Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp1510893ybg; Sat, 26 Oct 2019 22:49:25 -0700 (PDT) X-Google-Smtp-Source: APXvYqzzjDMdaQxQmnRmtYl1BtgqIaFi7sb0gISIL6Yvh6xuMbdC2YnTCdDYTrQXmRCQjsBVxN1Z X-Received: by 2002:a17:906:d209:: with SMTP id w9mr11210099ejz.40.1572155365270; Sat, 26 Oct 2019 22:49:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572155365; cv=none; d=google.com; s=arc-20160816; b=xmc1W8x0mRwp385w9PbsHjtQE1vj7/BcoMfllzuefWVy7amd8uostLq0sCA9Y54Dvx tz1HTDzO48Uy4OlueV/bqJqaLJYHmQeriISOcY9dfcnf1ToZPOHMLJ5huumo5qGVERVE l2rrATaa1gxynn8Ajt5Kj6F+jjqbIv+No3/UVyu29wM1AmLdP7hHZjPsoUn6I19IoOX5 NFAoTqhqWjZRyyH3RkgqsoKwhZ8YUISjEjf55TQAi3mqQ02/eU5rRatDzNFtwWD04lUb P1WvldtFhbl50BvrQt5+DDfl0ri0EjQo749DDCscszo7+FTgU+9En1BMm4hl4KGGGl1/ Fh+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=Jp9IpWk93rDE4c0E+eNCbIGcRJ0JW9ER95XMQ/wRuQE=; b=MGq+Rn/URHnwBob/1GO+YVtC33/0Cpr0mQBJVaFlt/tmwwWd1EiBcRL1bQxF4D05n0 zrI+lLwGbFY0tE8qR8tPqXTeXBkCINVFQjKduNpHQFh6LTBx3f64zory7vKL/H5z6p8O ucBx3ALJgH8WiemWq4W+gtz8s8DFICSlswPOSw8+EF/INuwKOMULjZS9Uwjrar6KK5iA g+YoJhiLY6/IixGWD6XQ/BTXompY7sL0Jm8VDaIze66ytTJ3cLmY9TWiSnRsr5bg7Fac cyZSFeAfPBZy2PhKHXM3iFzvTyeFlvuiBm5pgTD2zM+bb0Yb/DT/AsP+/BJ4GYseMeqM hWCA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s7si2649262eds.215.2019.10.26.22.49.00; Sat, 26 Oct 2019 22:49:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726079AbfJ0FsR (ORCPT + 99 others); Sun, 27 Oct 2019 01:48:17 -0400 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:13490 "EHLO mail2-relais-roc.national.inria.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725935AbfJ0FsR (ORCPT ); Sun, 27 Oct 2019 01:48:17 -0400 X-IronPort-AV: E=Sophos;i="5.68,235,1569276000"; d="scan'208";a="408548235" Received: from ip-121.net-89-2-166.rev.numericable.fr (HELO hadrien) ([89.2.166.121]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Oct 2019 06:47:55 +0100 Date: Sun, 27 Oct 2019 06:47:55 +0100 (CET) From: Julia Lawall X-X-Sender: jll@hadrien To: Joe Perches cc: Andrew Morton , LKML , Dan Carpenter , Julia Lawall , Thomas Gleixner Subject: Re: [PATCH] kernel: sys.c: Avoid copying possible padding bytes in copy_to_user In-Reply-To: Message-ID: References: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 26 Oct 2019, Joe Perches wrote: > Initialization is not guaranteed to zero padding bytes so > use an explicit memset instead to avoid leaking any kernel > content in any possible padding bytes. Here is an extract of an email that I sent to Kees at one point that left me unsure about what should be done about these situations: From Kees: The only way to correctly handle this is: memset(&instance, 0, sizeof(instance)); instance.one = 1; From me: Actually, this document: https://wiki.sei.cmu.edu/confluence/display/c/DCL39-C.+Avoid+information+leakage+when+passing+a+structure+across+a+trust+boundary says that memset is a "noncompliant solution". They suggest declaring the structure as packed, as well as some other more unpleasant solutions. Their point is that 1 will be sitting in a register, and the assignment at least might copy the upper bytes of the register into the padding space. ------------------------- Is the memset solution nevertheless what is always wanted in the kernel when there is padding? thanks, julia