From: Jiri Olsa <jolsa@redhat.com>
Date: Fri, 24 Apr 2009 12:07:16 +0200
Subject: [agp] zero pages before sending to userspace
Message-id: 20090424100716.GA3763@jolsa.englab.brq.redhat.com
O-Subject: [RHEL5.4 PATCH] BZ 497026 agp: zero pages before sending to userspace
Bugzilla: 497026
RH-Acked-by: Jiri Pirko <jpirko@redhat.com>
RH-Acked-by: Prarit Bhargava <prarit@redhat.com>
RH-Acked-by: Larry Woodman <lwoodman@redhat.com>
RH-Acked-by: Eugene Teo <eugene@redhat.com>
CVE: CVE-2009-1192

Bugzilla: 497026
https://bugzilla.redhat.com/show_bug.cgi?id=497026

Description:
============
AGP pages might be mapped into userspace finally, so the pages should be
set to zero before userspace can use it. Otherwise there is potential
information leakage.

Upstream status:
================
http://git.kernel.org/linus/59de2bebabc5027f93df999d59cc65df591c3e6e

Test status of the patch:
=========================
compiled

diff --git a/drivers/char/agp/generic.c b/drivers/char/agp/generic.c
index 753de52..57af6cd 100644
--- a/drivers/char/agp/generic.c
+++ b/drivers/char/agp/generic.c
@@ -1057,7 +1057,7 @@ void *agp_generic_alloc_page(struct agp_bridge_data *bridge)
 {
 	struct page * page;
 
-	page = alloc_page(GFP_KERNEL | GFP_DMA32);
+	page = alloc_page(GFP_KERNEL | GFP_DMA32 | __GFP_ZERO);
 	if (page == NULL)
 		return NULL;