Re: [Cluster-devel] [PATCH v2] fs/dlm: Fix kernel memory disclosure
On Wed, Feb 22, 2017 at 03:45:34PM +0800, Vlad Tsyrklevich wrote: > Hello, I wanted to ping the list and see if this could get a review: now pushed to linux-dlm.git > > Clear the 'unused' field and the uninitialized padding in 'lksb' to > > avoid leaking memory to userland in copy_result_to_user(). > > > > Signed-off-by: Vlad Tsyrklevich > > --- > > fs/dlm/user.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/fs/dlm/user.c b/fs/dlm/user.c > > index 1ce908c..83ddd47 100644 > > --- a/fs/dlm/user.c > > +++ b/fs/dlm/user.c > > @@ -122,6 +122,8 @@ static void compat_input(struct dlm_write_request *kb, > > static void compat_output(struct dlm_lock_result *res, > > struct dlm_lock_result32 *res32) > > { > > + memset(res32, 0, sizeof(*res32)); > > + > > res32->version[0] = res->version[0]; > > res32->version[1] = res->version[1]; > > res32->version[2] = res->version[2];
Re: [Cluster-devel] [PATCH v2] fs/dlm: Fix kernel memory disclosure
Hi, On 22/02/17 07:45, Vlad Tsyrklevich wrote: Hello, I wanted to ping the list and see if this could get a review: It looks good to me, Steve. Clear the 'unused' field and the uninitialized padding in 'lksb' to avoid leaking memory to userland in copy_result_to_user(). Signed-off-by: Vlad Tsyrklevich --- fs/dlm/user.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/dlm/user.c b/fs/dlm/user.c index 1ce908c..83ddd47 100644 --- a/fs/dlm/user.c +++ b/fs/dlm/user.c @@ -122,6 +122,8 @@ static void compat_input(struct dlm_write_request *kb, static void compat_output(struct dlm_lock_result *res, struct dlm_lock_result32 *res32) { + memset(res32, 0, sizeof(*res32)); + res32->version[0] = res->version[0]; res32->version[1] = res->version[1]; res32->version[2] = res->version[2];
Re: [Cluster-devel] [PATCH v2] fs/dlm: Fix kernel memory disclosure
Hello, I wanted to ping the list and see if this could get a review: > Clear the 'unused' field and the uninitialized padding in 'lksb' to > avoid leaking memory to userland in copy_result_to_user(). > > Signed-off-by: Vlad Tsyrklevich > --- > fs/dlm/user.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/fs/dlm/user.c b/fs/dlm/user.c > index 1ce908c..83ddd47 100644 > --- a/fs/dlm/user.c > +++ b/fs/dlm/user.c > @@ -122,6 +122,8 @@ static void compat_input(struct dlm_write_request *kb, > static void compat_output(struct dlm_lock_result *res, > struct dlm_lock_result32 *res32) > { > + memset(res32, 0, sizeof(*res32)); > + > res32->version[0] = res->version[0]; > res32->version[1] = res->version[1]; > res32->version[2] = res->version[2];