> On Tue, Apr 25, 2017 at 04:31:29PM -0700, Adrian Salido wrote: >> Struct dm_ioctl has some padding/data that is not explicitly cleared >> before copying to user. This can cause kernel stack contents to be >> leaked to user space. > > Please be more precise here, explaining which part of the buffer > and under exactly what circumstances you have found that uninitialised > content gets returned to userspace.
it's actually the data portion of the struct under a custom user ioctl where (param_kernel->data_size - minimum_data_size) < sizeof(param_kernel->data) Will update the patch to be clear -- dm-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/dm-devel
