| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACGkMEt054F1AZP7V0ocbUce_AvQV_Cw-K21y7Ky1gWa=eSpCA@mail.gmail.com> Date: Wed, 9 Oct 2024 15:44:30 +0800 From: Jason Wang <jasowang@...hat.com> To: Akihiko Odaki <akihiko.odaki@...nix.com> Cc: Jonathan Corbet <corbet@....net>, Willem de Bruijn <willemdebruijn.kernel@...il.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, "Michael S. Tsirkin" <mst@...hat.com>, Xuan Zhuo <xuanzhuo@...ux.alibaba.com>, Shuah Khan <shuah@...nel.org>, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org, linux-kselftest@...r.kernel.org, Yuri Benditovich <yuri.benditovich@...nix.com>, Andrew Melnychenko <andrew@...nix.com>, Stephen Hemminger <stephen@...workplumber.org>, gur.stavi@...wei.com Subject: Re: [PATCH RFC v5 05/10] tun: Pad virtio header with zero On Tue, Oct 8, 2024 at 2:55 PM Akihiko Odaki <akihiko.odaki@...nix.com> wrote: > > tun used to simply advance iov_iter when it needs to pad virtio header, > which leaves the garbage in the buffer as is. This is especially > problematic when tun starts to allow enabling the hash reporting > feature; even if the feature is enabled, the packet may lack a hash > value and may contain a hole in the virtio header because the packet > arrived before the feature gets enabled or does not contain the > header fields to be hashed. If the hole is not filled with zero, it is > impossible to tell if the packet lacks a hash value. > > In theory, a user of tun can fill the buffer with zero before calling > read() to avoid such a problem, but leaving the garbage in the buffer is > awkward anyway so fill the buffer in tun. > > Signed-off-by: Akihiko Odaki <akihiko.odaki@...nix.com> This sounds like an independent fix that is worth going to -net first. Thanks > --- > drivers/net/tun_vnet.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/tun_vnet.h b/drivers/net/tun_vnet.h > index 7c7f3f6d85e9..c40bde0fdf8c 100644 > --- a/drivers/net/tun_vnet.h > +++ b/drivers/net/tun_vnet.h > @@ -138,7 +138,8 @@ static inline int tun_vnet_hdr_put(int sz, struct iov_iter *iter, > if (copy_to_iter(hdr, sizeof(*hdr), iter) != sizeof(*hdr)) > return -EFAULT; > > - iov_iter_advance(iter, sz - sizeof(*hdr)); > + if (iov_iter_zero(sz - sizeof(*hdr), iter) != sz - sizeof(*hdr)) > + return -EFAULT; > > return 0; > } > > -- > 2.46.2 >
Powered by blists - more mailing lists