Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp2597432ybg; Fri, 31 Jul 2020 05:02:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyWtICLZavOqpMDcWpp7RVo0OHkyg8qiKTGXijzhssMwEThWFdJBN8+hDPXpJhpX+6H44C+ X-Received: by 2002:a17:906:27d7:: with SMTP id k23mr3671987ejc.74.1596196942079; Fri, 31 Jul 2020 05:02:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596196942; cv=none; d=google.com; s=arc-20160816; b=y6UeVwFqpoErjd3GC2+V7ZTaA6Vzoh4UKLhZVe4+K/YeKV3SjxhZ/3O1jE9rEO9zvM jCZGIFv0dwW/dDzAo0w4Khh/PYSQk3kPPzMULzYCv0PlLpOhVQLSRkpFl4MSlD0qjpkG mooDJ6kdLfyEOTjv4d/mWDtFa93IylZdzNoH7YCexPvWnQjrM1Zve9LQIJs/kc/5xEr5 reREOZiU4Tih/Q7qe2MC4vhnkrnkUJs2AouPS15KTVCGyGxAk4/uVQ4iYtlwJ3XRaUjZ CeFfX6aGK/yGgZSXcehVHhuRU2XNAFWCORydm87LUxhsEq2dBpkhyuQgf8F5M/+0G8/k xNFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=PXfC76SdRKbBrIzfuiL60tN5UzYdF/9hEk3ckBimZjY=; b=UcLqBfgEY0lRVTHqoUrePfvsSZ7b2qcvoCe9ijEP+5kD6Ax5NqzJCbcK0tTKj5Yfm1 LW9GejS8/AbxPC2aavgn5f4KJNO5gd7lEIBvKc8VpE4Qefu94n0Izcq3rnP33mBn5tIo GtKzBlqUS7FhkUEIixEfL1EfrI8ELWozW5doUVjoMrMzuj81Jc5ibQ2mz708dH7C53YE chcFgRlAe+DokqkJRER3Y5osRzVktA9tBEPELSd8E5hrwuT7JwRnDXy4KinRB+CXI3Ps y4ap3eUcZEy2VBlmlrkxTAVZQzRw1rmk4zSQr/qB1mDOJkVyy6lFC9WjVl753cgKBmBx 3fPA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cGisF+dj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n15si5273471eje.289.2020.07.31.05.01.57; Fri, 31 Jul 2020 05:02:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cGisF+dj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732907AbgGaL7X (ORCPT + 99 others); Fri, 31 Jul 2020 07:59:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:52684 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732689AbgGaL7X (ORCPT ); Fri, 31 Jul 2020 07:59:23 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5757222B40; Fri, 31 Jul 2020 11:59:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596196762; bh=b+H2aGZZOROnQ/51JKv6Xi/z1ePZ0oxtoEognaZJMIQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=cGisF+djPeQZoIGyDlgzXQSa9HruHrtWGR7CV62J+NtSeFm3+xLraywyTwdWedwLu FtOiv0kaw5g7NAOAct73ZpIb+xgN1/fSFHo17CeZJwYihaMKUlPRcd5m+gKFyWPPqa Sj7DvKxXFeso1O8xUXs0QcVnvmEoZe563KFz6qx0= Date: Fri, 31 Jul 2020 13:59:09 +0200 From: Greg Kroah-Hartman To: =?iso-8859-1?Q?H=E5kon?= Bugge Cc: Dan Carpenter , Leon Romanovsky , Peilin Ye , Santosh Shilimkar , "David S. Miller" , Jakub Kicinski , Arnd Bergmann , linux-kernel-mentees@lists.linuxfoundation.org, netdev@vger.kernel.org, OFED mailing list , rds-devel@oss.oracle.com, linux-kernel@vger.kernel.org Subject: Re: [Linux-kernel-mentees] [PATCH net] rds: Prevent kernel-infoleak in rds_notify_queue_get() Message-ID: <20200731115909.GA1649637@kroah.com> References: <20200730192026.110246-1-yepeilin.cs@gmail.com> <20200731045301.GI75549@unreal> <20200731095943.GI5493@kadam> <81B40AF5-EBCA-4628-8CF6-687C12134552@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <81B40AF5-EBCA-4628-8CF6-687C12134552@oracle.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 31, 2020 at 01:14:09PM +0200, H?kon Bugge wrote: > > > > On 31 Jul 2020, at 11:59, Dan Carpenter wrote: > > > > On Fri, Jul 31, 2020 at 07:53:01AM +0300, Leon Romanovsky wrote: > >> On Thu, Jul 30, 2020 at 03:20:26PM -0400, Peilin Ye wrote: > >>> rds_notify_queue_get() is potentially copying uninitialized kernel stack > >>> memory to userspace since the compiler may leave a 4-byte hole at the end > >>> of `cmsg`. > >>> > >>> In 2016 we tried to fix this issue by doing `= { 0 };` on `cmsg`, which > >>> unfortunately does not always initialize that 4-byte hole. Fix it by using > >>> memset() instead. > >> > >> Of course, this is the difference between "{ 0 }" and "{}" initializations. > >> > > > > No, there is no difference. Even struct assignments like: > > > > foo = *bar; > > > > can leave struct holes uninitialized. Depending on the compiler the > > assignment can be implemented as a memset() or as a series of struct > > member assignments. > > What about: > > struct rds_rdma_notify { > __u64 user_token; > __s32 status; > } __attribute__((packed)); Why is this still a discussion at all? Try it and see, run pahole and see if there are holes in this structure (odds are no), you don't need us to say what is happening here... thanks, greg k-h