[PATCH] nvme: sanitize metadata bounce buffer for reads
Jens Axboe
axboe at kernel.dk
Mon Oct 16 13:25:11 PDT 2023
On 10/16/23 2:21 PM, Keith Busch wrote:
> From: Keith Busch <kbusch at kernel.org>
>
> User can request more metadata bytes than the device will write. Ensure
> kernel buffer is initialized so we're not leaking unsanitized memory on
> the copy-out.
>
> Fixes: 0b7f1f26f95a51a ("nvme: use the block layer for userspace passthrough metadata")
> Signed-off-by: Keith Busch <kbusch at kernel.org>
> ---
> drivers/nvme/host/ioctl.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
> index 788b36e7915ab..154eb7c944e76 100644
> --- a/drivers/nvme/host/ioctl.c
> +++ b/drivers/nvme/host/ioctl.c
> @@ -39,6 +39,8 @@ static void *nvme_add_user_metadata(struct request *req, void __user *ubuf,
> ret = -EFAULT;
> if ((req_op(req) == REQ_OP_DRV_OUT) && copy_from_user(buf, ubuf, len))
> goto out_free_meta;
> + else
> + memset(buf, 0, len);
Do you need this else?
--
Jens Axboe
More information about the Linux-nvme
mailing list