Now applied, thanks.

greg k-h

This is a note to let you know that I've just added the patch titled

[PATCH] target: Explicitly clear ramdisk_mcp backend pages

to the 3.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
target-explicitly-clear-ramdisk_mcp-backend-pages.patch
and it can be found in the queue-3.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
From: "Nicholas A. Bellinger" <***@linux-iscsi.org>
Date: Mon, 16 Jun 2014 20:59:52 +0000
Subject: [PATCH] target: Explicitly clear ramdisk_mcp backend pages
To: target-devel <target-***@vger.kernel.org>
Cc: Greg-KH <***@linuxfoundation.org>, stable <***@vger.kernel.org>, Nicholas Bellinger <***@linux-iscsi.org>, Jorge Daniel Sequeira Matias <***@tecnico.ulisboa.pt>
Message-ID: <1402952392-30762-1-git-send-email-***@linux-iscsi.org>


[Note that a different patch to address the same issue went in during
v3.15-rc1 (commit 4442dc8a), but includes a bunch of other changes that
don't strictly apply to fixing the bug]

This patch changes rd_allocate_sgl_table() to explicitly clear
ramdisk_mcp backend memory pages by passing __GFP_ZERO into
alloc_pages().

This addresses a potential security issue where reading from a
ramdisk_mcp could return sensitive information, and follows what
device initialization time.

Reported-by: Jorge Daniel Sequeira Matias <***@tecnico.ulisboa.pt>
Cc: Jorge Daniel Sequeira Matias <***@tecnico.ulisboa.pt>
Signed-off-by: Nicholas Bellinger <***@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <***@linuxfoundation.org>

---
drivers/target/target_core_rd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/target/target_core_rd.c
+++ b/drivers/target/target_core_rd.c
@@ -174,7 +174,7 @@ static int rd_build_device_space(struct
- 1;

for (j = 0; j < sg_per_table; j++) {
- pg = alloc_pages(GFP_KERNEL, 0);
+ pg = alloc_pages(GFP_KERNEL | __GFP_ZERO, 0);
if (!pg) {
pr_err("Unable to allocate scatterlist"
" pages for struct rd_dev_sg_table\n");


Patches currently in stable-queue which might be from ***@linux-iscsi.org are

queue-3.10/target-report-correct-response-length-for-some-commands.patch
queue-3.10/target-iser-fix-hangs-in-connection-teardown.patch
queue-3.10/target-iser-bail-from-accept_np-if-np_thread-is-trying-to-close.patch
queue-3.10/target-use-complete_all-for-se_cmd-t_transport_stop_comp.patch
queue-3.10/target-set-cmd_t_active-bit-for-task-management-requests.patch
queue-3.10/iscsi-target-fix-abort_task-connection-reset-iscsi_queue_req-memory-leak.patch
queue-3.10/target-explicitly-clear-ramdisk_mcp-backend-pages.patch

This is a note to let you know that I've just added the patch titled

[PATCH] target: Explicitly clear ramdisk_mcp backend pages

to the 3.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
target-explicitly-clear-ramdisk_mcp-backend-pages.patch
and it can be found in the queue-3.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
From: "Nicholas A. Bellinger" <***@linux-iscsi.org>
Date: Mon, 16 Jun 2014 20:59:52 +0000
Subject: [PATCH] target: Explicitly clear ramdisk_mcp backend pages
To: target-devel <target-***@vger.kernel.org>
Cc: Greg-KH <***@linuxfoundation.org>, stable <***@vger.kernel.org>, Nicholas Bellinger <***@linux-iscsi.org>, Jorge Daniel Sequeira Matias <***@tecnico.ulisboa.pt>
Message-ID: <1402952392-30762-1-git-send-email-***@linux-iscsi.org>


[Note that a different patch to address the same issue went in during
v3.15-rc1 (commit 4442dc8a), but includes a bunch of other changes that
don't strictly apply to fixing the bug]

This patch changes rd_allocate_sgl_table() to explicitly clear
ramdisk_mcp backend memory pages by passing __GFP_ZERO into
alloc_pages().

This addresses a potential security issue where reading from a
ramdisk_mcp could return sensitive information, and follows what
device initialization time.

