| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b29a6c7c-7428-b98c-3a18-0ac892bfcda8@intel.com>
Date: Wed, 27 Jun 2018 16:07:15 -0700
From: Jesus Sanchez-Palencia <jesus.sanchez-palencia@...el.com>
To: Eric Dumazet <eric.dumazet@...il.com>, netdev@...r.kernel.org
Cc: tglx@...utronix.de, jan.altenberg@...utronix.de,
vinicius.gomes@...el.com, kurt.kanzenbach@...utronix.de,
henrik@...tad.us, richardcochran@...il.com,
ilias.apalodimas@...aro.org, ivan.khoronzhuk@...aro.org,
mlichvar@...hat.com, willemb@...gle.com, jhs@...atatu.com,
xiyou.wangcong@...il.com, jiri@...nulli.us
Subject: Re: [PATCH v1 net-next 02/14] net: Add a new socket option for a
future transmit time.
Hi Eric,
On 06/27/2018 03:16 PM, Eric Dumazet wrote:
>
>
> On 06/27/2018 02:59 PM, Jesus Sanchez-Palencia wrote:
>> From: Richard Cochran <rcochran@...utronix.de>
>>
>> This patch introduces SO_TXTIME. User space enables this option in
>> order to pass a desired future transmit time in a CMSG when calling
>> sendmsg(2). The argument to this socket option is a 6-bytes long struct
>> defined as:
>>
>> struct sock_txtime {
>> clockid_t clockid;
>> u16 flags;
>> };
>
> Note that sizeof(struct sock_txtime) is 8, not 6, because of alignments.
Oh yeah, sure.
>
> This means that your implementation of getsockopt(... SO_TXTIME )
> is probably leaking two bytes of kernel stack to user space.
I'm failing to see how... There is a memset() in sock.c:1147 clearing all the 8
bytes that we later use to (explicitly) assign each member of the struct. Aren't
the 2 extra bytes sanitized, then? What have I missed?
Thanks,
Jesus
Powered by blists - more mailing lists