[PATCH] arch/arm/mm/dma-mapping.c: fix __alloc_from_pool returning a dirty buffer

[Igor Klochko]

Thanks Christoph,

Added fixes and a changelog.
This issue is present in all current LTS versions.

----
Buffers allocated by __alloc_from_pool() should be zeroed out as done by other allocators.
Certain drivers expect a clean buffer and clearing the buffer is beneficial from the security point of view.
---
Fixes: 36d0fd2198da3 (*arm: use genalloc for the atomic pool*)
Signed-off-by: Igor Klochko <igor.klochko at gmail.com>
---
 arch/arm/mm/dma-mapping.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c
index c135f6e37a00..bb2bb3ab497a 100644
--- a/arch/arm/mm/dma-mapping.c
+++ b/arch/arm/mm/dma-mapping.c
@@ -366,6 +366,7 @@ static void *__alloc_from_pool(size_t size, struct page **ret_page)
 
 		*ret_page = phys_to_page(phys);
 		ptr = (void *)val;
+		memset(ptr, 0, size);
 	}
 
 	return ptr;
-- 
2.39.0




Kind regards,
Igor Klochko




On 23/12/2022 15:39, Christoph Hellwig wrote:
> On Fri, Dec 23, 2022 at 03:15:47PM +0100, Igor Klochko wrote:
>>
>> Hi, 
>>
>> A small patch for __alloc_from_pool to clean the buffer before returning.
> 
> This does look correct.  The "normal" allocators seems to do the
> memset through __dma_clear_buffer, but the __alloc_from_pool seems to be
> missing it.  Please write a proper changelog with a signoff, and
> preferably a Fixes tag if you can find what introduced this.  Also
> the ARM code needs to go to the ARM maintainer and arm mailing list.