Received: by 10.192.165.148 with SMTP id m20csp3071397imm; Mon, 7 May 2018 06:13:26 -0700 (PDT) X-Google-Smtp-Source: AB8JxZo94viK0ScgIqDDoGPKkbD83LDfPrCPXDDM3XIn82Z908Xmu3huiUlN3zhzZWHgNnV8Dr26 X-Received: by 2002:a65:4c06:: with SMTP id u6-v6mr29492891pgq.388.1525698806697; Mon, 07 May 2018 06:13:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525698806; cv=none; d=google.com; s=arc-20160816; b=qJaD1v6Sk7obmu3FqPsiov14NHoiOtsJKwnKAPgYKlRTVZ2ZEaWuU3TuGVQBnRH6n5 7AzWmC+0f/2qKLGTlSjlaKbGcoMlcjGXkWVvpCIfUR531fqLTlDVbtpyDcEMhahQsswJ tVHjJ3c7PrZxJZe/tVNxEhmMF1nOEoRZxr8V3Rdszgb/5ymJaoyecsFzPRgObm5cFEia U75lbs6V+8zYTad/b72ErbO5FtWsO8KHhN12oqPV6NpOp1vyYhepTStT16LKDYKLSMfS ijvBzGlyncfgcAdFLOa3s8JpJUE3o5fevnwKV5NseFl2noIR/908N9C0kD6mlQpmhdeo /HsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=ECbbg9STTduzUzDfhJ7gDbtSG/ZSGjKvOlL8690ZWjo=; b=Jel6zUmlQ2jJItVzMm8/h0Nb0m01d8iXLXcceYDyv6FV5ZDl4GJotH2y21AA7Py7N2 o6GhUttpin4IyuFGiot43Jm/pUN5g1I+xTV5PuftQJ2MdzS1o3WzMF3gl2tEkz/LhSL1 F1KkI0Ro3mE2CN0Zikz1Fobxussvr4MFm7VO8pvxSL/wyyNcKLDi4/MbaSpao5uL0zcJ s12I7OkP2j9ucSxjgEr3D/aOVnE3iSvX6KDAZKzpVIjndooaOT/7nA+hO4GKjoqBTwfY EdqD9e6QI4Kf+FRbYNsBsBJBzES61dIvrjPQZD4syJxMaPQdkR8gh6bWZugpWOwIScLo 60OQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=n9eYMtWb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w23-v6si21972685plq.214.2018.05.07.06.13.11; Mon, 07 May 2018 06:13:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=n9eYMtWb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752017AbeEGNM4 (ORCPT + 99 others); Mon, 7 May 2018 09:12:56 -0400 Received: from mail-pf0-f193.google.com ([209.85.192.193]:42409 "EHLO mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751943AbeEGNMx (ORCPT ); Mon, 7 May 2018 09:12:53 -0400 Received: by mail-pf0-f193.google.com with SMTP id p14so11472616pfh.9 for ; Mon, 07 May 2018 06:12:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ECbbg9STTduzUzDfhJ7gDbtSG/ZSGjKvOlL8690ZWjo=; b=n9eYMtWb+MiYRWYjSzz7zBjLLt4Kx+8PaNpJa0cnhuSpDE1ZVwbqhZw8jTXsmrUMW3 4E0J87bFhGiBT41weH86sf6ably+bl9Ce5VN4F4AcQDtP6TMV1q4an00Ep+ooNwf6Iwh E3UQfPPTGVZ6JwVjM1OwcVBf9XoFPCTh8s8neQvvzYSXBS8+o6/bE+8N9A6Mcfl9stK8 fvMwhsdTgIb6ahwcJ5mk8gtLRBUA4dLbQIaCyIuS6Q8x7GAie7jL7xPV0rwgXzw1epJn It3EA7RKMvQNpWaA8HuVWZWbop3nzKdCNqDHpQj/ziW64gdqzWgBz0nQmIV4vIE3DoBz EFDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ECbbg9STTduzUzDfhJ7gDbtSG/ZSGjKvOlL8690ZWjo=; b=eVhTuOXbm2cBKYHoGRSLAF0CbMOTFl8ZTjA6BHndmRF1w0kVvZGNV8NB9rHp9/KsFV lrLdpojoztUnEHekyYwTYQ0UXlCXLfrDKPBkJJlUKEmSKNaPphju42BPu09fXCioGP1G THM3aR0ZOMMq6hBx42iJtTrhMSA9XbUd/zMFhsITfcCOwAxXQxW12MWeBlVbvKI0lmi0 O0Vng+HEtg45vbCYG3zA9v40xwoOeGjm+BbUM5RcwzG9na0juVs3K368cO9LbS5iBgcn iKsF/Us5v6iZv561TGAba6bIn3qAaZGhQ4N8XgHu3iiolwM9HobjWzvDJpnqbtORI/Hr /sRg== X-Gm-Message-State: ALQs6tBq6lkzv/RhultxGLTI9Bb8QXmZXkBJeU38RRyfmS2V9gi2ZKbL