On Oct 19 Clemens Ladisch wrote: > Dan Carpenter wrote: > > There is a 4 byte hole in the bus_reset struct at the end of the struct > > after ->generation. > > queue_bus_reset_event() uses kzalloc(), and ioctl_get_info() does not copy > the hole. Yep. In other words, the ioctl_get_info() information leak has been fixed by commit 790198f74c9d "firewire: cdev: fix user memory corruption (i386 userland on amd64 kernel)". Its subject doesn't say so, but the changelog does. -- Stefan Richter -=====-===-= =-=- =--== http://arcgraph.de/sr/ -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html