Received: by 10.192.165.148 with SMTP id m20csp866590imm; Fri, 27 Apr 2018 08:46:27 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrulmPpHwbwiH7rZSVd80rDoiBeZkLbLstbr4G8L93WwnnUAtiqN6TabT6oUtrxo1qpfe7D X-Received: by 10.98.224.76 with SMTP id f73mr2691979pfh.88.1524843987748; Fri, 27 Apr 2018 08:46:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524843987; cv=none; d=google.com; s=arc-20160816; b=FCcky4cLMtRyadMzRCOHCXCfej/5i0r4GZrBjOnc8Wjy7NNYw6ohaNkINfyaWLzs1n FM/9kJP/z8MJX0csF90e7ezCsb572avdiYyminuFv4kSVWAydV9qP7/Vg7+WTsJsAMi5 r6Jqb0mv4bUm+swfMnSiqtgaC4gqgaze2Ni+MFPeAd76szkx96fLM9iHRsq7qqxQxmjV wsMIKbBID4BFwZtRk2LM8cd+DQB6/iTzKuMX2pHGBy9gr17zqrrsNvXxD6F25bfZxVjV 3Pft0UglMTpEGAr28i/dU3v/WL33NEDWlA9eV23AF+3BwDuU49KArO+UTfFLV/H9yhsK uj5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:message-id:subject:to:from:date :arc-authentication-results; bh=50/aAypQlXNcDLXKN1XPlE4madFXQc/e7hIXp+9O1ME=; b=JI8B2HT1AWDLjdpunKxOsUZiNch8i5UQgwCnA3i+A1iDFR7e8YoJVCnHC60qIE106w qF0GK66p03RyXCgD0OUWM+1aAKAkIicY74XloyaE4b+ugBoYRNj7OE6UZb7boJbNiBjg 3SI7GgseyT1xF3gSuKFFVEy7PP7PsS/2qzdpHiaFdhdHe2Vh+L4qSlXNYHqt78II7Uqb YWf4mZROkis9groGbxPF6uwDZba4gJcwsrP6J5Ys1mo0k649iEhVYvHqXfO/W2Xd2j6p ahe2QICdD2JKu/O47Ts4NBQnho3FA4TCqO8gPC/kbrU+xuVuRnJze41V/AEVkljJ0/Nw NNDg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a9-v6si1383529pgf.259.2018.04.27.08.46.13; Fri, 27 Apr 2018 08:46:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758358AbeD0PpH (ORCPT + 99 others); Fri, 27 Apr 2018 11:45:07 -0400 Received: from la.guarana.org ([173.254.219.205]:34440 "EHLO la.guarana.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757452AbeD0PpG (ORCPT ); Fri, 27 Apr 2018 11:45:06 -0400 Received: by la.guarana.org (Postfix, from userid 1006) id 647783461CA7; Fri, 27 Apr 2018 11:45:03 -0400 (EDT) Date: Fri, 27 Apr 2018 11:45:02 -0400 From: Kevin Easton To: "Michael S. Tsirkin" , Jason Wang , kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: [PATCH net] vhost: Use kzalloc() to allocate vhost_msg_node Message-ID: <20180427154502.GA22544@la.guarana.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000000000000a5b2b1056a86e98c@google.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The struct vhost_msg within struct vhost_msg_node is copied to userspace, so it should be allocated with kzalloc() to ensure all structure padding is zeroed. Signed-off-by: Kevin Easton Reported-by: syzbot+87cfa083e727a224754b@syzkaller.appspotmail.com --- drivers/vhost/vhost.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index f3bd8e9..1b84dcff 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2339,7 +2339,7 @@ EXPORT_SYMBOL_GPL(vhost_disable_notify); /* Create a new message. */ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) { - struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL); + struct vhost_msg_node *node = kzalloc(sizeof *node, GFP_KERNEL); if (!node) return NULL; node->vq = vq; -- 2.8.1