Re: [PATCH] kernel/sys.c: fix prctl_set_auxv to use sizeof instead of user-supplied len

Next message: Lyude Paul: "[PATCH v16 0/6] Rust bindings for gem shmem"
Previous message: Zhenzhong Wu: "Re: [RFC PATCH 6.1.y 0/2] bpf: backport scalar not-equal tracking fixes"
In reply to: Lorenzo Stoakes: "Re: [PATCH] kernel/sys.c: fix prctl_set_auxv to use sizeof instead of user-supplied len"
Next in thread: David Laight: "Re: [PATCH] kernel/sys.c: fix prctl_set_auxv to use sizeof instead of user-supplied len"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Hildenbrand (Arm)

Date: Tue Jun 02 2026 - 13:28:07 EST

On 6/2/26 16:14, Aiden Bowling wrote:
> The issue is that using the user-supplied 'len' risks a partial write into mm-
>>saved_auxv if they pass something smaller than the actual buffer size, even if
> the buffer is validated. We should always copy the full buffer size after
> validation to maintain consistency and prevent accidental partial data exposure/
> corruption.

Which partial data exposure?

--
Cheers,

David