On Mon, Jul 27, 2020 at 5:18 PM Peilin Ye <[email protected]> wrote: > > ioctl_get_info() is copying uninitialized stack memory to userspace due to > the compiler not initializing holes in statically allocated structures. > Fix it by initializing `event` using memset() in fill_bus_reset_event(). > > Cc: [email protected] > Suggested-by: Dan Carpenter <[email protected]> > Suggested-by: Arnd Bergmann <[email protected]> > Signed-off-by: Peilin Ye <[email protected]>
Acked-by: Arnd Bergmann <[email protected]> I would recommend always looking through the git history of the file to come up with an appropriate 'Fixes' tag. In this case $ git log -p --follow drivers/firewire/core-cdev.c searching for any mention of fill_bus_reset_event leads you to commit 344bbc4de14e. In my ~/.gitconfig I have this alias: [core] abbrev = 12 [alias] fixes = show --format='Fixes: %h (\"%s\")' -s With something like that, calling 'git fixes 344bbc4de14e' produces the line to copy: Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.") Arnd > --- > drivers/firewire/core-cdev.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c > index fb6c651214f3..2341d762df5b 100644 > --- a/drivers/firewire/core-cdev.c > +++ b/drivers/firewire/core-cdev.c > @@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct > fw_cdev_event_bus_reset *event, > { > struct fw_card *card = client->device->card; > > + memset(event, 0, sizeof(*event)); > + > spin_lock_irq(&card->lock); > > event->closure = client->bus_reset_closure; > -- > 2.25.1 >
