lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 13 Sep 2020 14:39:39 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     anant.thazhemadam@...il.com
Cc:     linux-kernel-mentees@...ts.linuxfoundation.org,
        syzbot+09a5d591c1f98cf5efcb@...kaller.appspotmail.com,
        kuba@...nel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] net: fix uninit value error in __sys_sendmmsg

From: Anant Thazhemadam <anant.thazhemadam@...il.com>
Date: Sun, 13 Sep 2020 16:33:13 +0530

> diff --git a/net/socket.c b/net/socket.c
> index 0c0144604f81..1e6f9b54982c 100644
> --- a/net/socket.c
> +++ b/net/socket.c
> @@ -2398,6 +2398,7 @@ static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
>  	struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
>  	ssize_t err;
>  
> +	memset(iov, 0, UIO_FASTIOV);
>  	msg_sys->msg_name = &address;

Did you even test this?

Seriously?

UIO_FASTIOV is the number of entries in 'iovstack', it's not the
size with would be "UIO_FASTIOV * sizeof (struct iovec)", or
even "sizeof(iovstack)"

So could you really explain to me how you tested this patch for
correctness, and for any functional or performance regressions
that may occur?

Because, once you correct that size argument to memset() we will now
have a huge memset() for _EVERY_ _SINGLE_ sendmsg() done by the
system.  And that will cause severe performance regressions for many
workloads involving networking.

This patch submission has been extremely careless on so many levels. I
sincerely wish you would take your time with these changes and not be
so lacking in the areas of testing and validation.

It is always a reg flag when a submitter doesn't even notice an
obvious compiler warning that reviewers like Greg and myself can see
even without trying to build your code changes.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