| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6f33c048-81ad-4d15-872d-187e965e6d79@daynix.com> Date: Thu, 9 Jan 2025 18:36:52 +0900 From: Akihiko Odaki <akihiko.odaki@...nix.com> To: "Michael S. Tsirkin" <mst@...hat.com>, Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, linux-fsdevel@...r.kernel.org, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, netdev@...r.kernel.org Cc: Jonathan Corbet <corbet@....net>, Willem de Bruijn <willemdebruijn.kernel@...il.com>, Jason Wang <jasowang@...hat.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Xuan Zhuo <xuanzhuo@...ux.alibaba.com>, Shuah Khan <shuah@...nel.org>, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org, linux-kselftest@...r.kernel.org, Yuri Benditovich <yuri.benditovich@...nix.com>, Andrew Melnychenko <andrew@...nix.com>, Stephen Hemminger <stephen@...workplumber.org>, gur.stavi@...wei.com, devel@...nix.com Subject: Re: [PATCH v2 2/3] tun: Pad virtio header with zero On 2025/01/09 16:43, Michael S. Tsirkin wrote: > On Thu, Jan 09, 2025 at 04:41:50PM +0900, Akihiko Odaki wrote: >> On 2025/01/09 16:31, Michael S. Tsirkin wrote: >>> On Thu, Jan 09, 2025 at 03:58:44PM +0900, Akihiko Odaki wrote: >>>> tun used to simply advance iov_iter when it needs to pad virtio header, >>>> which leaves the garbage in the buffer as is. This is especially >>>> problematic when tun starts to allow enabling the hash reporting >>>> feature; even if the feature is enabled, the packet may lack a hash >>>> value and may contain a hole in the virtio header because the packet >>>> arrived before the feature gets enabled or does not contain the >>>> header fields to be hashed. If the hole is not filled with zero, it is >>>> impossible to tell if the packet lacks a hash value. >>>> >>>> In theory, a user of tun can fill the buffer with zero before calling >>>> read() to avoid such a problem, but leaving the garbage in the buffer is >>>> awkward anyway so fill the buffer in tun. >>>> >>>> Signed-off-by: Akihiko Odaki <akihiko.odaki@...nix.com> >>> >>> But if the user did it, you have just overwritten his value, >>> did you not? >> >> Yes. but that means the user expects some part of buffer is not filled after >> read() or recvmsg(). I'm a bit worried that not filling the buffer may break >> assumptions others (especially the filesystem and socket infrastructures in >> the kernel) may have. >> >> If we are really confident that it will not cause problems, this behavior >> can be opt-in based on a flag or we can just write some documentation >> warning userspace programmers to initialize the buffer. > > It's been like this for years, I'd say we wait until we know there's a problem? Perhaps we can just leave it as is. Let me ask filesystem and networking people: Is it OK to leave some part of buffer uninitialized with read_iter() or recvmsg()? > >>> >>>> --- >>>> drivers/net/tun_vnet.c | 3 ++- >>>> 1 file changed, 2 insertions(+), 1 deletion(-) >>>> >>>> diff --git a/drivers/net/tun_vnet.c b/drivers/net/tun_vnet.c >>>> index fe842df9e9ef..ffb2186facd3 100644 >>>> --- a/drivers/net/tun_vnet.c >>>> +++ b/drivers/net/tun_vnet.c >>>> @@ -138,7 +138,8 @@ int tun_vnet_hdr_put(int sz, struct iov_iter *iter, >>>> if (copy_to_iter(hdr, sizeof(*hdr), iter) != sizeof(*hdr)) >>>> return -EFAULT; >>>> - iov_iter_advance(iter, sz - sizeof(*hdr)); >>>> + if (iov_iter_zero(sz - sizeof(*hdr), iter) != sz - sizeof(*hdr)) >>>> + return -EFAULT; >>>> return 0; >>>> } >>>> >>>> -- >>>> 2.47.1 >>> >
Powered by blists - more mailing lists