| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<BL1PR11MB5979690F05AA49123A47C37E8643A@BL1PR11MB5979.namprd11.prod.outlook.com>
Date: Thu, 3 Jul 2025 11:09:10 +0000
From: "Xu, Lizhi" <Lizhi.Xu@...driver.com>
To: Greg KH <greg@...ah.com>
CC: Stephen Rothwell <sfr@...b.auug.org.au>, Arnd Bergmann <arnd@...db.de>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux Next Mailing
List <linux-next@...r.kernel.org>
Subject:
回复: 回复: 回复: linux-next: build failure after merge of the char-misc tree
Please read the context carefully, and you will understand that this is
where everything starts. In the code before memset, the ev variable only
initializes the members of its member hdr.
Originally, "struct vmci_event_ctx ev = {0};" could be used to solve this
problem. After careful analysis, I can clearly see that the data after the
ev member hdr is not fully initialized, so memset() is used to set the
uninitialized data after the hdr member in ev to 0.
context: drivers/misc/vmw_vmci/vmci_context.c
2 for (i = 0; i < array_size; i++) {
1 int result;
248 struct vmci_event_ctx ev;
1
2 ev.msg.hdr.dst = vmci_handle_arr_get_entry(subscriber_array, i);
3 ev.msg.hdr.src = vmci_make_handle(VMCI_HYPERVISOR_CONTEXT_ID,
4 VMCI_CONTEXT_RESOURCE_ID);
5 ev.msg.hdr.payload_size = sizeof(ev) - sizeof(ev.msg.hdr);
+ memset((char*)&ev + sizeof(ev.msg.hdr), 0, ev.msg.hdr.payload_size);
6 ev.msg.event_data.event = VMCI_EVENT_CTX_REMOVED;
7 ev.payload.context_id = context_id;
8
9 result = vmci_datagram_dispatch(VMCI_HYPERVISOR_CONTEXT_ID,
10 &ev.msg.hdr, false);
11 if (result < VMCI_SUCCESS) {
12 pr_devel("Failed to enqueue event datagram (type=%d) for context (ID=0x%x)\n",
13 ev.msg.event_data.event,
14 ev.msg.hdr.dst.context);
15 /* We continue to enqueue on next subscriber. */
16 }
17 }
________________________________________
发件人: Greg KH <greg@...ah.com>
发送时间: 2025年7月3日 18:03
收件人: Xu, Lizhi
抄送: Stephen Rothwell; Arnd Bergmann; Linux Kernel Mailing List; Linux Next Mailing List
主题: Re: 回复: 回复: linux-next: build failure after merge of the char-misc tree
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.
A: http://en.wikipedia.org/wiki/Top_post
Q: Were do I find info about this thing called top-posting?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
A: No.
Q: Should I include quotations after my reply?
http://daringfireball.net/2007/07/on_top
On Thu, Jul 03, 2025 at 09:44:13AM +0000, Xu, Lizhi wrote:
>
> Perhaps you can focus on "struct vmci_event_ctx", whose members have already clearly defined which are the payloads.
I do not understand this statement at all, sorry.
> On the other hand, the purpose of the patch is to prevent the data in "struct vmci_event_ctx" from being initialized before the datagram is sent, thus preventing the uninitialized data from leaking to user space.
Great, then do this properly, again, you are just "guessing" that there
is not going to be any padding between the structures. Are you sure
there isn't? How? Where is that enforced in your patch?
thanks,
greg k-h
Powered by blists - more mailing lists