[PATCH] nvme: sanitize metadata bounce buffer for reads
Keith Busch
kbusch at meta.com
Mon Oct 16 13:21:24 PDT 2023
From: Keith Busch <kbusch at kernel.org>
User can request more metadata bytes than the device will write. Ensure
kernel buffer is initialized so we're not leaking unsanitized memory on
the copy-out.
Fixes: 0b7f1f26f95a51a ("nvme: use the block layer for userspace passthrough metadata")
Signed-off-by: Keith Busch <kbusch at kernel.org>
---
drivers/nvme/host/ioctl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
index 788b36e7915ab..154eb7c944e76 100644
--- a/drivers/nvme/host/ioctl.c
+++ b/drivers/nvme/host/ioctl.c
@@ -39,6 +39,8 @@ static void *nvme_add_user_metadata(struct request *req, void __user *ubuf,
ret = -EFAULT;
if ((req_op(req) == REQ_OP_DRV_OUT) && copy_from_user(buf, ubuf, len))
goto out_free_meta;
+ else
+ memset(buf, 0, len);
bip = bio_integrity_alloc(bio, GFP_KERNEL, 1);
if (IS_ERR(bip)) {
--
2.34.1
More information about the Linux-nvme
mailing list