From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gregkh@linuxfoundation.org>
X-Google-Smtp-Source: AIpwx49HSEVp2ZKWU3hkXFfxy5ZFVoFD3tKHOz0SoHkyyHxf+z2XMFhphW0pCjefbqeOSqj4KB24
ARC-Seal: i=1; a=rsa-sha256; t=1522168991; cv=none;
        d=google.com; s=arc-20160816;
        b=dyBnL2vXv672WlXNeHbhOsSFwGNw7FbqYGY5iCXnTxFnP4bOeKu01BM7gVjhMUUOnt
         JnnW9a5IkiXyrLHaiKQEL6swXRMGjpWFCej3Oqsx04E2djAc8nY4vVl7oD25At7Pn8pt
         OVax5Jik3UNnVZB7nBTqDvrrENxQDqT9tO1zUQXZQmHjQNSsxRdGSAPzdJtc2mu1o7hM
         ixOITHExgPQSdjY8DkyWvfG7c7L5xKyTYb19xHq77q+z7EC3gIeuIGKunCeHmT5AICrz
         6xstcCTj/Szv5tdl793aqT0fiVcMliMMd7BPgm5r7Y+rLILCk5QgptUFV47JsxkcamBT
         8KBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:user-agent:references:in-reply-to:message-id:date
         :subject:cc:to:from:arc-authentication-results;
        bh=OnalzOTcjhFrAHBR3GL7FdKBH++/4QCHnK6813C1IuY=;
        b=iZ2PjY1rebiEhccAEDCEVXINSWbp/ZVpbUNwfUpLbK3HKSZO8U2gKo4V+f8fqVl4LC
         ZwNwmd6n9lOUdGfo7eQ79h5pLMPh8ARSyHCuMzXbYnhvzPunrVdZ/K3BEVDB/1aovrNC
         p7OtOk5wtw1ONxxdpvo0+a1VdnmlNL2RzMvKGlibh36nIR8diQNi+eH1FlCSZz5paVhj
         myDAu2/vFk3Fye/faFwfB8CXQIAVildidTwy1dCVYTTOxXXJawfnYyhHn5TeM7rD+r8a
         C1lah7Orc6pe7qX7lOy0M1EBji4tfFav8eWVcxHA/nYoizSV2xVO4A62HjQkPAEN/nLV
         3/KA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.61.202 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.61.202 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org,
	Liam Mark <lmark@codeaurora.org>,
	Laura Abbott <labbott@redhat.com>
Subject: [PATCH 4.15 102/105] staging: android: ion: Zero CMA allocated memory
Date: Tue, 27 Mar 2018 18:28:22 +0200
Message-Id: <20180327162804.167008604@linuxfoundation.org>
X-Mailer: git-send-email 2.16.3
In-Reply-To: <20180327162757.813009222@linuxfoundation.org>
References: <20180327162757.813009222@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?=
X-GMAIL-THRID: =?utf-8?q?1596109547992105106?=
X-GMAIL-MSGID: =?utf-8?q?1596109871769061008?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

4.15-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Liam Mark <lmark@codeaurora.org>

commit 6d79bd5bb6c79a9dba4842040c9adf39e7806330 upstream.

Since commit 204f672255c2 ("staging: android: ion: Use CMA APIs directly")
the CMA API is now used directly and therefore the allocated memory is no
longer automatically zeroed.

Explicitly zero CMA allocated memory to ensure that no data is exposed to
userspace.

Fixes: 204f672255c2 ("staging: android: ion: Use CMA APIs directly")
Signed-off-by: Liam Mark <lmark@codeaurora.org>
Acked-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/staging/android/ion/ion_cma_heap.c |   17 +++++++++++++++++
 1 file changed, 17 insertions(+)

--- a/drivers/staging/android/ion/ion_cma_heap.c
+++ b/drivers/staging/android/ion/ion_cma_heap.c
@@ -21,6 +21,7 @@
 #include <linux/err.h>
 #include <linux/cma.h>
 #include <linux/scatterlist.h>
+#include <linux/highmem.h>
 
 #include "ion.h"
 
@@ -51,6 +52,22 @@ static int ion_cma_allocate(struct ion_h
 	if (!pages)
 		return -ENOMEM;
 
+	if (PageHighMem(pages)) {
+		unsigned long nr_clear_pages = nr_pages;
+		struct page *page = pages;
+
+		while (nr_clear_pages > 0) {
+			void *vaddr = kmap_atomic(page);
+
+			memset(vaddr, 0, PAGE_SIZE);
+			kunmap_atomic(vaddr);
+			page++;
+			nr_clear_pages--;
+		}
+	} else {
+		memset(page_address(pages), 0, size);
+	}
+
 	table = kmalloc(sizeof(*table), GFP_KERNEL);
 	if (!table)
 		goto err;