| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Aug 2020 14:07:07 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: Jack Leadford <leadford.jack@...il.com>
Cc: Joe Perches <joe@...ches.com>, Leon Romanovsky <leon@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Peilin Ye <yepeilin.cs@...il.com>,
Santosh Shilimkar <santosh.shilimkar@...cle.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Dan Carpenter <dan.carpenter@...cle.com>,
Arnd Bergmann <arnd@...db.de>,
linux-kernel-mentees@...ts.linuxfoundation.org,
netdev@...r.kernel.org, linux-rdma@...r.kernel.org,
rds-devel@....oracle.com, linux-kernel@...r.kernel.org
Subject: Re: [Linux-kernel-mentees] [PATCH net] rds: Prevent kernel-infoleak
in rds_notify_queue_get()
On Sat, Aug 08, 2020 at 03:57:33PM -0700, Jack Leadford wrote:
> Hello!
>
> Thanks to Jason for getting this conversation back on track.
>
> Yes: in general, {} or a partial initializer /will/ zero padding bits.
>
> However, there is a bug in some versions of GCC where {} will /not/ zero
> padding bits; actually, Jason's test program in this mail
> https://lore.kernel.org/lkml/20200731143604.GF24045@ziepe.ca/
> has the right ingredients to trigger the bug, but the GCC
> versions used are outside of the bug window. :)
It seems fine, at least Godbolt doesn't show a bug with that code.
Can you share the test that does fail?
This seems like the sort of security sensitive bug that should be
addressed in gcc, not worked around in the kernel code :\
Jason
Powered by blists - more mailing lists