On Tue, Jul 28, 2020 at 10:11:09AM +0200, Arnd Bergmann wrote:
On Tue, Jul 28, 2020 at 3:45 AM Peilin Ye yepeilin.cs@gmail.com wrote:
copy_one_buf() is copying uninitialized stack memory to userspace due to the compiler not initializing holes in statically allocated structures. Fix it by initializing `v` with memset().
I would add 'potentially' somewhere in that description: it is architecture dependent whether there are holes in this structure as 'enum' types and 'long' are both dependent on the ABI, and even if there is a hole, it is undefined behavior whether the hold gets initialized.
I see. I will fix that up. Thank you for the advice!
Peilin Ye
Other than that, the patch looks good.
Cc: stable@vger.kernel.org Fixes: 5c7640ab6258 ("switch compat_drm_infobufs() to drm_ioctl_kernel()") Suggested-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Peilin Ye yepeilin.cs@gmail.com
Acked-by: Arnd Bergmann arnd@arndb.de