From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@ZenIV.linux.org.uk>
Date: Tue, 04 Jul 2017 17:13:10 +0000
Subject: Re: [PATCH][-next] mqueue: fix incorrect memset size for object v
Message-Id: <20170704171310.GW10672@ZenIV.linux.org.uk>
List-Id: <kernel-janitors.vger.kernel.org>
References: <20170704160919.19406-1-colin.king@canonical.com>
In-Reply-To: <20170704160919.19406-1-colin.king@canonical.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: Colin King <colin.king@canonical.com>
Cc: Ingo Molnar <mingo@kernel.org>, Luc Van Oostenryck <luc.vanoostenryck@gmail.com>, Steven Whitehouse <swhiteho@redhat.com>, Deepa Dinamani <deepa.kernel@gmail.com>, Waiman Long <longman@redhat.com>, kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org

On Tue, Jul 04, 2017 at 05:09:19PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> The size of the memset is incorrect, it is currently using the size
> of attr (a struct mq_attr *) and not of v (a struct compat_mq_attr)

Folded (and that was a moderate infoleak - ->__reserved[] thing had
been copied out uninitialized).

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752539AbdGDRNQ (ORCPT <rfc822;w@1wt.eu>);
        Tue, 4 Jul 2017 13:13:16 -0400
Received: from zeniv.linux.org.uk ([195.92.253.2]:51260 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752413AbdGDRNP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 4 Jul 2017 13:13:15 -0400
Date: Tue, 4 Jul 2017 18:13:10 +0100
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Colin King <colin.king@canonical.com>
Cc: Ingo Molnar <mingo@kernel.org>,
        Luc Van Oostenryck <luc.vanoostenryck@gmail.com>,
        Steven Whitehouse <swhiteho@redhat.com>,
        Deepa Dinamani <deepa.kernel@gmail.com>,
        Waiman Long <longman@redhat.com>, kernel-janitors@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH][-next] mqueue: fix incorrect memset size for object v
Message-ID: <20170704171310.GW10672@ZenIV.linux.org.uk>
References: <20170704160919.19406-1-colin.king@canonical.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20170704160919.19406-1-colin.king@canonical.com>
User-Agent: Mutt/1.8.0 (2017-02-23)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jul 04, 2017 at 05:09:19PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> The size of the memset is incorrect, it is currently using the size
> of attr (a struct mq_attr *) and not of v (a struct compat_mq_attr)

Folded (and that was a moderate infoleak - ->__reserved[] thing had
been copied out uninitialized).