| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2dq3z3vil5vu2m4kbwdps2enozbqrzbp6fd2utdr6dj6kutzxf@f3vububg3s6j> Date: Tue, 26 Aug 2025 08:26:42 -0700 From: Breno Leitao <leitao@...ian.org> To: Mark Rutland <mark.rutland@....com> Cc: Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, kexec@...ts.infradead.org, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, bhe@...hat.com, oxu@...hat.com, berrange@...hat.com, kernel-team@...a.com, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [PATCH] arm64: kexec: Initialize kexec_buf struct in image_load() On Tue, Aug 26, 2025 at 03:40:22PM +0100, Mark Rutland wrote: > On Tue, Aug 26, 2025 at 05:08:51AM -0700, Breno Leitao wrote: > > The kexec_buf structure was previously declared without initialization > > in image_load(). This led to a UBSAN warning when the structure was > > expanded and uninitialized fields were accessed [1]. > > Just to check my understanding, is that only a problem for new fields > (e.g. the 'random' field added in [1]), or do we have UBSAN warnigns for > any existing fields? I assume there's no problem with existing fields > today. UBSAN is only complaning for this new field that was added to the struct, but only populated in x86, later it is read in in common code, causing UBSAN to complain (and even wrong code to be executed depending on the garabe that is in the memory during kbuf instantiation. > > Zero-initializing kexec_buf at declaration ensures all fields are > > cleanly set, preventing future instances of uninitialized memory being > > used. > > > > Andrew Morton suggested that this function is only called 3x a week[2], > > thus, the memset() cost is inexpressive. > > > > Link: https://lore.kernel.org/all/oninomspajhxp4omtdapxnckxydbk2nzmrix7rggmpukpnzadw@c67o7njgdgm3/ [1] > > Link: https://lore.kernel.org/all/20250825180531.94bfb86a26a43127c0a1296f@linux-foundation.org/ [2] > > Suggested-by: Andrew Morton <akpm@...ux-foundation.org> > > Signed-off-by: Breno Leitao <leitao@...ian.org> > > This looks fine to me, but I reckon it should be added to the series > which extends kexec_buf, unless there's some reason to avoid that? > > > --- > > arch/arm64/kernel/kexec_image.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > IIUC arch/arm64/kernel/machine_kexec_file.c would need the same > treatment in load_other_segments(). > > If other architectures need this, it'd probably make sense to clean that > up treewide in one go. It looks like at least riscv and s390 need that > from a quick grep: Agree. Let me send a v2 addressing it on all archicterures.
Powered by blists - more mailing lists