Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp2257036ybf; Mon, 2 Mar 2020 05:12:32 -0800 (PST) X-Google-Smtp-Source: APXvYqwmxj8HzkSwryLqPNrn+DQyrJ2x8Tstc1v2Dn01TItpgOgsL2PKimErA+QfGSYfYZ0wDHt1 X-Received: by 2002:a05:6808:153:: with SMTP id h19mr11135368oie.80.1583154752097; Mon, 02 Mar 2020 05:12:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583154752; cv=none; d=google.com; s=arc-20160816; b=gvrWTlFtbDl7NR7GYvKy0PH1AK58hKz0ky5aQ16mzL8Z7jwmV+2LuHNfWL0s3Bs7cm fBkFz/Ozv96gQLhz1/KL7NjWoKGNcGfOlJ5uCQzMc23/zy/L2HkGKjJuvcg58Qs91iAq FD5uAYctArVXof0W6GlabxX0NySOph++l8j6Ht+91sbIkCZHWSFD5UkJdsNyu0q8HjcW xjHsO5eRNLXQUMr2ZVCaLg3Hd+4iq6nHLBdHSIFIT+Zrz9FqfHfUYgVVLPUu9UqobSmM eM/wPHm7yi9/Kd7VHRzkaV1CtVE5BjSAMPOUOMmepjOUmB/OdLWkLVcHFQCJN73tuTq/ hdtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=V1m+8doPwyhvV67wlMq7PVjZd9WAT5K9BqdEzWRwYNg=; b=FkSbdh+xwEuh4Ja5x4sW2lVms/u3xxZCZ20SoisUhtqcDX6b90CWFcm3ubfT2SMh9+ VEE7n6IQv6MqTh8SMNp41Qp1/ih5eoYulk4AazAYuyRX51bkWGnRhNcQU95kL6oz8GCo E3HzXGSObRf76lDWcrEiXuv42/u1+y61Alg1m2WzsDbG4BhzYLVZ8x7GOPd030MSDXPP DYzJSsE7+aOT0olL/5qd9KisYP6g48q/V3y+TTtqXSl8JxhwOytRKSycFfTrcUn+I/3L xRz5Tpc1hcdBrbj6Yb5YAQtQBlj7VnryVHPZ3lxOXnu+SdndD72GW21oPYkQ4bnx2OG4 6USA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b22si1779697oib.160.2020.03.02.05.12.19; Mon, 02 Mar 2020 05:12:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727829AbgCBNLc (ORCPT + 99 others); Mon, 2 Mar 2020 08:11:32 -0500 Received: from smtprelay0141.hostedemail.com ([216.40.44.141]:45496 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727334AbgCBNLc (ORCPT ); Mon, 2 Mar 2020 08:11:32 -0500 Received: from filter.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay02.hostedemail.com (Postfix) with ESMTP id E6E32B2BE; Mon, 2 Mar 2020 13:11:30 +0000 (UTC) X-Session-Marker: 6A6F6540706572636865732E636F6D X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,joe@perches.com,,RULES_HIT:41:355:379:599:800:973:988:989:1260:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1534:1541:1593:1594:1711:1730:1747:1777:1792:2393:2559:2562:2828:3138:3139:3140:3141:3142:3352:3622:3865:3867:3870:3872:4321:5007:7903:10004:10400:10848:11026:11232:11473:11658:11914:12048:12296:12297:12438:12740:12760:12895:13069:13311:13357:13439:14096:14097:14181:14659:14721:21080:21433:21611:21627:21990:30054:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:2,LUA_SUMMARY:none X-HE-Tag: teeth95_644aa53c30800 X-Filterd-Recvd-Size: 2034 Received: from XPS-9350.home (unknown [47.151.143.254]) (Authenticated sender: joe@perches.com) by omf08.hostedemail.com (Postfix) with ESMTPA; Mon, 2 Mar 2020 13:11:29 +0000 (UTC) Message-ID: <0eaac427354844a4fcfb0d9843cf3024c6af21df.camel@perches.com> Subject: Re: [PATCH v2 2/3] binder: do not initialize locals passed to copy_from_user() From: Joe Perches To: glider@google.com, tkjos@google.com, keescook@chromium.org, gregkh@linuxfoundation.org, arve@android.com, mingo@redhat.com Cc: dvyukov@google.com, jannh@google.com, devel@driverdev.osuosl.org, peterz@infradead.org, linux-kernel@vger.kernel.org Date: Mon, 02 Mar 2020 05:09:58 -0800 In-Reply-To: <20200302130430.201037-2-glider@google.com> References: <20200302130430.201037-1-glider@google.com> <20200302130430.201037-2-glider@google.com> Content-Type: text/plain; charset="ISO-8859-1" User-Agent: Evolution 3.34.1-2 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2020-03-02 at 14:04 +0100, glider@google.com wrote: > Certain copy_from_user() invocations in binder.c are known to > unconditionally initialize locals before their first use, like e.g. in > the following case: [] > diff --git a/drivers/android/binder.c b/drivers/android/binder.c [] > @@ -3788,7 +3788,7 @@ static int binder_thread_write(struct binder_proc *proc, > > case BC_TRANSACTION_SG: > case BC_REPLY_SG: { > - struct binder_transaction_data_sg tr; > + struct binder_transaction_data_sg tr __no_initialize; > > if (copy_from_user(&tr, ptr, sizeof(tr))) I fail to see any value in marking tr with __no_initialize when it's immediately written to by copy_from_user. > return -EFAULT; > @@ -3799,7 +3799,7 @@ static int binder_thread_write(struct binder_proc *proc, > } > case BC_TRANSACTION: > case BC_REPLY: { > - struct binder_transaction_data tr; > + struct binder_transaction_data tr __no_initialize; > > if (copy_from_user(&tr, ptr, sizeof(tr))) etc...