[thirdparty/kernel/stable-queue.git] / releases / 4.4.133 / scsi-sg-allocate-with-__gfp_zero-in-sg_build_indirect.patch

From a45b599ad808c3c982fdcdc12b0b8611c2f92824 Mon Sep 17 00:00:00 2001
From: Alexander Potapenko <glider@google.com>
Date: Fri, 18 May 2018 16:23:18 +0200
Subject: scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()

From: Alexander Potapenko <glider@google.com>

commit a45b599ad808c3c982fdcdc12b0b8611c2f92824 upstream.

This shall help avoid copying uninitialized memory to the userspace when
calling ioctl(fd, SG_IO) with an empty command.

Reported-by: syzbot+7d26fc1eea198488deab@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Potapenko <glider@google.com>
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/scsi/sg.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -1903,7 +1903,7 @@ retry:
 		num = (rem_sz > scatter_elem_sz_prev) ?
 			scatter_elem_sz_prev : rem_sz;
 
-		schp->pages[k] = alloc_pages(gfp_mask, order);
+		schp->pages[k] = alloc_pages(gfp_mask | __GFP_ZERO, order);
 		if (!schp->pages[k])
 			goto out;
Commit	Line	Data
59e2be0a GKH	1	From a45b599ad808c3c982fdcdc12b0b8611c2f92824 Mon Sep 17 00:00:00 2001
	2	From: Alexander Potapenko <glider@google.com>
	3	Date: Fri, 18 May 2018 16:23:18 +0200
	4	Subject: scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
	5
	6	From: Alexander Potapenko <glider@google.com>
	7
	8	commit a45b599ad808c3c982fdcdc12b0b8611c2f92824 upstream.
	9
	10	This shall help avoid copying uninitialized memory to the userspace when
	11	calling ioctl(fd, SG_IO) with an empty command.
	12
	13	Reported-by: syzbot+7d26fc1eea198488deab@syzkaller.appspotmail.com
	14	Cc: stable@vger.kernel.org
	15	Signed-off-by: Alexander Potapenko <glider@google.com>
	16	Acked-by: Douglas Gilbert <dgilbert@interlog.com>
	17	Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
	18	Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
	19	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	20
	21	---
	22	drivers/scsi/sg.c \| 2 +-
	23	1 file changed, 1 insertion(+), 1 deletion(-)
	24
	25	--- a/drivers/scsi/sg.c
	26	+++ b/drivers/scsi/sg.c
	27	@@ -1903,7 +1903,7 @@ retry:
	28	num = (rem_sz > scatter_elem_sz_prev) ?
	29	scatter_elem_sz_prev : rem_sz;
	30
	31	- schp->pages[k] = alloc_pages(gfp_mask, order);
	32	+ schp->pages[k] = alloc_pages(gfp_mask \| __GFP_ZERO, order);
	33	if (!schp->pages[k])
	34	goto out;
	35