Description of problem: When DM_DEVICE_CREATE is used with table, it also does automatic table load and resume. But since resume ioctl does not take parameters, it's param memory is not wipes upon exit from kernel - user space was not meant to pass any argument here. This bug may leak some secure data to running user space process that were meant to be cleared immediately after ioctl call. Version-Release number of selected component (if applicable): devicemapper library < 1.02.155 How reproducible: Steps to Reproduce: 1. simple test program will be provided. 2. 3. Actual results: data leaking in i.e. coredump of process. Expected results: no memory trace in address space of task. Additional info:
Addressed with upstream commit: https://www.redhat.com/archives/lvm-devel/2018-November/msg00068.html Test cases added with (and later tuned further) https://www.redhat.com/archives/lvm-devel/2018-November/msg00073.html
Corey, is the coverage in our test suite sufficient to grant a qa-ack? This is IMO rather internal thing, which should be rather covered by unit tests (as it is now)