Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3076326pxf; Sun, 21 Mar 2021 18:09:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyE94wgwYdNZJctQMFBZprr6jnIBRHKSb0sXxiBURW4zN5PdKchxfPK/X7xe+F7rDxbw2XE X-Received: by 2002:a17:906:3544:: with SMTP id s4mr14466413eja.73.1616375375833; Sun, 21 Mar 2021 18:09:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616375375; cv=none; d=google.com; s=arc-20160816; b=gnt6rEOUgs+GS7y+sxYZw7tA5XBNwcpRshBVrVOKql9Gt7L7ua3H8k/izX1+Vg2DyP Kv+Y1LGYc/o6UpPVOJl9emFPC4S4tdhVkbty7y0hJt9CifTCQgnZA/IaORZgmFplNR1K FdHcRNGNcBbNgrqhD02eu/YW3i0WAUFJ/5P91U6nX4mUlY1yiwub82WCA6SfzZIuvZNp cqs5GfTi3Aoq0bovPA/+nIc4E5vZVBhuSqi6cydLELGcyGxX9/go2kpgTW8PyuEtHmj1 Qn7SBYgO3pNtxsI54fbIVwAmwMzgRg6aYMzaH6w4bAZ++dzuwV8kW33+mhI+ZOFWmwx7 bPqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=xhXt1FGcb/LZno/gC2lXGpxdzYQ5CNgHFefjTz8i1cE=; b=ZzdFhaVFh9iklruyK39yPCz0/cvqcYM8RNPQJT3ZQQSv3Fc35GcJAd1sEpEIMGozh0 7EMfhCcfU/+s5+0Q27QrgQt1wvAtQstBzvAraz+Psl0kSF0lKn3yXxt/BPF2KYFzfkp9 h80uJi8y/t9+ltbpupJkm8exlgys7iSDJkDgPrSTMpEEJ7PjhWMmy/7SXpjYLZ+9dqka FwBOKjvod4dLJrq9rvWzyKb1BjjXPjY9/r1Y6n3tcO/x7GkhCZHeqGPfFbIf6oKC0J0m bf0Gk/Q6mt8cuH+C8hKj4zb9BkVMTtWhwAyCOa3lxqx2gE4fjUECMh9u2XdmpuE2WqmS OLpA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="W/gvUx58"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z31si9836129ede.226.2021.03.21.18.09.13; Sun, 21 Mar 2021 18:09:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="W/gvUx58"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229894AbhCVBIL (ORCPT + 99 others); Sun, 21 Mar 2021 21:08:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46290 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229872AbhCVBHt (ORCPT ); Sun, 21 Mar 2021 21:07:49 -0400 Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E369EC061574; Sun, 21 Mar 2021 18:07:48 -0700 (PDT) Received: by mail-pj1-x102d.google.com with SMTP id il9-20020a17090b1649b0290114bcb0d6c2so2245688pjb.0; Sun, 21 Mar 2021 18:07:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xhXt1FGcb/LZno/gC2lXGpxdzYQ5CNgHFefjTz8i1cE=; b=W/gvUx583+bd2MCxyqj0q6RMqNs8nRP96JWMlaeB+CPksNRS7jz7Hbu+rpex8aBHDl +MP3riYtIzJVWQzocy2aX2HdbP56o6XWo96mYKJTzsURpHZGgMfESES5joojfP9yg/3l cWlzikLethtROV29IExdJXobOqd3QfjdI5lKQmBxrJRlHkHzB+MDwyscck4aA/FvlWqa /3S0jA8JsXeSEeBof7qWCUkmKq0QyfvAmi+4leTcx47a0yrtm0/DYUyWZOEnZMKwav/y yfmwF4V0SxuzwQaYFXl9XBhvTCbVHdzIEkDKUv2naukdSM1pxKEemiAlxgpRbTxNCW+N iw2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xhXt1FGcb/LZno/gC2lXGpxdzYQ5CNgHFefjTz8i1cE=; b=JNyBZDhxllQyIjF5DJhxqC4PlzF5EQEUHK58u/H+BLI1UOKkisce2Ed5CuM3L8BQZ1 ZdTTu0dRBNU17j/Qafr/1zRerZ9OzVlUU3Cq62i8qeD64xSg/5/lTKVKRiDbJWi9euFP vFmdxJ8UPGEicj+AWRRieTvQ4YZs8fR+ebvlLWhRnx1oNI1LkLef3+SM/uqcX9zKy/1k iVd6K7XDJ6q8ig4ofdxDxE04f1f67u2dAEghgxW8VFyVx26o12QySaorso4hZ7UlEHhN 3E/UUfiuK58Tp6H9ymChXI4Hgh4PsG8Oh4wzlIfHQNaPHwZxCoTodLHM52briWHZUntd Z4yA== X-Gm-Message-State: AOAM530GbezsisP9djtEBsdpXqV2Ep0xnwv8pE9CSXXdloK/ZTVhDziM +DUc3z00Yo5bYh/0KFQxU7KOU0/xRquSAohGfKQ= X-Received: by 2002:a17:90a:ce92:: with SMTP id g18mr10704541pju.52.1616375268541; Sun, 21 Mar 2021 18:07:48 -0700 (PDT) MIME-Version: 1.0 References: <20210321163210.GC26497@amd> In-Reply-To: <20210321163210.GC26497@amd> From: Cong Wang Date: Sun, 21 Mar 2021 18:07:37 -0700 Message-ID: Subject: Re: net/dev: fix information leak to userspace To: Pavel Machek Cc: kernel list , "David S. Miller" , Jakub Kicinski , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Eric Dumazet , Wei Wang , Cong Wang , Taehee Yoo , =?UTF-8?B?QmrDtnJuIFTDtnBlbA==?= , Linux Kernel Network Developers Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Mar 21, 2021 at 9:34 AM Pavel Machek wrote: > > dev_get_mac_address() does not always initialize whole > structure. Unfortunately, other code copies such structure to > userspace, leaking information. Fix it. Well, most callers already initialize it with a memset() or copy_from_user(), for example, __tun_chr_ioctl(): if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || (_IOC_TYPE(cmd) == SOCK_IOC_TYPE && cmd != SIOCGSKNS)) { if (copy_from_user(&ifr, argp, ifreq_len)) return -EFAULT; } else { memset(&ifr, 0, sizeof(ifr)); } Except tap_ioctl(), but we can just initialize 'sa' there instead of doing it in dev_get_mac_address(). Thanks.