Re: [PATCH] kernel/sys.c: fix prctl_set_auxv to use sizeof instead of user-supplied len

Next message: yangxingui: "Re: [PATCH v5 2/2] scsi: libsas: Add linkrate and sas_addr change detection in rediscover"
Previous message: Quentin Monnet: "Re: [PATCH bpf-next v2 1/8] bpftool: Pass host flags to bootstrap libbpf"
In reply to: David Hildenbrand (Arm): "Re: [PATCH] kernel/sys.c: fix prctl_set_auxv to use sizeof instead of user-supplied len"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Laight

Date: Wed Jun 03 2026 - 05:23:14 EST

On Tue, 2 Jun 2026 19:25:56 +0200
"David Hildenbrand (Arm)" <david@xxxxxxxxxx> wrote:

> On 6/2/26 16:14, Aiden Bowling wrote:
> > The issue is that using the user-supplied 'len' risks a partial write into mm-
> >>saved_auxv if they pass something smaller than the actual buffer size, even if
> > the buffer is validated. We should always copy the full buffer size after
> > validation to maintain consistency and prevent accidental partial data exposure/
> > corruption.
>
> Which partial data exposure?
>

The one you don't get with the patch because of the previously
unnecessary initialisation of the array :-)