On Sat, Mar 22, 2025 at 09:50:37PM +0800, Ming Lei wrote: > On Sat, Mar 22, 2025 at 12:02:02PM +0000, Pavel Begunkov wrote: > > On 3/22/25 07:56, Ming Lei wrote: > > > So far fixed kernel buffer is only used for FS read/write, in which > > > the remained bytes need to be zeroed in case of short read, otherwise > > > kernel data may be leaked to userspace. > > > > Can you remind me, how that can happen? Normally, IIUC, you register > > a request filled with user pages, so no kernel data there. Is it some > > bounce buffers? > > For direct io, it is filled with user pages, but it can be buffered IO, > and the page can be mapped to userspace. I may missing something here because that doesn't sound specific to kernel registered bvecs. Is page cache memory not already zeroed out to protect against short reads? I can easily wire up a flakey device that won't fill the requested memory. What do I need to do to observe this data leak?
