On Wed, Nov 20, 2019 at 03:45:16PM +0200, Leon Romanovsky wrote: > On Wed, Nov 20, 2019 at 03:49:00PM +0300, Dan Carpenter wrote: > > tree: https://git.kernel.org/pub/scm/linux/kernel/git/leon/linux-rdma.git rdma-next > > head: 7f9a863f2a4067a38cc6ad330b9425b3fd2dc67b > > commit: a209fe95d542e8e566c74a8cbd2ec49452b9d110 [59/63] net/core: Add support for getting VF GUIDs > > > > If you fix the issue, kindly add following tag > > Reported-by: kbuild test robot > > Reported-by: Dan Carpenter > > > > smatch warnings: > > net/core/rtnetlink.c:1279 rtnl_fill_vfinfo() warn: check that 'node_guid' doesn't leak information (struct has a hole after 'vf') > > net/core/rtnetlink.c:1281 rtnl_fill_vfinfo() warn: check that 'port_guid' doesn't leak information (struct has a hole after 'vf') > > > > # https://git.kernel.org/pub/scm/linux/kernel/git/leon/linux-rdma.git/commit/?id=a209fe95d542e8e566c74a8cbd2ec49452b9d110 > > git remote add leon-rdma https://git.kernel.org/pub/scm/linux/kernel/git/leon/linux-rdma.git > > git remote update leon-rdma > > git checkout a209fe95d542e8e566c74a8cbd2ec49452b9d110 > > vim +1279 net/core/rtnetlink.c > > > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1189 static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb, > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1190 struct net_device *dev, > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1191 int vfs_num, > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1192 struct nlattr *vfinfo) > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1193 { > > 01a3d796813d63 Vlad Zolotarov 2015-03-30 1194 struct ifla_vf_rss_query_en vf_rss_query_en; > > 79aab093a0b537 Moshe Shemesh 2016-09-22 1195 struct nlattr *vf, *vfstats, *vfvlanlist; > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1196 struct ifla_vf_link_state vf_linkstate; > > 79aab093a0b537 Moshe Shemesh 2016-09-22 1197 struct ifla_vf_vlan_info vf_vlan_info; > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1198 struct ifla_vf_spoofchk vf_spoofchk; > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1199 struct ifla_vf_tx_rate vf_tx_rate; > > 3b766cd832328f Eran Ben Elisha 2015-06-15 1200 struct ifla_vf_stats vf_stats; > > dd461d6aa89476 Hiroshi Shimamoto 2015-08-28 1201 struct ifla_vf_trust vf_trust; > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1202 struct ifla_vf_vlan vf_vlan; > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1203 struct ifla_vf_rate vf_rate; > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1204 struct ifla_vf_mac vf_mac; > > 75345f888f700c Denis Kirjanov 2019-06-17 1205 struct ifla_vf_broadcast vf_broadcast; > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1206 struct ifla_vf_info ivi; > > a209fe95d542e8 Danit Goldberg 2019-11-06 1207 struct ifla_vf_guid node_guid; > > a209fe95d542e8 Danit Goldberg 2019-11-06 1208 struct ifla_vf_guid port_guid; > > 5f8444a3fa6170 Greg Rose 2011-10-08 1209 > > 0eed9cf58446b2 Mintz, Yuval 2017-06-07 1210 memset(&ivi, 0, sizeof(ivi)); > > 0eed9cf58446b2 Mintz, Yuval 2017-06-07 1211 > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1212 /* Not all SR-IOV capable drivers support the > > 