lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BN9PR11MB5276E8C09DF127D6B96FF7CB8CE62@BN9PR11MB5276.namprd11.prod.outlook.com>
Date: Tue, 21 Jan 2025 01:21:48 +0000
From: "Tian, Kevin" <kevin.tian@...el.com>
To: Nicolin Chen <nicolinc@...dia.com>, "jgg@...dia.com" <jgg@...dia.com>
CC: "baolu.lu@...ux.intel.com" <baolu.lu@...ux.intel.com>,
	"iommu@...ts.linux.dev" <iommu@...ts.linux.dev>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH rc v3] iommufd: Fix struct iommu_hwpt_pgfault init and
 padding

> From: Nicolin Chen <nicolinc@...dia.com>
> Sent: Tuesday, January 21, 2025 3:51 AM
> 
> The iommu_hwpt_pgfault is used to report IO page fault data to userspace,
> but iommufd_fault_fops_read was never zeroing its padding. This leaks the
> content of the kernel stack memory to userspace.
> 
> Meanwhile, although the padding could be done by the compiler, explicitly
> add a 32-bit padding. Also, change the __u64 addr to __aligned_u64.
> 
> pahole result, before:
> struct iommu_hwpt_pgfault {
>         __u32     flags;                /*     0     4 */
>         __u32     dev_id;               /*     4     4 */
>         __u32     pasid;                /*     8     4 */
>         __u32     grpid;                /*    12     4 */
>         __u32     perm;                 /*    16     4 */
> 
>         /* XXX 4 bytes hole, try to pack */
> 
>         __u64     addr;                 /*    24     8 */
>         __u32     length;               /*    32     4 */
>         __u32     cookie;               /*    36     4 */
> 
>         /* size: 40, cachelines: 1, members: 8 */
>         /* sum members: 36, holes: 1, sum holes: 4 */
>         /* last cacheline: 40 bytes */
> };
> 
> pahole result, after:
> struct iommu_hwpt_pgfault {
>         __u32      flags;                /*     0     4 */
>         __u32      dev_id;               /*     4     4 */
>         __u32      pasid;                /*     8     4 */
>         __u32      grpid;                /*    12     4 */
>         __u32      perm;                 /*    16     4 */
>         __u32      __reserved;           /*    20     4 */
>         __u64      addr __attribute__((__aligned__(8))); /*    24     8 */
>         __u32      length;               /*    32     4 */
>         __u32      cookie;               /*    36     4 */
> 
>         /* size: 40, cachelines: 1, members: 9 */
>         /* forced alignments: 1 */
>         /* last cacheline: 40 bytes */
> } __attribute__((__aligned__(8)));
> 
> Fixes: c714f15860fc ("iommufd: Add fault and response message definitions")
> Cc: stable@...r.kernel.org
> Reviewed-by: Jason Gunthorpe <jgg@...dia.com>
> Signed-off-by: Nicolin Chen <nicolinc@...dia.com>

Reviewed-by: Kevin Tian <kevin.tian@...el.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