Received: by 10.192.165.148 with SMTP id m20csp911742imm;
        Fri, 27 Apr 2018 09:26:56 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZrudM3ARVDaO+/vij3viquYBxC2ssG3OXWY5EhIWY6fC4CrCOZKxpcZcv040GQ0LaxMwpv+
X-Received: by 2002:a17:902:7c92:: with SMTP id y18-v6mr2841391pll.378.1524846416172;
        Fri, 27 Apr 2018 09:26:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524846416; cv=none;
        d=google.com; s=arc-20160816;
        b=hNaZR5DjPYEp0wag0iwZusv+GJEgCt6DlPhfRngzYNrxV3qJqPcvpE7RV1FBUpSmBN
         ikb6gas9ihl8k6Sx/JJgzfCmiP3ubcSJmsA7TeSMqCvPJAQrA+2nleRuSj95mXJ4pF2h
         Sf00yGB8dYsoma+YJbEJMUpUZtF0hcnNFSk+qJRLu9klQKU5BpvnngYCyU/1Op4ZkF2c
         RQ3/DmCcTNpkjBK6GEqiNxfe40HPqpsiUppObpbj9zFt5TD8REqRM9uc601EDxVbvLZZ
         ejEKf55w9RdEZWa6qb+0LFzGNDcIjLJD3JHrPpXm+Chl9AO3zXyeLKY9ETYZL2ubaV86
         prOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=oL+m35PXX0BYcxhOEQogKtc1eHJfgab2bRCfVND/tm4=;
        b=IeYCqsp9wwrEgoUzJPzRudAZNvU5BwmI/dknA8GQIOpeXBA7oC4AuqSfDRAFkRKPoe
         jjNlStstfLKZLNCWdSnfXKdug8bTMHBA0DPrMyv9Neb7IdX3F6kDYKrRj6eMlEFmzwca
         1523QfpaCuHYrxSUV1Ub39SJIwjev6ll/Q+/m9cp989uk2Wue5bjDPJXyNgDiNOqqumH
         /kmhwkLtXd3mk5eGGes8irF/Gdd3mzRtqQLpbA6ZwruCCdPVknXHOk3rHhQsCo/HabS4
         SITvojWIvbqr1caxs/ZvPSxqCc5s2T0d4mFHAypJlLpOhIdu5lBmv4pvkUdwLdjXB7Kv
         ygvA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=VT5a1P9R;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k5-v6si1564019pln.598.2018.04.27.09.26.42;
        Fri, 27 Apr 2018 09:26:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=VT5a1P9R;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932864AbeD0QZn (ORCPT <rfc822;hubert.jasudowicz@gmail.com>
        + 99 others); Fri, 27 Apr 2018 12:25:43 -0400
Received: from mail-pf0-f193.google.com ([209.85.192.193]:40650 "EHLO
        mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1758610AbeD0QZl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 27 Apr 2018 12:25:41 -0400
Received: by mail-pf0-f193.google.com with SMTP id f189so1845926pfa.7
        for <linux-kernel@vger.kernel.org>; Fri, 27 Apr 2018 09:25:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=oL+m35PXX0BYcxhOEQogKtc1eHJfgab2bRCfVND/tm4=;
        b=VT5a1P9R6PLTfsU2ZhQO9JMEQT+1EZ62yZuSB335Y0ksgWOfbai4mF7R1nUHCvHyq7
         5XXyPjKrtSsytu2KV+1uBQxgyWnWxVNvgXvGXHZmrMXC/k24Hu99sUaN0yawe3uZNa5/
         ndtmpUbkwuNAarqHH07SlKv+jWpNONASBgtYmShjb0CbVMVsV5Hh44XUsXTlVr+eOAyd
         F6eFbJD1/fmMEgMqwi+ZWzgzJnenUHpFODF6wcqJvsJnkktrh1kEh55PXj23obHOaFSD
         AihPK8F5T+qMfGP2pygwi0YCIV47SeKOT4qxyDJjGSPS7STbjWjkXyX/y/7PkYPb07hJ
         awGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=oL+m35PXX0BYcxhOEQogKtc1eHJfgab2bRCfVND/tm4=;
        b=nEaB3qsrGWtnHtR4j7DAnaJmpUwDefPfsSlb/lbweNTr/3uEHVOHLFGWyoZZmpKIi8
         rxYV+uJxzRCO58rUwD3skFNoWoPfSjRLL1VKr9avT9TBszV3+k/hBQfc0JhI0IYtcTi/
