diff mbox series

[SRU,Jammy,Focal,1/1] vhost: use kzalloc() instead of kmalloc() followed by memset()

Message ID 20240131225925.47013-2-bethany.jamison@canonical.com
State New
Headers show
Series CVE-2024-0340 | expand

Commit Message

Bethany Jamison Jan. 31, 2024, 10:59 p.m. UTC 
From: Prathu Baronia <prathubaronia2011@gmail.com>

Use kzalloc() to allocate new zeroed out msg node instead of
memsetting a node allocated with kmalloc().

Signed-off-by: Prathu Baronia <prathubaronia2011@gmail.com>
Message-Id: <20230522085019.42914-1-prathubaronia2011@gmail.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
(cherry picked from commit 4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9)
CVE-2023-0340
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
---
 drivers/vhost/vhost.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

Comments

Timo Aaltonen Feb. 1, 2024, 8:44 a.m. UTC | #1 
Bethany Jamison kirjoitti 1.2.2024 klo 0.59:
> From: Prathu Baronia <prathubaronia2011@gmail.com>
> 
> Use kzalloc() to allocate new zeroed out msg node instead of
> memsetting a node allocated with kmalloc().
> 
> Signed-off-by: Prathu Baronia <prathubaronia2011@gmail.com>
> Message-Id: <20230522085019.42914-1-prathubaronia2011@gmail.com>
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
> (cherry picked from commit 4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9)
> CVE-2023-0340
> Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
> ---
>   drivers/vhost/vhost.c | 5 ++---
>   1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
> index bc14f1245a651..99cdd59f4e0c1 100644
> --- a/drivers/vhost/vhost.c
> +++ b/drivers/vhost/vhost.c
> @@ -2582,12 +2582,11 @@ EXPORT_SYMBOL_GPL(vhost_disable_notify);
>   /* Create a new message. */
>   struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type)
>   {
> -	struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL);
> +	/* Make sure all padding within the structure is initialized. */
> +	struct vhost_msg_node *node = kzalloc(sizeof(*node), GFP_KERNEL);
>   	if (!node)
>   		return NULL;
>   
> -	/* Make sure all padding within the structure is initialized. */
> -	memset(&node->msg, 0, sizeof node->msg);
>   	node->vq = vq;
>   	node->msg.type = type;
>   	return node;

Acked-by: Timo Aaltonen <timo.aaltonen@canonical.com>
diff mbox series

Patch

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index bc14f1245a651..99cdd59f4e0c1 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -2582,12 +2582,11 @@  EXPORT_SYMBOL_GPL(vhost_disable_notify);
 /* Create a new message. */
 struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type)
 {
-	struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL);
+	/* Make sure all padding within the structure is initialized. */
+	struct vhost_msg_node *node = kzalloc(sizeof(*node), GFP_KERNEL);
 	if (!node)
 		return NULL;
 
-	/* Make sure all padding within the structure is initialized. */
-	memset(&node->msg, 0, sizeof node->msg);
 	node->vq = vq;
 	node->msg.type = type;
 	return node;