git.ipfire.org Git - thirdparty/linux.git/commit

author	Caleb Sander Mateos <csander@purestorage.com>
	Thu, 8 Jan 2026 17:22:10 +0000 (10:22 -0700)
committer	Jens Axboe <axboe@kernel.dk>
	Sat, 10 Jan 2026 17:22:07 +0000 (10:22 -0700)
commit	ca22c566b89164f6e670af56ecc45f47ef3df819
tree	96835f578d592603b7931cbf470ef30bfbf48c30	tree \| snapshot
parent	f0d385f6689f37a2828c686fb279121df006b4cb	commit \| diff

block: zero non-PI portion of auto integrity buffer

The auto-generated integrity buffer for writes needs to be fully
initialized before being passed to the underlying block device,
otherwise the uninitialized memory can be read back by userspace or
anyone with physical access to the storage device. If protection
information is generated, that portion of the integrity buffer is
already initialized. The integrity data is also zeroed if PI generation
is disabled via sysfs or the PI tuple size is 0. However, this misses
the case where PI is generated and the PI tuple size is nonzero, but the
metadata size is larger than the PI tuple. In this case, the remainder
("opaque") of the metadata is left uninitialized.
Generalize the BLK_INTEGRITY_CSUM_NONE check to cover any case when the
metadata is larger than just the PI tuple.

Signed-off-by: Caleb Sander Mateos <csander@purestorage.com>
Fixes: c546d6f43833 ("block: only zero non-PI metadata tuples in bio_integrity_prep")
Reviewed-by: Anuj Gupta <anuj20.g@samsung.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>