Skip to content

Commit a45b599

Browse files
ramosian-glidermartinkpetersen
authored andcommitted
scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
This shall help avoid copying uninitialized memory to the userspace when calling ioctl(fd, SG_IO) with an empty command. Reported-by: syzbot+7d26fc1eea198488deab@syzkaller.appspotmail.com Cc: stable@vger.kernel.org Signed-off-by: Alexander Potapenko <glider@google.com> Acked-by: Douglas Gilbert <dgilbert@interlog.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
1 parent a406b0a commit a45b599

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: drivers/scsi/sg.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -1894,7 +1894,7 @@ sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size)
18941894
num = (rem_sz > scatter_elem_sz_prev) ?
18951895
scatter_elem_sz_prev : rem_sz;
18961896

1897-
schp->pages[k] = alloc_pages(gfp_mask, order);
1897+
schp->pages[k] = alloc_pages(gfp_mask | __GFP_ZERO, order);
18981898
if (!schp->pages[k])
18991899
goto out;
19001900

0 commit comments

Comments
 (0)