Reported-by: Jorge Daniel Sequeira Matias <***@tecnico.ulisboa.pt>
Cc: Jorge Daniel Sequeira Matias <***@tecnico.ulisboa.pt>
Signed-off-by: Nicholas Bellinger <***@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <***@linuxfoundation.org>

---
drivers/target/target_core_rd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/target/target_core_rd.c
+++ b/drivers/target/target_core_rd.c
@@ -158,7 +158,7 @@ static int rd_allocate_sgl_table(struct
- 1;

for (j = 0; j < sg_per_table; j++) {
- pg = alloc_pages(GFP_KERNEL, 0);
+ pg = alloc_pages(GFP_KERNEL | __GFP_ZERO, 0);
if (!pg) {
pr_err("Unable to allocate scatterlist"
" pages for struct rd_dev_sg_table\n");


Patches currently in stable-queue which might be from ***@linux-iscsi.org are

queue-3.14/target-report-correct-response-length-for-some-commands.patch
queue-3.14/target-iser-fix-hangs-in-connection-teardown.patch
queue-3.14/target-iscsi-fix-sendtargets-response-pdu-for-iser-transport.patch
queue-3.14/target-iser-bail-from-accept_np-if-np_thread-is-trying-to-close.patch
queue-3.14/target-use-complete_all-for-se_cmd-t_transport_stop_comp.patch
queue-3.14/target-set-cmd_t_active-bit-for-task-management-requests.patch
queue-3.14/target-iser-wait-for-proper-cleanup-before-unloading.patch
queue-3.14/target-iser-improve-cm-events-handling.patch
queue-3.14/iscsi-target-fix-abort_task-connection-reset-iscsi_queue_req-memory-leak.patch
queue-3.14/target-explicitly-clear-ramdisk_mcp-backend-pages.patch

This is a note to let you know that I've just added the patch titled

[PATCH] target: Explicitly clear ramdisk_mcp backend pages

to the 3.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
target-explicitly-clear-ramdisk_mcp-backend-pages.patch
and it can be found in the queue-3.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
From: "Nicholas A. Bellinger" <***@linux-iscsi.org>
Date: Mon, 16 Jun 2014 20:59:52 +0000
Subject: [PATCH] target: Explicitly clear ramdisk_mcp backend pages
To: target-devel <target-***@vger.kernel.org>
Cc: Greg-KH <***@linuxfoundation.org>, stable <***@vger.kernel.org>, Nicholas Bellinger <***@linux-iscsi.org>, Jorge Daniel Sequeira Matias <***@tecnico.ulisboa.pt>
Message-ID: <1402952392-30762-1-git-send-email-***@linux-iscsi.org>


[Note that a different patch to address the same issue went in during
v3.15-rc1 (commit 4442dc8a), but includes a bunch of other changes that
don't strictly apply to fixing the bug]

This patch changes rd_allocate_sgl_table() to explicitly clear
ramdisk_mcp backend memory pages by passing __GFP_ZERO into
alloc_pages().

This addresses a potential security issue where reading from a
ramdisk_mcp could return sensitive information, and follows what
device initialization time.

Reported-by: Jorge Daniel Sequeira Matias <***@tecnico.ulisboa.pt>
Cc: Jorge Daniel Sequeira Matias <***@tecnico.ulisboa.pt>
Signed-off-by: Nicholas Bellinger <***@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <***@linuxfoundation.org>

---
drivers/target/target_core_rd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/target/target_core_rd.c
+++ b/drivers/target/target_core_rd.c
@@ -177,7 +177,7 @@ static int rd_build_device_space(struct
- 1;

for (j = 0; j < sg_per_table; j++) {
- pg = alloc_pages(GFP_KERNEL, 0);
+ pg = alloc_pages(GFP_KERNEL | __GFP_ZERO, 0);
if (!pg) {
pr_err("Unable to allocate scatterlist"
" pages for struct rd_dev_sg_table\n");


Patches currently in stable-queue which might be from ***@linux-iscsi.org are

queue-3.4/target-explicitly-clear-ramdisk_mcp-backend-pages.patch

al
at
s.
Thank you, I'll queue this patch for the 3.11 kernel as well.

Cheers,
--
Lu=EDs
core_rd.c
d_dev, struct rd_dev_sg_table *

[...]

Queued up for 3.2, thanks.

Ben.