Commit 79d78b3c authored Jan 15, 2024 by Prathu Baronia Committed by Guo Mengqi Jan 15, 2024

vhost: use kzalloc() instead of kmalloc() followed by memset()

mainline inclusion
from mainline-v6.4-rc6
commit 4d8df0f5
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I8UW3U
CVE: CVE-2024-0340

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9



--------------------------------

Use kzalloc() to allocate new zeroed out msg node instead of
memsetting a node allocated with kmalloc().

Signed-off-by: Prathu Baronia <prathubaronia2011@gmail.com>
Message-Id: <20230522085019.42914-1-prathubaronia2011@gmail.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Guo Mengqi <guomengqi3@huawei.com>

parent 1b1f50a7

drivers/vhost/vhost.c

+2 −3

Original line number	Diff line number	Diff line
		@@ -2597,12 +2597,11 @@ EXPORT_SYMBOL_GPL(vhost_disable_notify);
		/* Create a new message. */
		struct vhost_msg_node vhost_new_msg(struct vhost_virtqueue vq, int type)
		{
		struct vhost_msg_node node = kmalloc(sizeof node, GFP_KERNEL);
		/* Make sure all padding within the structure is initialized. */
		struct vhost_msg_node node = kzalloc(sizeof(node), GFP_KERNEL);
		if (!node)
		return NULL;

		/* Make sure all padding within the structure is initialized. */
		memset(&node->msg, 0, sizeof node->msg);
		node->vq = vq;
		node->msg.type = type;
		return node;