From: Ian Abbott Date: Fri, 2 Nov 2007 11:11:17 +0000 (+0000) Subject: Security fix in comedi_buf_alloc() for non-DMA data buffers. Allocate each X-Git-Tag: v0_7_76~103 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=9fbc70824404cd08d554e506b76932db4597a19e;p=comedi.git Security fix in comedi_buf_alloc() for non-DMA data buffers. Allocate each page using get_zeroed_page() instead of __get_free_page() to avoid exposing random memory contents to user space if the buffer is mmap'ed. --- diff --git a/comedi/drivers.c b/comedi/drivers.c index 5b9152e0..15b396c8 100644 --- a/comedi/drivers.c +++ b/comedi/drivers.c @@ -483,7 +483,7 @@ int comedi_buf_alloc(comedi_device *dev, comedi_subdevice *s, async->buf_page_list[i].virt_addr = dma_alloc_coherent(dev->hw_dev, PAGE_SIZE, &async->buf_page_list[i].dma_addr, GFP_KERNEL | __GFP_COMP); }else{ - async->buf_page_list[i].virt_addr = (void*)__get_free_page(GFP_KERNEL); + async->buf_page_list[i].virt_addr = (void*)get_zeroed_page(GFP_KERNEL); } if(async->buf_page_list[i].virt_addr == NULL){ break;