Received: by 10.192.165.148 with SMTP id m20csp1391316imm; Fri, 27 Apr 2018 19:24:58 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoJOiJLG+hX8RDDUmUpdO+xolJAohbtiiKkxRQF4Mamiu2NG21jBKODGl4D5yKwQ4tvFfhg X-Received: by 2002:a17:902:ac1:: with SMTP id 59-v6mr4439860plp.367.1524882298615; Fri, 27 Apr 2018 19:24:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524882298; cv=none; d=google.com; s=arc-20160816; b=NlojJS/ZSFcXv9R3fVhhF+VxGG9wVGg896Oxx+exyktJUN/eZlJ7SNO3utqgnCi9kM ML/sDlUgPQeWiVGyYgumDX916xtBuuNuLmxYphqS63ldN1WRt75pAN+DR4ln7miJawEB +Px5JCmKJErY2XM2yZydR3dxpSFUFfdLWHj4dvDLMtZxtg1jSojQMEaLX0LGl9pr6cJd RsUi66GOzoeXiXa8/CU29/0NbAaRTPlza26vRf/PH7lexC+hD1Ui23RxboHONRzg92J6 Jb6MpMDgh69uSLebGcoymQczP75xEiQEMSPBocu4c9zPYrOjFrM4NgdoWruSX1j4DOw1 fHJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=7DAyAkNZmsuCS3MF6CqHQt0ovQ6Jkj31wTheIa5HoiA=; b=CG5hS2+LvRyE1ujeZkzACtig1xS+kKcGps6a+1AGdM7oW0F1/H7bGNfSTjqdc9OQBF 7lyXsDgyt/4xv6udVpi1PpkoDF0CZg8dBh021c9Ag9v3cSKJuu3LlABEcUfWpQzT54yB yU2PzLEQ9H/B9QnPpreXlhcncMb/P8AM1468VA7I+cbOJn4gh4x5qskMt0L/6TgGTCOb L5v8JgOnzeFNX+hfSCKtA4EcO0IdNY2Adnz7jBNGgNPMmPpGgwGNf5TbFNmqxi2o8Vq2 bjuhrzNNW9Bwq6MtZQnafXbCDx11oVPi5K0vGMqsSS1Bav7hVUcTZLdBLJoXoVLXhorh LMfw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p13-v6si2273159pgn.267.2018.04.27.19.24.44; Fri, 27 Apr 2018 19:24:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759509AbeD1CX0 (ORCPT + 99 others); Fri, 27 Apr 2018 22:23:26 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:43714 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1759307AbeD1CXY (ORCPT ); Fri, 27 Apr 2018 22:23:24 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3F5E3A2021; Sat, 28 Apr 2018 02:23:24 +0000 (UTC) Received: from [10.72.12.171] (ovpn-12-171.pek2.redhat.com [10.72.12.171]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 781292026985; Sat, 28 Apr 2018 02:23:21 +0000 (UTC) Subject: Re: [PATCH net] vhost: Use kzalloc() to allocate vhost_msg_node To: Kevin Easton , "Michael S. Tsirkin" Cc: kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com References: <000000000000a5b2b1056a86e98c@google.com> <20180427154502.GA22544@la.guarana.org> <20180427185501-mutt-send-email-mst@kernel.org> <20180428010756.GA27341@la.guarana.org> <20180428015106.GA27738@la.guarana.org> From: Jason Wang Message-ID: <0dcd15ae-cd9b-1e3c-1311-4d86d1aa51d2@redhat.com> Date: Sat, 28 Apr 2018 10:23:18 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180428015106.GA27738@la.guarana.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Sat, 28 Apr 2018 02:23:24 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Sat, 28 Apr 2018 02:23:24 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'jasowang@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018年04月28日 09:51, Kevin Easton wrote: > On Fri, Apr 27, 2018 at 09:07:56PM -0400, Kevin Easton wrote: >> On Fri, Apr 27, 2018 at 07:05:45PM +0300, Michael S. Tsirkin wrote: >>> On Fri, Apr 27, 2018 at 11:45:02AM -0400, Kevin Easton wrote: >>>> The struct vhost_msg within struct vhost_msg_node is copied to userspace, >>>> so it should be allocated with kzalloc() to ensure all structure padding >>>> is zeroed. >>>> >>>> Signed-off-by: Kevin Easton >>>> Reported-by: syzbot+87cfa083e727a224754b@syzkaller.appspotmail.com >>> Does it help if a patch naming the padding is applied, >>> and then we init just the relevant field? >>> Just curious. >> No, I don't believe that is sufficient to fix the problem. > Scratch that, somehow I missed the "..and then we init just the > relevant field" part, sorry. > > There's still the padding after the vhost_iotlb_msg to consider. It's > named in the union but I don't think that's guaranteed to be initialised > when the iotlb member of the union is used to initialise things. > >> I didn't name the padding in my original patch because I wasn't sure >> if the padding actually exists on 32 bit architectures? > This might still be a conce Yes. print &((struct vhost_msg *)0)->iotlb $3 = (struct vhost_iotlb_msg *) 0x4 > > At the end of the day, zeroing 96 bytes (the full size of vhost_msg_node) > is pretty quick. > > - Kevin Right, and even if it may be used heavily in the data-path, zeroing is not the main delay in that path. Thanks