| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210410095149.3708143-1-phil@philpotter.co.uk>
Date: Sat, 10 Apr 2021 10:51:49 +0100
From: Phillip Potter <phil@...lpotter.co.uk>
To: davem@...emloft.net
Cc: kuba@...nel.org, willemb@...gle.com, linmiaohe@...wei.com,
edumazet@...gle.com, linyunsheng@...wei.com, alobakin@...me,
elver@...gle.com, gnault@...hat.com, dseok.yi@...sung.com,
viro@...iv.linux.org.uk, vladimir.oltean@....com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] net: core: sk_buff: zero-fill skb->data in __alloc_skb function
Zero-fill skb->data in __alloc_skb function of net/core/skbuff.c,
up to start of struct skb_shared_info bytes. Fixes a KMSAN-found
uninit-value bug reported by syzbot at:
https://syzkaller.appspot.com/bug?id=abe95dc3e3e9667fc23b8d81f29ecad95c6f106f
Reported-by: syzbot+2e406a9ac75bb71d4b7a@...kaller.appspotmail.com
Signed-off-by: Phillip Potter <phil@...lpotter.co.uk>
---
net/core/skbuff.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 785daff48030..9ac26cdb5417 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -215,6 +215,7 @@ struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
* to allow max possible filling before reallocation.
*/
size = SKB_WITH_OVERHEAD(ksize(data));
+ memset(data, 0, size);
prefetchw(data + size);
/*
--
2.30.2
Powered by blists - more mailing lists