Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp2984736rwe; Mon, 29 Aug 2022 04:03:04 -0700 (PDT) X-Google-Smtp-Source: AA6agR6YX4AU9urnQoPd+JkCz/ESbgDwrE6gLK5bXletANGgfllCCEatQ2S0RzvjNM5LyIprJBfI X-Received: by 2002:a17:90b:3842:b0:1f5:32be:8a1a with SMTP id nl2-20020a17090b384200b001f532be8a1amr18190190pjb.130.1661770984511; Mon, 29 Aug 2022 04:03:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661770984; cv=none; d=google.com; s=arc-20160816; b=rRSj4DP6Zgpt4UJBbIRnTXYsSM59FMsekpx6omDz7xNi6OnxT30MsncbdA88Sr8PB8 M+EkMG8V6PL4vSyvk2NhiAcZeFPIol1UYSgwq9a2u7eFHzdWU9w1Z17nX/vn6Qbta4nG 6eA5thdQJMJ8qe5lwx3gUay+YChHrL75xlczMbgWlHh0/9EBTjIUk27UitqQPffxjkaU aEmCrqDI+IgbxlXPjExq/EzHeTQcSKI9/nKtHHCiwc7010JgxYM6McGmdB2SBuue82Fa C8xhcEVfHAqH0AGRT0yoU4uWStjX/mpBnjrvMLVyZ/ES1i+qk1/yfT7w7+rmueGqMXi0 GzvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=po8eVdAenbpKrCkz4JKlV6W49Tq/nrJ3pgXdtpOZ1o0=; b=lSq6oJ+quyDISWiJLKEDlmG6kR6fmc6WRvXNIARJEpDfPOqyQzt/BSiB24vsacF6Zj VKvSbCXc48cPslQ3rDUHaZYjzammoqTLa2zo8Chc0t+QiPFtegVH1F0IOMd91MRabN4B BIT/Cz+e4bK8f83ivohHrjs3w7L5BmXsp1uZrFQ9EhOkUUNQ8JGF1HTz0zTLAKyCeSq/ LZfXeS0dNyTagE8r6e8lqoTOPhV/CF1FvXwQDzqCnodu+shhb2a0pO9E+jvRoHgggZf1 8L2NAIs4CjaT8Tebm+Oj5eKA2C9jFvO0WsJrSFOamomxpIFup1fJnHGpYRs90AHo2/MS RFqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=xrNoYu+V; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ru22-20020a17090b2bd600b001fb7350cd1dsi8355699pjb.14.2022.08.29.04.02.51; Mon, 29 Aug 2022 04:03:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=xrNoYu+V; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229796AbiH2Kuh (ORCPT + 99 others); Mon, 29 Aug 2022 06:50:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59498 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229762AbiH2Kuf (ORCPT ); Mon, 29 Aug 2022 06:50:35 -0400 Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15ADB165AD for ; Mon, 29 Aug 2022 03:50:34 -0700 (PDT) Received: by mail-ej1-x62b.google.com with SMTP id fy31so14456781ejc.6 for ; Mon, 29 Aug 2022 03:50:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=po8eVdAenbpKrCkz4JKlV6W49Tq/nrJ3pgXdtpOZ1o0=; b=xrNoYu+VINF91H9AcGTj7e9utA7xAjnGhepEh7Mum1XaILF5AyXQ5ibbuXhZWPEhq4 eK21KTbO7NqEhG09xLeHr2y8gUKn/YoaQEPPZ8yzvnUajc5sWnJRCYHqN5sFkDA/r4VO B+a0My7gnXQxEvaLEsTVFINlKbj7KsTZQDUwQgr0VLDc3RVmKQr4YbIaZFFv43ZavPRV CRI+PipDvyypVALt2/ie8L577D7XpAgwDDOb26a3pu3dvtWAogkH2GW5n08HdYRuQoLe 9GAsOI/NOCUAE1QkRs8ouS6/15+vFINI9KYBUv19Cj2LXPHSsJfa6gVwkGXN14zCvg7d 974Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=po8eVdAenbpKrCkz4JKlV6W49Tq/nrJ3pgXdtpOZ1o0=; b=xfo7Sc26yaOHMqhqgwnhDPVlcRwmb+pVEHwI2y8Q8tzAMoIW3C4zAPWmbrbznVPw8b xTKE3FjgKRyGqVTVw2P1/HnUDk0RvlNRfKYXDoM4SouLCPJJ3do4erZ4TnO6ajT6S4Aq XZbhfv8YB3Xykuh995j/fC825A/cWzaMYj+PNh/1Fj/jaaZQZna04mMsjc2+kTU/LgwF /Ew+oxEQZcHfKiEO5tTgtbn68zo8STVnidsR6tiozh9NdRTJCHLLGSqnXYFHHSlAhGcC +tuP58n5UkhgJvRMlxibMxJ8b+4TPzdNca0u/lKhA+NJ4tGB6Yg7zM7tkJJYBald80hQ JAFg== X-Gm-Message-State: ACgBeo178QD1KP9KImNaldD/0i+axkLZhK5+f7QHTDvwVlAXGSnxaZV0 7H3jg6jQUHg0CYELWYVzXrL+GebnI4lUvyxYuDbg X-Received: by 2002:a17:906:ee8e:b0:730:4a24:f311 with SMTP id wt14-20020a170906ee8e00b007304a24f311mr13688565ejb.420.1661770232677; Mon, 29 Aug 2022 03:50:32 -0700 (PDT) MIME-Version: 1.0 References: <20220829073424.5677-1-maxime.coquelin@redhat.com> In-Reply-To: <20220829073424.5677-1-maxime.coquelin@redhat.com> From: Yongji Xie Date: Mon, 29 Aug 2022 18:50:08 +0800 Message-ID: Subject: Re: [PATCH v2] vduse: prevent uninitialized memory accesses To: Maxime Coquelin Cc: linux-kernel , virtualization , Eli Cohen , guanjun@linux.alibaba.com, Parav Pandit , gautam.dawar@xilinx.com, Dan Carpenter , Jason Wang , "Michael S. Tsirkin" , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 29, 2022 at 3:34 PM Maxime Coquelin wrote: > > If the VDUSE application provides a smaller config space > than the driver expects, the driver may use uninitialized > memory from the stack. > > This patch prevents it by initializing the buffer passed by > the driver to store the config value. > > This fix addresses CVE-2022-2308. > > Cc: xieyongji@bytedance.com > Cc: stable@vger.kernel.org # v5.15+ > Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace") > > Acked-by: Jason Wang > Signed-off-by: Maxime Coquelin Reviewed-by: Xie Yongji Thanks, Yongji