01a3d796813d63 Vlad Zolotarov 2015-03-30 1213 * spoofcheck and "RSS query enable" query. Preset to > > 01a3d796813d63 Vlad Zolotarov 2015-03-30 1214 * -1 so the user space tool can detect that the driver > > 01a3d796813d63 Vlad Zolotarov 2015-03-30 1215 * didn't report anything. > > 5f8444a3fa6170 Greg Rose 2011-10-08 1216 */ > > 5f8444a3fa6170 Greg Rose 2011-10-08 1217 ivi.spoofchk = -1; > > 01a3d796813d63 Vlad Zolotarov 2015-03-30 1218 ivi.rss_query_en = -1; > > dd461d6aa89476 Hiroshi Shimamoto 2015-08-28 1219 ivi.trusted = -1; > > 1d8faf48c74b83 Rony Efraim 2013-06-13 1220 /* The default value for VF link state is "auto" > > 1d8faf48c74b83 Rony Efraim 2013-06-13 1221 * IFLA_VF_LINK_STATE_AUTO which equals zero > > 1d8faf48c74b83 Rony Efraim 2013-06-13 1222 */ > > 1d8faf48c74b83 Rony Efraim 2013-06-13 1223 ivi.linkstate = 0; > > 79aab093a0b537 Moshe Shemesh 2016-09-22 1224 /* VLAN Protocol by default is 802.1Q */ > > 79aab093a0b537 Moshe Shemesh 2016-09-22 1225 ivi.vlan_proto = htons(ETH_P_8021Q); > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1226 if (dev->netdev_ops->ndo_get_vf_config(dev, vfs_num, &ivi)) > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1227 return 0; > > b22b941b2c253a Hannes Frederic Sowa 2015-11-17 1228 > > 775f4f05501b3e Dan Carpenter 2016-10-13 1229 memset(&vf_vlan_info, 0, sizeof(vf_vlan_info)); > > 775f4f05501b3e Dan Carpenter 2016-10-13 1230 > > 5f8444a3fa6170 Greg Rose 2011-10-08 1231 vf_mac.vf = > > 5f8444a3fa6170 Greg Rose 2011-10-08 1232 vf_vlan.vf = > > 79aab093a0b537 Moshe Shemesh 2016-09-22 1233 vf_vlan_info.vf = > > ed616689a3d95e Sucheta Chakraborty 2014-05-22 1234 vf_rate.vf = > > 5f8444a3fa6170 Greg Rose 2011-10-08 1235 vf_tx_rate.vf = > > 1d8faf48c74b83 Rony Efraim 2013-06-13 1236 vf_spoofchk.vf = > > 01a3d796813d63 Vlad Zolotarov 2015-03-30 1237 vf_linkstate.vf = > > dd461d6aa89476 Hiroshi Shimamoto 2015-08-28 1238 vf_rss_query_en.vf = > > dd461d6aa89476 Hiroshi Shimamoto 2015-08-28 1239 vf_trust.vf = ivi.vf; > > 5f8444a3fa6170 Greg Rose 2011-10-08 1240 > > c02db8c6290bb9 Chris Wright 2010-05-16 1241 memcpy(vf_mac.mac, ivi.mac, sizeof(ivi.mac)); > > 75345f888f700c Denis Kirjanov 2019-06-17 1242 memcpy(vf_broadcast.broadcast, dev->broadcast, dev->addr_len); > > c02db8c6290bb9 Chris Wright 2010-05-16 1243 vf_vlan.vlan = ivi.vlan; > > c02db8c6290bb9 Chris Wright 2010-05-16 1244 vf_vlan.qos = ivi.qos; > > 79aab093a0b537 Moshe Shemesh 2016-09-22 1245 vf_vlan_info.vlan = ivi.vlan; > > 79aab093a0b537 Moshe Shemesh 2016-09-22 1246 vf_vlan_info.qos = ivi.qos; > > 79aab093a0b537 Moshe Shemesh 2016-09-22 1247 vf_vlan_info.vlan_proto = ivi.vlan_proto; > > ed616689a3d95e Sucheta Chakraborty 2014-05-22 1248 vf_tx_rate.rate = ivi.max_tx_rate; > > ed616689a3d95e Sucheta Chakraborty 2014-05-22 1249 vf_rate.min_tx_rate = ivi.min_tx_rate; > > ed616689a3d95e Sucheta Chakraborty 2014-05-22 1250 vf_rate.max_tx_rate = ivi.max_tx_rate; > > 5f8444a3fa6170 Greg Rose 2011-10-08 1251 vf_spoofchk.setting = ivi.spoofchk; > > 1d8faf48c74b83 Rony Efraim 2013-06-13 1252 vf_linkstate.link_state = ivi.linkstate; > > 01a3d796813d63 Vlad Zolotarov 2015-03-30 1253 vf_rss_query_en.setting = ivi.rss_query_en; > > dd461d6aa89476 Hiroshi Shimamoto 2015-08-28 1254 vf_trust.setting = ivi.trusted; > > ae0be8de9a53cd Michal Kubecek 2019-04-26 1255 vf = nla_nest_start_noflag(skb, IFLA_VF_INFO); > > 79aab093a0b537 Moshe Shemesh 2016-09-22 1256 if (!vf) > > 79aab093a0b537 Moshe Shemesh 2016-09-22 1257 goto nla_put_vfinfo_failure; > > a6574349d068cb David S. Miller 2012-04-01 1258 if (nla_put(skb, IFLA_VF_MAC, sizeof(vf_mac), &vf_mac) || > > 75345f888f700c Denis Kirjanov 2019-06-17 1259 nla_put(skb, IFLA_VF_BROADCAST, sizeof(vf_broadcast), &vf_broadcast) || > > a6574349d068cb David S. Miller 2012-04-01 1260 nla_put(skb, IFLA_VF_VLAN, sizeof(vf_vlan), &vf_vlan) || > > ed616689a3d95e Sucheta Chakraborty 2014-05-22 1261 nla_put(skb, IFLA_VF_RATE, sizeof(vf_rate), > > ed616689a3d95e Sucheta Chakraborty 2014-05-22 1262 &vf_rate) || > > a6574349d068cb David S. Miller 2012-04-01 1263 nla_put(skb, IFLA_VF_TX_RATE, sizeof(vf_tx_rate), > > a6574349d068cb David S. Miller 2012-04-01 1264 &vf_tx_rate) || > > a6574349d068cb David S. Miller 2012-04-01 1265 nla_put(skb, IFLA_VF_SPOOFCHK, sizeof(vf_spoofchk), > > 1d8faf48c74b83 Rony Efraim 2013-06-13 1266 &vf_spoofchk) || > > 1d8faf48c74b83 Rony Efraim 2013-06-13 1267 nla_put(skb, IFLA_VF_LINK_STATE, sizeof(vf_linkstate), > > 01a3d796813d63 Vlad Zolotarov 2015-03-30 1268 &vf_linkstate) || > > 01a3d796813d63 Vlad Zolotarov 2015-03-30 1269 nla_put(skb, IFLA_VF_RSS_QUERY_EN, > > 01a3d796813d63 Vlad Zolotarov 2015-03-30 1270 sizeof(vf_rss_query_en), > > dd461d6aa89476 Hiroshi Shimamoto 2015-08-28 1271 &vf_rss_query_en) || > > dd461d6aa89476 Hiroshi Shimamoto 2015-08-28 1272 nla_put(skb, IFLA_VF_TRUST, > > dd461d6aa89476 Hiroshi Shimamoto 2015-08-28 1273 sizeof(vf_trust), &vf_trust)) > > 79aab093a0b537 Moshe Shemesh 2016-09-22 1274 goto nla_put_vf_failure; > > a209fe95d542e8 Danit Goldberg 2019-11-06 1275 if (dev->netdev_ops->ndo_get_vf_guid && > > a209fe95d542e8 Danit Goldberg 2019-11-06 1276 !dev->netdev_ops->ndo_get_vf_guid(dev, vfs_num, &node_guid, > > a209fe95d542e8 Danit Goldberg 2019-11-06 1277 &port_guid)) { > > a209fe95d542e8 Danit Goldberg 2019-11-06 1278 if (nla_put(skb, IFLA_VF_IB_NODE_GUID, sizeof(node_guid), > > a209fe95d542e8 Danit Goldberg 2019-11-06 @1279 &node_guid) || > > a209fe95d542e8 Danit Goldberg 2019-11-06 1280 nla_put(skb, IFLA_VF_IB_PORT_GUID, sizeof(port_guid), > > a209fe95d542e8 Danit Goldberg 2019-11-06 @1281 &port_guid)) > > > > These definitely seem like real bugs. We need to > > > > memset(&node_guid, 0, sizeof(node_guid)); > > memset(&port_guid, 0, sizeof(port_guid)); > > > > Using an initializer = {} is not sufficient to clear struct holes. I > > hope that we don't need to memzero_explicit() these like the very > > paranoid folks say. :( > > > Dan, > > How is it possible to leak? We are putting node_guid and port_guid after > successful return of ndo_get_vf_guid(). It will ensure that GUIDs are > initialized. There is a 4 byte struct hole after node_guid.vf. -> ipoib_get_vf_guid() -> ib_get_vf_guid() -> mlx5_ib_get_vf_guid() mlx5_ib_get_vf_guid() doesn't have a memset(), plus relying on drivers to clear the struct hole is unsafe. regards, dan carpenter