On Tue, Apr 25, 2017 at 05:57:41PM -0700, Adrian Salido wrote: > 1. param_kernel is allocated from stack and passed to copy_params > 2. copy_params only copies up to param_kernel->data from user > (param_kernel->data still contains stack contents) > 3. in copy_params, since there are no params it will skip through and > return param = dmi = param_kernel after setting dmi->data_size = minimum_data_size; and then input_param_size = param->data_size; > 4. that stale data is copied back to user because it is incorrectly extending the buffer? param->data_size = sizeof(*param); instead of continuing to use input_param_size? Alasdair -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
