Hi Greg, 2016-12-23 16:20 GMT+09:00 Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>: > On Fri, Dec 23, 2016 at 12:21:48PM +0900, Masahiro Yamada wrote: >> Leave the way of zero-out to the compiler's decision; the compiler >> may know a more optimized way than calling memset(). > > But no, it doesn't, it will leave "blank" areas in the structure with > bad data in it, which is why we do memset. See the tree-wide fixups we > made about a year ago for this very issue. Are you sure none of these > structures get copied to userspace? I have to admit no security consideration was in my mind. If we talk about the particular case of struct uart_8250_port, this structure is allocated in the stack temporarily, then serial8250_register_8250_port() copies its members to another structure one by one. So no "blank" area is exposed to the user-space, I think. Having said that, we have no good reason to take a risk for this. So, please feel free to discard this patch. -- Best Regards Masahiro Yamada -- To unsubscribe from this list: send the line "unsubscribe linux-serial" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
