From 9fbc70824404cd08d554e506b76932db4597a19e Mon Sep 17 00:00:00 2001 From: Ian Abbott Date: Fri, 2 Nov 2007 11:11:17 +0000 Subject: [PATCH] Security fix in comedi_buf_alloc() for non-DMA data buffers. Allocate each page using get_zeroed_page() instead of __get_free_page() to avoid exposing random memory contents to user space if the buffer is mmap'ed. --- comedi/drivers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/comedi/drivers.c b/comedi/drivers.c index 5b9152e0..15b396c8 100644 --- a/comedi/drivers.c +++ b/comedi/drivers.c @@ -483,7 +483,7 @@ int comedi_buf_alloc(comedi_device *dev, comedi_subdevice *s, async->buf_page_list[i].virt_addr = dma_alloc_coherent(dev->hw_dev, PAGE_SIZE, &async->buf_page_list[i].dma_addr, GFP_KERNEL | __GFP_COMP); }else{ - async->buf_page_list[i].virt_addr = (void*)__get_free_page(GFP_KERNEL); + async->buf_page_list[i].virt_addr = (void*)get_zeroed_page(GFP_KERNEL); } if(async->buf_page_list[i].virt_addr == NULL){ break; -- 2.26.2