| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 27 Oct 2019 06:47:55 +0100 (CET)
From: Julia Lawall <julia.lawall@...6.fr>
To: Joe Perches <joe@...ches.com>
cc: Andrew Morton <akpm@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Dan Carpenter <error27@...il.com>,
Julia Lawall <julia.lawall@...6.fr>,
Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] kernel: sys.c: Avoid copying possible padding bytes in
copy_to_user
On Sat, 26 Oct 2019, Joe Perches wrote:
> Initialization is not guaranteed to zero padding bytes so
> use an explicit memset instead to avoid leaking any kernel
> content in any possible padding bytes.
Here is an extract of an email that I sent to Kees at one point that left
me unsure about what should be done about these situations:
>From Kees:
The only way to correctly handle this is:
memset(&instance, 0, sizeof(instance));
instance.one = 1;
>From me:
Actually, this document:
https://wiki.sei.cmu.edu/confluence/display/c/DCL39-C.+Avoid+information+leakage+when+passing+a+structure+across+a+trust+boundary
says that memset is a "noncompliant solution". They suggest declaring the
structure as packed, as well as some other more unpleasant solutions.
Their point is that 1 will be sitting in a register, and the assignment at
least might copy the upper bytes of the register into the padding space.
-------------------------
Is the memset solution nevertheless what is always wanted in the kernel
when there is padding?
thanks,
julia
Powered by blists - more mailing lists