From: Peilin Ye <yepeilin.cs@gmail.com>
To: Song Liu <song@kernel.org>
Cc: "Björn Töpel" <bjorn.topel@intel.com>,
"Magnus Karlsson" <magnus.karlsson@intel.com>,
"Jonathan Lemon" <jonathan.lemon@gmail.com>,
"Dan Carpenter" <dan.carpenter@oracle.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"David S. Miller" <davem@davemloft.net>,
"Jakub Kicinski" <kuba@kernel.org>,
"Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Jesper Dangaard Brouer" <hawk@kernel.org>,
"John Fastabend" <john.fastabend@gmail.com>,
"Martin KaFai Lau" <kafai@fb.com>,
"Song Liu" <songliubraving@fb.com>, "Yonghong Song" <yhs@fb.com>,
"Andrii Nakryiko" <andriin@fb.com>,
"KP Singh" <kpsingh@chromium.org>,
linux-kernel-mentees@lists.linuxfoundation.org,
Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
"open list" <linux-kernel@vger.kernel.org>
Subject: Re: [Linux-kernel-mentees] [PATCH net] xdp: Prevent kernel-infoleak in xsk_getsockopt()
Date: Tue, 28 Jul 2020 01:25:12 -0400 [thread overview]
Message-ID: <20200728052512.GA404005@PWN> (raw)
In-Reply-To: <CAPhsuW7L6KWAM55=oLgQ2MtoJOB9i4mwZHOVF+KJj7W5ht_+YQ@mail.gmail.com>
On Mon, Jul 27, 2020 at 10:07:20PM -0700, Song Liu wrote:
> On Mon, Jul 27, 2020 at 7:30 PM Peilin Ye <yepeilin.cs@gmail.com> wrote:
> >
> > xsk_getsockopt() is copying uninitialized stack memory to userspace when
> > `extra_stats` is `false`. Fix it by initializing `stats` with memset().
> >
> > Cc: stable@vger.kernel.org
>
> 8aa5a33578e9 is not in stable branches yet, so we don't need to Cc stable.
>
> > Fixes: 8aa5a33578e9 ("xsk: Add new statistics")
> > Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
> > ---
> > net/xdp/xsk.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
> > index 26e3bba8c204..acf001908a0d 100644
> > --- a/net/xdp/xsk.c
> > +++ b/net/xdp/xsk.c
> > @@ -844,6 +844,8 @@ static int xsk_getsockopt(struct socket *sock, int level, int optname,
> > bool extra_stats = true;
> > size_t stats_size;
> >
> > + memset(&stats, 0, sizeof(stats));
> > +
>
> xsk.c doesn't include linux/string.h directly, so using memset may break
> build for some config combinations. We can probably just use
>
> struct xdp_statistics stats = {};
I see. I will send v2 soon. Thank you for reviewing the patch!
