From: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Subject: powerpc/rtas_flash: Fix bad memory access
Git-commit: fb4696c39573ea97d0aeb94fdcdbccba4607b49f
Patch-mainline: yes
References: bnc#847842 

    We use kmem_cache_alloc() to allocate memory to hold the new firmware
    which will be flashed. kmem_cache_alloc() calls rtas_block_ctor() to
    set memory to NULL. But these constructor is called only for newly
    allocated slabs.

Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Torsten Duwe <duwe@suse.de>

--- a/arch/powerpc/kernel/rtas_flash.c	2013-10-22 07:13:04.000000000 -0500
+++ b/arch/powerpc/kernel/rtas_flash.c	2013-10-22 07:13:18.000000000 -0500
@@ -268,12 +268,6 @@ static ssize_t rtas_flash_read(struct fi
 	return simple_read_from_buffer(buf, count, ppos, msg, strlen(msg));
 }
 
-/* constructor for flash_block_cache */
-void rtas_block_ctor(void *ptr)
-{
-	memset(ptr, 0, RTAS_BLK_SIZE);
-}
-
 /* We could be much more efficient here.  But to keep this function
  * simple we allocate a page to the block list no matter how small the
  * count is.  If the system is low on memory it will be just as well
@@ -298,7 +292,7 @@ static ssize_t rtas_flash_write(struct f
 	 * proc file
 	 */
 	if (uf->flist == NULL) {
-		uf->flist = kmem_cache_alloc(flash_block_cache, GFP_KERNEL);
+		uf->flist = kmem_cache_zalloc(flash_block_cache, GFP_KERNEL);
 		if (!uf->flist)
 			return -ENOMEM;
 	}
@@ -309,7 +303,7 @@ static ssize_t rtas_flash_write(struct f
 	next_free = fl->num_blocks;
 	if (next_free == FLASH_BLOCKS_PER_NODE) {
 		/* Need to allocate another block_list */
-		fl->next = kmem_cache_alloc(flash_block_cache, GFP_KERNEL);
+		fl->next = kmem_cache_zalloc(flash_block_cache, GFP_KERNEL);
 		if (!fl->next)
 			return -ENOMEM;
 		fl = fl->next;
@@ -318,7 +312,7 @@ static ssize_t rtas_flash_write(struct f
 
 	if (count > RTAS_BLK_SIZE)
 		count = RTAS_BLK_SIZE;
-	p = kmem_cache_alloc(flash_block_cache, GFP_KERNEL);
+	p = kmem_cache_zalloc(flash_block_cache, GFP_KERNEL);
 	if (!p)
 		return -ENOMEM;
 	
@@ -764,7 +758,7 @@ static int __init rtas_flash_init(void)
 
 	flash_block_cache = kmem_cache_create("rtas_flash_cache",
 				RTAS_BLK_SIZE, RTAS_BLK_SIZE, 0,
-				rtas_block_ctor);
+				NULL);
 	if (!flash_block_cache) {
 		printk(KERN_ERR "%s: failed to create block cache\n",
 				__func__);
