diff options
| author | Alexander Potapenko <glider@google.com> | 2018-05-18 10:23:18 -0400 |
|---|---|---|
| committer | Martin K. Petersen <martin.petersen@oracle.com> | 2018-05-18 10:26:01 -0400 |
| commit | a45b599ad808c3c982fdcdc12b0b8611c2f92824 (patch) | |
| tree | d040e498b435b3a9b17c7c2569bf1d7993f8dd7f | |
| parent | a406b0a0693eafc6f6b3a633d25749370bf40d8c (diff) | |
scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
This shall help avoid copying uninitialized memory to the userspace when
calling ioctl(fd, SG_IO) with an empty command.
Reported-by: syzbot+7d26fc1eea198488deab@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Potapenko <glider@google.com>
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
| -rw-r--r-- | drivers/scsi/sg.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index c198b96368dd..5c40d809830f 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c | |||
| @@ -1894,7 +1894,7 @@ retry: | |||
| 1894 | num = (rem_sz > scatter_elem_sz_prev) ? | 1894 | num = (rem_sz > scatter_elem_sz_prev) ? |
| 1895 | scatter_elem_sz_prev : rem_sz; | 1895 | scatter_elem_sz_prev : rem_sz; |
| 1896 | 1896 | ||
| 1897 | schp->pages[k] = alloc_pages(gfp_mask, order); | 1897 | schp->pages[k] = alloc_pages(gfp_mask | __GFP_ZERO, order); |
| 1898 | if (!schp->pages[k]) | 1898 | if (!schp->pages[k]) |
| 1899 | goto out; | 1899 | goto out; |
| 1900 | 1900 | ||