Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp643713ybz; Wed, 22 Apr 2020 05:22:19 -0700 (PDT) X-Google-Smtp-Source: APiQypJswUXmg2aIS2uqtGcrxDvD+iZ27KJnqZNor39c47vHVmQkMnLIDWLNBTGtsewTmOcHts/5 X-Received: by 2002:a17:906:4482:: with SMTP id y2mr25129579ejo.234.1587558139426; Wed, 22 Apr 2020 05:22:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587558139; cv=none; d=google.com; s=arc-20160816; b=m9sHAa1kY6kjHWEZbww7ACB4GCvXb712QHQ89Ooenkp4pUtqL0oeE/BoSJ/GBeuVEX RrQ2ZADHweQHSfqvBbsqC1TvBDMP0irRznDT2jL1GF0PoxYRuYO/XNcki4ZWq4Z5qqNI 0BsU5cS2OHnf5jZXY2ef9vWC9TsDozTIqCVypQwBbtXDtP9xX07oY1EuQRfFvirbQOHb 39Zx4VFJf/ZuMJZ9G2j88gxSuSB5PCQkeLCIomUcs+ugfkWGC1vY8hE8YikPj9EY1rU4 EhzvsRQXWZPqwL41CdE5UN8cmQqzx08JcXhV/DLCqfiRF08VW2IX2lkZ4LdLij5WaQqm Swyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=v1qpA8vwEyvgdM20B/P0edI5Rshw86t3/vVhcdkSZAs=; b=ufTDaQOYj/mBRCm9V6WvTvMD3t5hoarOBDxYCM2M+1imKucTdGYZHc9szZJ5bvt/7P UxZntJUi7GCRgVn/MuLiw35mOegHMvFL0KNRHule23H5ZTn6XXu+euhaFjV3zAozF8/r W5O8Oi2N64Zshj+Mx3RfsMxqcXKvAJFbptovgvGyN2GzyGhmAG+er395CVXfuv/hS1dB iBo2L2RELkHO7hyTcAnpZKPWJbxoGcC56T3Hl8Luo3ONf2wpwSAwAvoiEwjpk8HeFS3s Fkpo0twtCxgLy7CjW6h26CZMzWezFZYjkVZkQM/rlveA7MLX2zT5E2FV4Y2uEi9xw1eS cxHA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jg7uFIi1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a3si3634547eje.187.2020.04.22.05.21.56; Wed, 22 Apr 2020 05:22:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jg7uFIi1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730770AbgDVK3u (ORCPT + 99 others); Wed, 22 Apr 2020 06:29:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:35694 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730768AbgDVK0s (ORCPT ); Wed, 22 Apr 2020 06:26:48 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E4AB02075A; Wed, 22 Apr 2020 10:26:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587551207; bh=DancS/jE/qVPq2YgrwJDoEAbIRcgJGeQhXOSY2s0B1o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jg7uFIi1TbLCYZMTrm7JqDIFCpY0O0ZsdN4Nu4onY94onBbzecRepkAaYwMrLbkUZ cGKeGo88+ydtdpFo3Jz+zc8KmT3RRWCtfvhdYGWQTxJc5CMXfS14/byf63RbA8Q1pi uNP4anFc0ARfz+anBoMneuALfhVPx79wROJJinUA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Chao Yu , Jaegeuk Kim , Sasha Levin Subject: [PATCH 5.6 143/166] f2fs: fix leaking uninitialized memory in compressed clusters Date: Wed, 22 Apr 2020 11:57:50 +0200 Message-Id: <20200422095103.977899777@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200422095047.669225321@linuxfoundation.org> References: <20200422095047.669225321@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers [ Upstream commit 7fa6d59816e7d81cfd4f854468c477c12b85c789 ] When the compressed data of a cluster doesn't end on a page boundary, the remainder of the last page must be zeroed in order to avoid leaking uninitialized memory to disk. Fixes: 4c8ff7095bef ("f2fs: support data compression") Signed-off-by: Eric Biggers Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim Signed-off-by: Sasha Levin --- fs/f2fs/compress.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/compress.c b/fs/f2fs/compress.c index 11b13b881ada5..837e14b7ef523 100644 --- a/fs/f2fs/compress.c +++ b/fs/f2fs/compress.c @@ -385,11 +385,15 @@ static int f2fs_compress_pages(struct compress_ctx *cc) for (i = 0; i < COMPRESS_DATA_RESERVED_SIZE; i++) cc->cbuf->reserved[i] = cpu_to_le32(0); + nr_cpages = DIV_ROUND_UP(cc->clen + COMPRESS_HEADER_SIZE, PAGE_SIZE); + + /* zero out any unused part of the last page */ + memset(&cc->cbuf->cdata[cc->clen], 0, + (nr_cpages * PAGE_SIZE) - (cc->clen + COMPRESS_HEADER_SIZE)); + vunmap(cc->cbuf); vunmap(cc->rbuf); - nr_cpages = DIV_ROUND_UP(cc->clen + COMPRESS_HEADER_SIZE, PAGE_SIZE); - for (i = nr_cpages; i < cc->nr_cpages; i++) { f2fs_put_compressed_page(cc->cpages[i]); cc->cpages[i] = NULL; -- 2.20.1