Skip to content

Commit 4acadda

Browse files
richardweinbergerrichardweinberger
committed
ubifs: Don't leak kernel memory to the MTD
When UBIFS prepares data structures which will be written to the MTD it ensues that their lengths are multiple of 8. Since it uses kmalloc() the padded bytes are left uninitialized and we leak a few bytes of kernel memory to the MTD. To make sure that all bytes are initialized, let's switch to kzalloc(). Kzalloc() is fine in this case because the buffers are not huge and in the IO path the performance bottleneck is anyway the MTD. Cc: stable@vger.kernel.org Fixes: 1e51764 ("UBIFS: add new flash file system") Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Richard Weinberger <richard@nod.at>
1 parent 480a1a6 commit 4acadda

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

fs/ubifs/journal.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -572,7 +572,7 @@ int ubifs_jnl_update(struct ubifs_info *c, const struct inode *dir,
572572
/* Make sure to also account for extended attributes */
573573
len += host_ui->data_len;
574574

575-
dent = kmalloc(len, GFP_NOFS);
575+
dent = kzalloc(len, GFP_NOFS);
576576
if (!dent)
577577
return -ENOMEM;
578578

@@ -968,7 +968,7 @@ int ubifs_jnl_xrename(struct ubifs_info *c, const struct inode *fst_dir,
968968
if (twoparents)
969969
len += plen;
970970

971-
dent1 = kmalloc(len, GFP_NOFS);
971+
dent1 = kzalloc(len, GFP_NOFS);
972972
if (!dent1)
973973
return -ENOMEM;
974974

@@ -1116,7 +1116,7 @@ int ubifs_jnl_rename(struct ubifs_info *c, const struct inode *old_dir,
11161116
len = aligned_dlen1 + aligned_dlen2 + ALIGN(ilen, 8) + ALIGN(plen, 8);
11171117
if (move)
11181118
len += plen;
1119-
dent = kmalloc(len, GFP_NOFS);
1119+
dent = kzalloc(len, GFP_NOFS);
11201120
if (!dent)
11211121
return -ENOMEM;
11221122

@@ -1498,7 +1498,7 @@ int ubifs_jnl_delete_xattr(struct ubifs_info *c, const struct inode *host,
14981498
hlen = host_ui->data_len + UBIFS_INO_NODE_SZ;
14991499
len = aligned_xlen + UBIFS_INO_NODE_SZ + ALIGN(hlen, 8);
15001500

1501-
xent = kmalloc(len, GFP_NOFS);
1501+
xent = kzalloc(len, GFP_NOFS);
15021502
if (!xent)
15031503
return -ENOMEM;
15041504

@@ -1605,7 +1605,7 @@ int ubifs_jnl_change_xattr(struct ubifs_info *c, const struct inode *inode,
16051605
aligned_len1 = ALIGN(len1, 8);
16061606
aligned_len = aligned_len1 + ALIGN(len2, 8);
16071607

1608-
ino = kmalloc(aligned_len, GFP_NOFS);
1608+
ino = kzalloc(aligned_len, GFP_NOFS);
16091609
if (!ino)
16101610
return -ENOMEM;
16111611

0 commit comments

Comments
 (0)