levin sashal@kernel.org --- block/bio.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/block/bio.c b/block/bio.c index 0093bed81c0e..41173710430c 100644 --- a/block/bio.c +++ b/block/bio.c @@ -1261,6 +1261,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, if (ret) goto cleanup; } else { + zero_fill_bio(bio); iov_iter_advance(iter, bio->bi_iter.bi_size); }