Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ee10cab2 authored by Eric Biggers's avatar Eric Biggers Committed by Jaegeuk Kim
Browse files

f2fs: fix leaking uninitialized memory in compressed clusters 



When the compressed data of a cluster doesn't end on a page boundary,
the remainder of the last page must be zeroed in order to avoid leaking
uninitialized memory to disk.

Fixes: 4c8ff7095bef ("f2fs: support data compression")
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
parent 2d41291c

fs/f2fs/compress.c

+6 −2
Original line number Diff line number Diff line
@@ -385,11 +385,15 @@ static int f2fs_compress_pages(struct compress_ctx *cc) 
	for (i = 0; i < COMPRESS_DATA_RESERVED_SIZE; i++)

		cc->cbuf->reserved[i] = cpu_to_le32(0);



	nr_cpages = DIV_ROUND_UP(cc->clen + COMPRESS_HEADER_SIZE, PAGE_SIZE);



	/* zero out any unused part of the last page */

	memset(&cc->cbuf->cdata[cc->clen], 0,

	       (nr_cpages * PAGE_SIZE) - (cc->clen + COMPRESS_HEADER_SIZE));



	vunmap(cc->cbuf);

	vunmap(cc->rbuf);



	nr_cpages = DIV_ROUND_UP(cc->clen + COMPRESS_HEADER_SIZE, PAGE_SIZE);



	for (i = nr_cpages; i < cc->nr_cpages; i++) {

		f2fs_put_compressed_page(cc->cpages[i]);

		cc->cpages[i] = NULL;