         9pEJEX50gRsRxe5kWnz1ne0ia4zz8dTOCPN9I8lI+TPd+NRLEAGoOA8MKWj856FdDtG7
         5khmsWoH+zgA7pAImUiW4Fbdvi1Mhcug9aNmnYOezNc7EXE80BtXx6zWs+YCGF0bAYlu
         gLfzBEeOC8kvE/BwbrkJ2jIV54K4/WIEIGfXk/iXFwKOdJN/Zuz4+xbrEdPfUpKQCSdW
         9cqg==
X-Gm-Message-State: ALQs6tB5esGA1fYH69iLhKmWzAeRnq/ECgAMIAfEkoQBIovG6x+xKc8s
        lEEY+Sqz2ajpgMaC0YzHU0dOPWBnJqjYdJ42Cwsrqw==
X-Received: by 2002:a17:902:595e:: with SMTP id e30-v6mr2835951plj.233.1524846340363;
 Fri, 27 Apr 2018 09:25:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.236.147.130 with HTTP; Fri, 27 Apr 2018 09:25:19 -0700 (PDT)
In-Reply-To: <20180427191430-mutt-send-email-mst@kernel.org>
References: <000000000000a5b2b1056a86e98c@google.com> <20180427154502.GA22544@la.guarana.org>
 <20180427185501-mutt-send-email-mst@kernel.org> <CACT4Y+b4fEOw=GjTsZMHVyQPOZmuqPWj6AJJshpS-UGRx=bhXA@mail.gmail.com>
 <20180427191430-mutt-send-email-mst@kernel.org>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Fri, 27 Apr 2018 18:25:19 +0200
Message-ID: <CACT4Y+bzWiPvV+pVvys4v8CwUhF7iYVskxn_yeo6ztN5uKA0VA@mail.gmail.com>
Subject: Re: [PATCH net] vhost: Use kzalloc() to allocate vhost_msg_node
To:     "Michael S. Tsirkin" <mst@redhat.com>
Cc:     Kevin Easton <kevin@guarana.org>, Jason Wang <jasowang@redhat.com>,
        KVM list <kvm@vger.kernel.org>,
        virtualization@lists.linux-foundation.org,
        netdev <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Apr 27, 2018 at 6:15 PM, Michael S. Tsirkin <mst@redhat.com> wrote:
>> >> The struct vhost_msg within struct vhost_msg_node is copied to userspace,
>> >> so it should be allocated with kzalloc() to ensure all structure padding
>> >> is zeroed.
>> >>
>> >> Signed-off-by: Kevin Easton <kevin@guarana.org>
>> >> Reported-by: syzbot+87cfa083e727a224754b@syzkaller.appspotmail.com
>> >
>> > Does it help if a patch naming the padding is applied,
>> > and then we init just the relevant field?
>> > Just curious.
>>
>> Yes, it would help.
>
> I think it's slightly better that way then. node has a lot of internal
> stuff we don't care to init. Would you mind taking my patch and building
> on top of that then?


But it's asking for more information leaks in future. This looks like
work for compiler.


>> >> ---
>> >>  drivers/vhost/vhost.c | 2 +-
>> >>  1 file changed, 1 insertion(+), 1 deletion(-)
>> >>
>> >> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
>> >> index f3bd8e9..1b84dcff 100644
>> >> --- a/drivers/vhost/vhost.c
>> >> +++ b/drivers/vhost/vhost.c
>> >> @@ -2339,7 +2339,7 @@ EXPORT_SYMBOL_GPL(vhost_disable_notify);
>> >>  /* Create a new message. */
>> >>  struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type)
>> >>  {
>> >> -     struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL);
>> >> +     struct vhost_msg_node *node = kzalloc(sizeof *node, GFP_KERNEL);
>> >>       if (!node)
>> >>               return NULL;
>> >>       node->vq = vq;
>> >> --
>> >> 2.8.1