diff options
author | Eric Biggers <ebiggers@google.com> | 2020-02-21 07:50:37 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-04-23 11:38:21 +0300 |
commit | ad9c27d18541defa6e156080c46b2e18d99bcde2 (patch) | |
tree | 7c94be875fa39cb48331ed2d298fac967e04c693 | |
parent | f0bca2390679e37937785720b08bd5031842bd29 (diff) | |
download | linux-ad9c27d18541defa6e156080c46b2e18d99bcde2.tar.xz |
f2fs: fix leaking uninitialized memory in compressed clusters
[ Upstream commit 7fa6d59816e7d81cfd4f854468c477c12b85c789 ]
When the compressed data of a cluster doesn't end on a page boundary,
the remainder of the last page must be zeroed in order to avoid leaking
uninitialized memory to disk.
Fixes: 4c8ff7095bef ("f2fs: support data compression")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-rw-r--r-- | fs/f2fs/compress.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/fs/f2fs/compress.c b/fs/f2fs/compress.c index 11b13b881ada..837e14b7ef52 100644 --- a/fs/f2fs/compress.c +++ b/fs/f2fs/compress.c @@ -385,11 +385,15 @@ static int f2fs_compress_pages(struct compress_ctx *cc) for (i = 0; i < COMPRESS_DATA_RESERVED_SIZE; i++) cc->cbuf->reserved[i] = cpu_to_le32(0); + nr_cpages = DIV_ROUND_UP(cc->clen + COMPRESS_HEADER_SIZE, PAGE_SIZE); + + /* zero out any unused part of the last page */ + memset(&cc->cbuf->cdata[cc->clen], 0, + (nr_cpages * PAGE_SIZE) - (cc->clen + COMPRESS_HEADER_SIZE)); + vunmap(cc->cbuf); vunmap(cc->rbuf); - nr_cpages = DIV_ROUND_UP(cc->clen + COMPRESS_HEADER_SIZE, PAGE_SIZE); - for (i = nr_cpages; i < cc->nr_cpages; i++) { f2fs_put_compressed_page(cc->cpages[i]); cc->cpages[i] = NULL; |