| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250110033306-mutt-send-email-mst@kernel.org> Date: Fri, 10 Jan 2025 03:33:31 -0500 From: "Michael S. Tsirkin" <mst@...hat.com> To: Akihiko Odaki <akihiko.odaki@...nix.com> Cc: Willem de Bruijn <willemdebruijn.kernel@...il.com>, Jonathan Corbet <corbet@....net>, Jason Wang <jasowang@...hat.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Xuan Zhuo <xuanzhuo@...ux.alibaba.com>, Shuah Khan <shuah@...nel.org>, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org, linux-kselftest@...r.kernel.org, Yuri Benditovich <yuri.benditovich@...nix.com>, Andrew Melnychenko <andrew@...nix.com>, Stephen Hemminger <stephen@...workplumber.org>, gur.stavi@...wei.com, devel@...nix.com Subject: Re: [PATCH v2 2/3] tun: Pad virtio header with zero On Fri, Jan 10, 2025 at 01:38:06PM +0900, Akihiko Odaki wrote: > On 2025/01/09 21:46, Willem de Bruijn wrote: > > Akihiko Odaki wrote: > > > On 2025/01/09 16:31, Michael S. Tsirkin wrote: > > > > On Thu, Jan 09, 2025 at 03:58:44PM +0900, Akihiko Odaki wrote: > > > > > tun used to simply advance iov_iter when it needs to pad virtio header, > > > > > which leaves the garbage in the buffer as is. This is especially > > > > > problematic when tun starts to allow enabling the hash reporting > > > > > feature; even if the feature is enabled, the packet may lack a hash > > > > > value and may contain a hole in the virtio header because the packet > > > > > arrived before the feature gets enabled or does not contain the > > > > > header fields to be hashed. If the hole is not filled with zero, it is > > > > > impossible to tell if the packet lacks a hash value. > > > > Zero is a valid hash value, so cannot be used as an indication that > > hashing is inactive. > > Zeroing will initialize the hash_report field to > VIRTIO_NET_HASH_REPORT_NONE, which tells it does not have a hash value. > > > > > > > > In theory, a user of tun can fill the buffer with zero before calling > > > > > read() to avoid such a problem, but leaving the garbage in the buffer is > > > > > awkward anyway so fill the buffer in tun. > > > > > > > > > > Signed-off-by: Akihiko Odaki <akihiko.odaki@...nix.com> > > > > > > > > But if the user did it, you have just overwritten his value, > > > > did you not? > > > > > > Yes. but that means the user expects some part of buffer is not filled > > > after read() or recvmsg(). I'm a bit worried that not filling the buffer > > > may break assumptions others (especially the filesystem and socket > > > infrastructures in the kernel) may have. > > > > If this is user memory that is ignored by the kernel, just reflected > > back, then there is no need in general to zero it. There are many such > > instances, also in msg_control. > > More specifically, is there any instance of recvmsg() implementation which > returns N and does not fill the complete N bytes of msg_iter? The one in tun. It was a silly idea but it has been here for years now. > > > > If not zeroing leads to ambiguity with the new feature, that would be > > a reason to add it -- it is always safe to do so. > > > If we are really confident that it will not cause problems, this > > > behavior can be opt-in based on a flag or we can just write some > > > documentation warning userspace programmers to initialize the buffer.
Powered by blists - more mailing lists