Peilin Ye
WARNING: multiple messages have this Message-ID (diff)
From: Peilin Ye <yepeilin.cs@gmail.com>
To: Song Liu <song@kernel.org>
Cc: "Song Liu" <songliubraving@fb.com>,
"open list" <linux-kernel@vger.kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Arnd Bergmann" <arnd@arndb.de>,
"John Fastabend" <john.fastabend@gmail.com>,
"Alexei Starovoitov" <ast@kernel.org>,
"Martin KaFai Lau" <kafai@fb.com>, "Yonghong Song" <yhs@fb.com>,
linux-kernel-mentees@lists.linuxfoundation.org,
Networking <netdev@vger.kernel.org>,
"Magnus Karlsson" <magnus.karlsson@intel.com>,
"Jonathan Lemon" <jonathan.lemon@gmail.com>,
"KP Singh" <kpsingh@chromium.org>,
"Jakub Kicinski" <kuba@kernel.org>, bpf <bpf@vger.kernel.org>,
"Björn Töpel" <bjorn.topel@intel.com>,
"Andrii Nakryiko" <andriin@fb.com>,
"David S. Miller" <davem@davemloft.net>,
"Dan Carpenter" <dan.carpenter@oracle.com>,
"Jesper Dangaard Brouer" <hawk@kernel.org>
Subject: Re: [Linux-kernel-mentees] [PATCH net] xdp: Prevent kernel-infoleak in xsk_getsockopt()
Date: Tue, 28 Jul 2020 01:25:12 -0400 [thread overview]
Message-ID: <20200728052512.GA404005@PWN> (raw)
In-Reply-To: <CAPhsuW7L6KWAM55=oLgQ2MtoJOB9i4mwZHOVF+KJj7W5ht_+YQ@mail.gmail.com>
On Mon, Jul 27, 2020 at 10:07:20PM -0700, Song Liu wrote:
> On Mon, Jul 27, 2020 at 7:30 PM Peilin Ye <yepeilin.cs@gmail.com> wrote:
> >
> > xsk_getsockopt() is copying uninitialized stack memory to userspace when
> > `extra_stats` is `false`. Fix it by initializing `stats` with memset().
> >
> > Cc: stable@vger.kernel.org
>
> 8aa5a33578e9 is not in stable branches yet, so we don't need to Cc stable.
>
> > Fixes: 8aa5a33578e9 ("xsk: Add new statistics")
> > Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
> > ---
> > net/xdp/xsk.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
> > index 26e3bba8c204..acf001908a0d 100644
> > --- a/net/xdp/xsk.c
> > +++ b/net/xdp/xsk.c
> > @@ -844,6 +844,8 @@ static int xsk_getsockopt(struct socket *sock, int level, int optname,
> > bool extra_stats = true;
> > size_t stats_size;
> >
> > + memset(&stats, 0, sizeof(stats));
> > +
>
> xsk.c doesn't include linux/string.h directly, so using memset may break
> build for some config combinations. We can probably just use
>
> struct xdp_statistics stats = {};
I see. I will send v2 soon. Thank you for reviewing the patch!
Peilin Ye
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
next prev parent reply other threads:[~2020-07-28 5:25 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-28 2:28 [Linux-kernel-mentees] [PATCH net] xdp: Prevent kernel-infoleak in xsk_getsockopt() Peilin Ye
2020-07-28 2:28 ` Peilin Ye
2020-07-28 5:07 ` Song Liu
2020-07-28 5:07 ` Song Liu
2020-07-28 5:25 ` Peilin Ye [this message]
2020-07-28 5:25 ` Peilin Ye
2020-07-28 5:36 ` [Linux-kernel-mentees] [PATCH net v2] " Peilin Ye
2020-07-28 5:36 ` Peilin Ye
2020-07-28 6:13 ` Björn Töpel
2020-07-28 6:13 ` Björn Töpel
2020-07-28 6:15 ` Song Liu
2020-07-28 6:15 ` Song Liu via Linux-kernel-mentees
2020-07-28 7:34 ` Arnd Bergmann
2020-07-28 7:34 ` Arnd Bergmann
2020-07-28 10:53 ` Daniel Borkmann
2020-07-28 10:53 ` Daniel Borkmann
2020-07-28 11:07 ` Peilin Ye
2020-07-28 11:07 ` Peilin Ye
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200728052512.GA404005@PWN \
--to=yepeilin.cs@gmail.com \
--cc=andriin@fb.com \
--cc=arnd@arndb.de \
--cc=ast@kernel.org \
--cc=bjorn.topel@intel.com \
--cc=bpf@vger.kernel.org \
--cc=dan.carpenter@oracle.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=hawk@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=jonathan.lemon@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@chromium.org \
--cc=kuba@kernel.org \
--cc=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=magnus.karlsson@intel.com \
--cc=netdev@vger.kernel.org \
--cc=song@kernel.org \
--cc=songliubraving@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.