diff options
| author | Richard Weinberger <richard@nod.at> | 2017-06-16 10:21:44 -0400 |
|---|---|---|
| committer | Richard Weinberger <richard@nod.at> | 2017-07-14 16:50:52 -0400 |
| commit | 4acadda74ff8b949c448c0282765ae747e088c87 (patch) | |
| tree | f352b5b37c1f1da4f73e2e8c1bccea9b05c767dd /fs/ubifs/journal.c | |
| parent | 480a1a6a3ef6fb6be4cd2f37b34314fbf64867dd (diff) | |
ubifs: Don't leak kernel memory to the MTD
When UBIFS prepares data structures which will be written to the MTD it
ensues that their lengths are multiple of 8. Since it uses kmalloc() the
padded bytes are left uninitialized and we leak a few bytes of kernel
memory to the MTD.
To make sure that all bytes are initialized, let's switch to kzalloc().
Kzalloc() is fine in this case because the buffers are not huge and in
the IO path the performance bottleneck is anyway the MTD.
Cc: stable@vger.kernel.org
Fixes: 1e51764a3c2a ("UBIFS: add new flash file system")
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'fs/ubifs/journal.c')
| -rw-r--r-- | fs/ubifs/journal.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c index 419c79ff377e..9f356432f35f 100644 --- a/fs/ubifs/journal.c +++ b/fs/ubifs/journal.c | |||
| @@ -572,7 +572,7 @@ int ubifs_jnl_update(struct ubifs_info *c, const struct inode *dir, | |||
| 572 | /* Make sure to also account for extended attributes */ | 572 | /* Make sure to also account for extended attributes */ |
| 573 | len += host_ui->data_len; | 573 | len += host_ui->data_len; |
| 574 | 574 | ||
| 575 | dent = kmalloc(len, GFP_NOFS); | 575 | dent = kzalloc(len, GFP_NOFS); |
| 576 | if (!dent) | 576 | if (!dent) |
| 577 | return -ENOMEM; | 577 | return -ENOMEM; |
| 578 | 578 | ||
| @@ -968,7 +968,7 @@ int ubifs_jnl_xrename(struct ubifs_info *c, const struct inode *fst_dir, | |||
| 968 | if (twoparents) | 968 | if (twoparents) |
| 969 | len += plen; | 969 | len += plen; |
| 970 | 970 | ||
| 971 | dent1 = kmalloc(len, GFP_NOFS); | 971 | dent1 = kzalloc(len, GFP_NOFS); |
| 972 | if (!dent1) | 972 | if (!dent1) |
| 973 | return -ENOMEM; | 973 | return -ENOMEM; |
| 974 | 974 | ||
| @@ -1116,7 +1116,7 @@ int ubifs_jnl_rename(struct ubifs_info *c, const struct inode *old_dir, | |||
| 1116 | len = aligned_dlen1 + aligned_dlen2 + ALIGN(ilen, 8) + ALIGN(plen, 8); | 1116 | len = aligned_dlen1 + aligned_dlen2 + ALIGN(ilen, 8) + ALIGN(plen, 8); |
| 1117 | if (move) | 1117 | if (move) |
| 1118 | len += plen; | 1118 | len += plen; |
| 1119 | dent = kmalloc(len, GFP_NOFS); | 1119 | dent = kzalloc(len, GFP_NOFS); |
| 1120 | if (!dent) | 1120 | if (!dent) |
| 1121 | return -ENOMEM; | 1121 | return -ENOMEM; |
| 1122 | 1122 | ||
| @@ -1498,7 +1498,7 @@ int ubifs_jnl_delete_xattr(struct ubifs_info *c, const struct inode *host, | |||
| 1498 | hlen = host_ui->data_len + UBIFS_INO_NODE_SZ; | 1498 | hlen = host_ui->data_len + UBIFS_INO_NODE_SZ; |
| 1499 | len = aligned_xlen + UBIFS_INO_NODE_SZ + ALIGN(hlen, 8); | 1499 | len = aligned_xlen + UBIFS_INO_NODE_SZ + ALIGN(hlen, 8); |
| 1500 | 1500 | ||
| 1501 | xent = kmalloc(len, GFP_NOFS); | 1501 | xent = kzalloc(len, GFP_NOFS); |
| 1502 | if (!xent) | 1502 | if (!xent) |
| 1503 | return -ENOMEM; | 1503 | return -ENOMEM; |
| 1504 | 1504 | ||
| @@ -1605,7 +1605,7 @@ int ubifs_jnl_change_xattr(struct ubifs_info *c, const struct inode *inode, | |||
| 1605 | aligned_len1 = ALIGN(len1, 8); | 1605 | aligned_len1 = ALIGN(len1, 8); |
| 1606 | aligned_len = aligned_len1 + ALIGN(len2, 8); | 1606 | aligned_len = aligned_len1 + ALIGN(len2, 8); |
| 1607 | 1607 | ||
| 1608 | ino = kmalloc(aligned_len, GFP_NOFS); | 1608 | ino = kzalloc(aligned_len, GFP_NOFS); |
| 1609 | if (!ino) | 1609 | if (!ino) |
| 1610 | return -ENOMEM; | 1610 | return -ENOMEM; |
| 1611 | 1611 | ||