| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Apr 2022 03:33:41 +0000
From: "Michael Kelley (LINUX)" <mikelley@...rosoft.com>
To: "Andrea Parri (Microsoft)" <parri.andrea@...il.com>,
KY Srinivasan <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Wei Liu <wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>,
Stefano Garzarella <sgarzare@...hat.com>,
David Miller <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>
CC: "linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>,
"virtualization@...ts.linux-foundation.org"
<virtualization@...ts.linux-foundation.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [RFC PATCH 4/6] hv_sock: Initialize send_buf in
hvs_stream_enqueue()
From: Andrea Parri (Microsoft) <parri.andrea@...il.com> Sent: Wednesday, April 13, 2022 1:48 PM
>
> So that padding or uninitialized bytes can't leak guest memory contents.
>
> Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@...il.com>
> ---
> net/vmw_vsock/hyperv_transport.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transport.c
> index 092cadc2c866d..72ce00928c8e7 100644
> --- a/net/vmw_vsock/hyperv_transport.c
> +++ b/net/vmw_vsock/hyperv_transport.c
> @@ -655,7 +655,7 @@ static ssize_t hvs_stream_enqueue(struct vsock_sock *vsk,
> struct msghdr *msg,
>
> BUILD_BUG_ON(sizeof(*send_buf) != HV_HYP_PAGE_SIZE);
>
> - send_buf = kmalloc(sizeof(*send_buf), GFP_KERNEL);
> + send_buf = kzalloc(sizeof(*send_buf), GFP_KERNEL);
Is this change really needed? All fields are explicitly initialized, and in the data
array, only the populated bytes are copied to the ring buffer. There should not
be any uninitialized values sent to the host. Zeroing the memory ahead of
time certainly provides an extra protection (particularly against padding bytes,
but there can't be any since the layout of the data is part of the protocol with
Hyper-V). It is expensive protection to zero out 16K+ bytes every time we send
out a small message.
Michael
> if (!send_buf)
> return -ENOMEM;
>
> --
> 2.25.1
Powered by blists - more mailing lists