nL39XoPs/FOoiPXXT/H5gqpKu4fPYpZzA2m4nImU/A== X-Received: by 2002:a17:902:1566:: with SMTP id b35-v6mr38461900plh.107.1525698772309; Mon, 07 May 2018 06:12:52 -0700 (PDT) MIME-Version: 1.0 Received: by 10.236.149.24 with HTTP; Mon, 7 May 2018 06:12:31 -0700 (PDT) In-Reply-To: <20180507155534-mutt-send-email-mst@kernel.org> References: <000000000000a5b2b1056a86e98c@google.com> <20180427154502.GA22544@la.guarana.org> <20180507155534-mutt-send-email-mst@kernel.org> From: Dmitry Vyukov Date: Mon, 7 May 2018 15:12:31 +0200 Message-ID: Subject: Re: [PATCH net] vhost: Use kzalloc() to allocate vhost_msg_node To: "Michael S. Tsirkin" Cc: Kevin Easton , Jason Wang , KVM list , virtualization@lists.linux-foundation.org, netdev , LKML , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 7, 2018 at 3:03 PM, Michael S. Tsirkin wrote: > On Fri, Apr 27, 2018 at 11:45:02AM -0400, Kevin Easton wrote: >> The struct vhost_msg within struct vhost_msg_node is copied to userspace, >> so it should be allocated with kzalloc() to ensure all structure padding >> is zeroed. >> >> Signed-off-by: Kevin Easton >> Reported-by: syzbot+87cfa083e727a224754b@syzkaller.appspotmail.com >> --- >> drivers/vhost/vhost.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c >> index f3bd8e9..1b84dcff 100644 >> --- a/drivers/vhost/vhost.c >> +++ b/drivers/vhost/vhost.c >> @@ -2339,7 +2339,7 @@ EXPORT_SYMBOL_GPL(vhost_disable_notify); >> /* Create a new message. */ >> struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) >> { >> - struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL); >> + struct vhost_msg_node *node = kzalloc(sizeof *node, GFP_KERNEL); >> if (!node) >> return NULL; >> node->vq = vq; > > > Let's just init the msg though. > > OK it seems this is the best we can do for now, > we need a new feature bit to fix it for 32 bit > userspace on 64 bit kernels. > > Does the following help? Hi Michael, You can ask reporter (syzbot) to test: https://github.com/google/syzkaller/blob/master/docs/syzbot.md#testing-patches https://github.com/google/syzkaller/blob/master/docs/syzbot.md#kmsan-bugs > Signed-off-by: Michael S. Tsirkin > > diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c > index f3bd8e9..58d9aec 100644 > --- a/drivers/vhost/vhost.c > +++ b/drivers/vhost/vhost.c > @@ -2342,6 +2342,9 @@ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) > struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL); > if (!node) > return NULL; > + > + /* Make sure all padding within the structure is initialized. */ > + memset(&node->msg, 0, sizeof node->msg); > node->vq = vq; > node->msg.type = type; > return node; > > -- > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/20180507155534-mutt-send-email-mst%40kernel.org. > For more options, visit https://groups.google.com/d/optout.