From: Jiri Olsa <jolsa@redhat.com> Date: Fri, 24 Apr 2009 12:07:16 +0200 Subject: [agp] zero pages before sending to userspace Message-id: 20090424100716.GA3763@jolsa.englab.brq.redhat.com O-Subject: [RHEL5.4 PATCH] BZ 497026 agp: zero pages before sending to userspace Bugzilla: 497026 RH-Acked-by: Jiri Pirko <jpirko@redhat.com> RH-Acked-by: Prarit Bhargava <prarit@redhat.com> RH-Acked-by: Larry Woodman <lwoodman@redhat.com> RH-Acked-by: Eugene Teo <eugene@redhat.com> CVE: CVE-2009-1192 Bugzilla: 497026 https://bugzilla.redhat.com/show_bug.cgi?id=497026 Description: ============ AGP pages might be mapped into userspace finally, so the pages should be set to zero before userspace can use it. Otherwise there is potential information leakage. Upstream status: ================ http://git.kernel.org/linus/59de2bebabc5027f93df999d59cc65df591c3e6e Test status of the patch: ========================= compiled diff --git a/drivers/char/agp/generic.c b/drivers/char/agp/generic.c index 753de52..57af6cd 100644 --- a/drivers/char/agp/generic.c +++ b/drivers/char/agp/generic.c @@ -1057,7 +1057,7 @@ void *agp_generic_alloc_page(struct agp_bridge_data *bridge) { struct page * page; - page = alloc_page(GFP_KERNEL | GFP_DMA32); + page = alloc_page(GFP_KERNEL | GFP_DMA32 | __GFP_ZERO); if (page == NULL) return NULL;