| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aQtKFtETfGBOPpCV@horms.kernel.org> Date: Wed, 5 Nov 2025 12:59:02 +0000 From: Simon Horman <horms@...nel.org> To: Ranganath V N <vnranganath.20@...il.com> Cc: davem@...emloft.net, david.hunter.linux@...il.com, edumazet@...gle.com, jhs@...atatu.com, jiri@...nulli.us, khalid@...nel.org, kuba@...nel.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, pabeni@...hat.com, skhan@...uxfoundation.org, syzbot+0c85cae3350b7d486aee@...kaller.appspotmail.com, xiyou.wangcong@...il.com Subject: Re: [PATCH v2 0/2] net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak On Wed, Nov 05, 2025 at 03:33:58PM +0530, Ranganath V N wrote: > On 11/4/25 19:38, Simon Horman wrote: > > On Sat, Nov 01, 2025 at 06:04:46PM +0530, Ranganath V N wrote: > >> Fix a KMSAN kernel-infoleak detected by the syzbot . > >> > >> [net?] KMSAN: kernel-infoleak in __skb_datagram_iter > >> > >> In tcf_ife_dump(), the variable 'opt' was partially initialized using a > >> designatied initializer. While the padding bytes are reamined > >> uninitialized. nla_put() copies the entire structure into a > >> netlink message, these uninitialized bytes leaked to userspace. > >> > >> Initialize the structure with memset before assigning its fields > >> to ensure all members and padding are cleared prior to beign copied. > > > > Perhaps not important, but this seems to only describe patch 1/2. > > > >> > >> Signed-off-by: Ranganath V N <vnranganath.20@...il.com> > > > > Sorry for not looking more carefully at v1. > > > > The presence of this padding seems pretty subtle to me. > > And while I agree that your change fixes the problem described. > > I wonder if it would be better to make things more obvious > > by adding a 2-byte pad member to the structures involved. > > Thanks for the input. > > One question ā even though adding a 2-byte `pad` field silences KMSAN, > would that approach be reliable across all architectures? > Since the actual amount and placement of padding can vary depending on > structure alignment and compiler behavior, Iām wondering if this would only > silence the report on certain builds rather than fixing the root cause. > > The current memset-based initialization explicitly clears all bytes in the > structure (including any compiler-inserted padding), which seems safer and > more consistent across architectures. > > Also, adding a new member ā even a padding field ā could potentially alter > the structure size or layout as seen from user space. That might > unintentionally affect existing user-space expectations. > > Do you think relying on a manual pad field is good enough? I think these are the right questions to ask. My thinking is that structures will be padded to a multiple of either 4 or 8 bytes, depending on the architecture. And my observation is that that the unpadded length of both of the structures in question are 22 bytes. And that on x86_64 they are padded to 24 bytes. Which is divisible by both 4 and 8. So I assume this will be consistent for all architectures. If so, I think this would address the questions you raised. I do, however, agree that your current memset-based approach is safer in the sense that it carries a lower risk of breaking things because it has fewer assumptions (that we have thought of so far).
Powered by blists - more mailing lists