diff mbox series

[v4.19-v5.10] block: initialize integrity buffer to zero before writing it to media

Message ID 20240902092459.5147-1-shivani.agarwal@broadcom.com (mailing list archive)
State New, archived
Headers show
Series [v4.19-v5.10] block: initialize integrity buffer to zero before writing it to media | expand

Commit Message

Shivani Agarwal Sept. 2, 2024, 9:24 a.m. UTC 
From: Christoph Hellwig <hch@lst.de>

[ Upstream commit 899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f ]

Metadata added by bio_integrity_prep is using plain kmalloc, which leads
to random kernel memory being written media.  For PI metadata this is
limited to the app tag that isn't used by kernel generated metadata,
but for non-PI metadata the entire buffer leaks kernel memory.

Fix this by adding the __GFP_ZERO flag to allocations for writes.

Fixes: 7ba1ba12eeef ("block: Block layer data integrity support")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Kanchan Joshi <joshi.k@samsung.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Link: https://lore.kernel.org/r/20240613084839.1044015-2-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Shivani Agarwal <shivani.agarwal@broadcom.com>
---
 block/bio-integrity.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

Comments

Greg Kroah-Hartman Sept. 5, 2024, 7:39 a.m. UTC | #1 
On Mon, Sep 02, 2024 at 02:24:59AM -0700, Shivani Agarwal wrote:
> From: Christoph Hellwig <hch@lst.de>
> 
> [ Upstream commit 899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f ]
> 
> Metadata added by bio_integrity_prep is using plain kmalloc, which leads
> to random kernel memory being written media.  For PI metadata this is
> limited to the app tag that isn't used by kernel generated metadata,
> but for non-PI metadata the entire buffer leaks kernel memory.
> 
> Fix this by adding the __GFP_ZERO flag to allocations for writes.
> 
> Fixes: 7ba1ba12eeef ("block: Block layer data integrity support")
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
> Reviewed-by: Kanchan Joshi <joshi.k@samsung.com>
> Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
> Link: https://lore.kernel.org/r/20240613084839.1044015-2-hch@lst.de
> Signed-off-by: Jens Axboe <axboe@kernel.dk>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> Signed-off-by: Shivani Agarwal <shivani.agarwal@broadcom.com>
> ---
>  block/bio-integrity.c | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)

Now queued up, thanks.

greg k-h
diff mbox series

Patch

diff --git a/block/bio-integrity.c b/block/bio-integrity.c
index a4cfc9727..499697330 100644
--- a/block/bio-integrity.c
+++ b/block/bio-integrity.c
@@ -216,6 +216,7 @@  bool bio_integrity_prep(struct bio *bio)
 	unsigned int bytes, offset, i;
 	unsigned int intervals;
 	blk_status_t status;
+	gfp_t gfp = GFP_NOIO;
 
 	if (!bi)
 		return true;
@@ -238,12 +239,20 @@  bool bio_integrity_prep(struct bio *bio)
 		if (!bi->profile->generate_fn ||
 		    !(bi->flags & BLK_INTEGRITY_GENERATE))
 			return true;
+
+		/*
+		 * Zero the memory allocated to not leak uninitialized kernel
+		 * memory to disk.  For PI this only affects the app tag, but
+		 * for non-integrity metadata it affects the entire metadata
+		 * buffer.
+		 */
+		gfp |= __GFP_ZERO;
 	}
 	intervals = bio_integrity_intervals(bi, bio_sectors(bio));
 
 	/* Allocate kernel buffer for protection data */
 	len = intervals * bi->tuple_size;
-	buf = kmalloc(len, GFP_NOIO | q->bounce_gfp);
+	buf = kmalloc(len, gfp | q->bounce_gfp);
 	status = BLK_STS_RESOURCE;
 	if (unlikely(buf == NULL)) {
 		printk(KERN_ERR "could not allocate integrity buffer\n");