Re: [PATCH] kernel: sys.c: Avoid copying possible padding bytes in copy_to_user

From: Joe Perches
Date: Mon Oct 28 2019 - 04:08:34 EST

Next message: Keith Busch: "Re: [PATCH] nvme: Add hardware monitoring support"
Previous message: Fancy Fang: "[PATCH v4] clk: imx7ulp: do not export out IMX7ULP_CLK_MIPI_PLL clock"
In reply to: Dan Carpenter: "Re: [PATCH] kernel: sys.c: Avoid copying possible padding bytes in copy_to_user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2019-10-28 at 10:18 +0300, Dan Carpenter wrote:
> On Sat, Oct 26, 2019 at 12:46:08PM -0700, Joe Perches wrote:
> > Initialization is not guaranteed to zero padding bytes so
> > use an explicit memset instead to avoid leaking any kernel
> > content in any possible padding bytes.
[]
> > diff --git a/kernel/sys.c b/kernel/sys.c
[]
> > @@ -1279,11 +1279,13 @@ SYSCALL_DEFINE1(uname, struct old_utsname __user *, name)
> >
> > SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
> > {
> > - struct oldold_utsname tmp = {};
> > + struct oldold_utsname tmp;
>
> oldold_utsname doesn't have an struct holes. It looks like this:

It's not struct holes that could be a problem.
It's possible struct padding after the last element.

> struct oldold_utsname {
> char sysname[9];
> char nodename[9];
> char release[9];
> char version[9];
> char machine[9];
> };

Nominally 45 bytes.

A compiler _could_ pad to 48 for arbitrary alignment.
gcc does not pad and the struct size actually is 45
so for gcc (and I did not check clang), it's not a
real problem.

The patch still is a possible trivial improvement as
the memset is not done when name is NULL.

Next message: Keith Busch: "Re: [PATCH] nvme: Add hardware monitoring support"
Previous message: Fancy Fang: "[PATCH v4] clk: imx7ulp: do not export out IMX7ULP_CLK_MIPI_PLL clock"
In reply to: Dan Carpenter: "Re: [PATCH] kernel: sys.c: Avoid copying possible padding bytes in copy_to_user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]