On Wed, Oct 13, 2010 at 11:13:12AM +0200, Dan Carpenter wrote: > In the original code there was a potential integer overflow if you > passed in a large cmd.ne. The calls to kmalloc() would allocate smaller > buffers than intended, leading to memory corruption. There was also an > information leak if resp wasn't all used. > > Documentation/infiniband/user_verbs.txt suggests this function is meant > for unprivileged access. > > Special thanks to Jason Gunthorpe for his help and advice. > Crap! Apparently c99 initialization zeroes out the holes most of the time but not all the time. http://lkml.org/lkml/2010/11/22/367 I'm still waiting for some GCC people to chime in about what the rules are here, but it looks like I may need to add memsets to this patch. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html