From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46F8AC433E0 for ; Sun, 9 Aug 2020 07:04:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1CA0320729 for ; Sun, 9 Aug 2020 07:04:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596956690; bh=RXegfO8sfwtCPziOMzKjff9+mTWukqMXNBxcvA/PHQ0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=nJ1K0TrQP0Inwz54FxkmJvhSlkGTorxO4VpoaOQn9XKchIoKFzVAwXNnbdixJehJi aciJlWnq3BQADH3bw7ds84xSYCewbqBOl9lxz+yxIMtW+3Kflf5LqEljoJWYuRLJYT 4yyELu72ICooeic0VzR4DZz4qPLT6FeOwDGCiEtU= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726097AbgHIHEt (ORCPT ); Sun, 9 Aug 2020 03:04:49 -0400 Received: from mail.kernel.org ([198.145.29.99]:49344 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726050AbgHIHEt (ORCPT ); Sun, 9 Aug 2020 03:04:49 -0400 Received: from localhost (unknown [213.57.247.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C9032206C3; Sun, 9 Aug 2020 07:04:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596956688; bh=RXegfO8sfwtCPziOMzKjff9+mTWukqMXNBxcvA/PHQ0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=WbjJliggcdbohvw04zRJ7b4Y/r/cKmbBRJpasZ3n26KOioJjq7UsNclBR2x1bdeDt xlZbQXEruW13ZQFEm4tdU81P2XkQOrQ3i7WDcpzgrxamnx1xDAOLngh0sHZGNMUP4D 1sgz5yxpQG0vFOT6X9NqnS70c7StKKboPX/plznY= Date: Sun, 9 Aug 2020 10:04:40 +0300 From: Leon Romanovsky To: Jack Leadford Cc: Jason Gunthorpe , Joe Perches , Greg Kroah-Hartman , Peilin Ye , Santosh Shilimkar , "David S. Miller" , Jakub Kicinski , Dan Carpenter , Arnd Bergmann , linux-kernel-mentees@lists.linuxfoundation.org, netdev@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, linux-kernel@vger.kernel.org Subject: Re: [Linux-kernel-mentees] [PATCH net] rds: Prevent kernel-infoleak in rds_notify_queue_get() Message-ID: <20200809070440.GA1653394@unreal> References: <20200731142148.GA1718799@kroah.com> <20200731143604.GF24045@ziepe.ca> <20200731171924.GA2014207@kroah.com> <20200801053833.GK75549@unreal> <20200802221020.GN24045@ziepe.ca> <20200802222843.GP24045@ziepe.ca> <60584f4c0303106b42463ddcfb108ec4a1f0b705.camel@perches.com> <20200803230627.GQ24045@ziepe.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org On Sat, Aug 08, 2020 at 03:57:33PM -0700, Jack Leadford wrote: > Hello! > > Thanks to Jason for getting this conversation back on track. > > Yes: in general, {} or a partial initializer /will/ zero padding bits. > > However, there is a bug in some versions of GCC where {} will /not/ zero > padding bits; actually, Jason's test program in this mail > https://lore.kernel.org/lkml/20200731143604.GF24045@ziepe.ca/ > has the right ingredients to trigger the bug, but the GCC > versions used are outside of the bug window. :) > > For more details on these cases and more (including said GCC bug), see my > paper at: > > https://www.nccgroup.com/us/about-us/newsroom-and-events/blog/2019/october/padding-the-struct-how-a-compiler-optimization-can-disclose-stack-memory/ > > Hopefully this paper can serve as a helpful reference when these cases are > encountered in the kernel. I read the paper and didn't find exact GCC version, only remark that it was before GCC 7. So my question, why is this case different from any other GCC bugs? AFAIK, we don't add kernel code to overcome GCC bugs which exist in specific versions, which already were fixed. More on that, this paper talks about specific flow which doesn't exist in the discussed patch. Thanks From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37E46C433E3 for ; Sun, 9 Aug 2020 07:04:53 +0000 (UTC) Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 036B7206C3 for ; Sun, 9 Aug 2020 07:04:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="WbjJligg" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 036B7206C3 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-kernel-mentees-bounces@lists.linuxfoundation.org Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id C11F9884EB; Sun, 9 Aug 2020 07:04:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z06cLBnK6bCb; Sun, 9 Aug 2020 07:04:52 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id F111F88494; Sun, 9 Aug 2020 07:04:51 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id D27AAC013C; Sun, 9 Aug 2020 07:04:51 +0000 (UTC) Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 08968C0051 for ; Sun, 9 Aug 2020 07:04:50 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id F1CD088648 for ; Sun, 9 Aug 2020 07:04:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zGWFLgq054KG for ; Sun, 9 Aug 2020 07:04:48 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by hemlock.osuosl.org (Postfix) with ESMTPS id CA4E48851F for ; Sun, 9 Aug 2020 07:04:48 +0000 (UTC) Received: from localhost (unknown [213.57.247.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C9032206C3; Sun, 9 Aug 2020 07:04:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596956688; bh=RXegfO8sfwtCPziOMzKjff9+mTWukqMXNBxcvA/PHQ0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=WbjJliggcdbohvw04zRJ7b4Y/r/cKmbBRJpasZ3n26KOioJjq7UsNclBR2x1bdeDt xlZbQXEruW13ZQFEm4tdU81P2XkQOrQ3i7WDcpzgrxamnx1xDAOLngh0sHZGNMUP4D 1sgz5yxpQG0vFOT6X9NqnS70c7StKKboPX/plznY= Date: Sun, 9 Aug 2020 10:04:40 +0300 From: Leon Romanovsky To: Jack Leadford Message-ID: <20200809070440.GA1653394@unreal> References: <20200731142148.GA1718799@kroah.com> <20200731143604.GF24045@ziepe.ca> <20200731171924.GA2014207@kroah.com> <20200801053833.GK75549@unreal> <20200802221020.GN24045@ziepe.ca> <20200802222843.GP24045@ziepe.ca> <60584f4c0303106b42463ddcfb108ec4a1f0b705.camel@perches.com> <20200803230627.GQ24045@ziepe.ca> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Cc: rds-devel@oss.oracle.com, Arnd Bergmann , linux-rdma@vger.kernel.org, Santosh Shilimkar , linux-kernel@vger.kernel.org, Peilin Ye , Jason Gunthorpe , netdev@vger.kernel.org, Joe Perches , Jakub Kicinski , linux-kernel-mentees@lists.linuxfoundation.org, "David S. Miller" , Dan Carpenter Subject: Re: [Linux-kernel-mentees] [PATCH net] rds: Prevent kernel-infoleak in rds_notify_queue_get() X-BeenThere: linux-kernel-mentees@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-kernel-mentees-bounces@lists.linuxfoundation.org Sender: "Linux-kernel-mentees" On Sat, Aug 08, 2020 at 03:57:33PM -0700, Jack Leadford wrote: > Hello! > > Thanks to Jason for getting this conversation back on track. > > Yes: in general, {} or a partial initializer /will/ zero padding bits. > > However, there is a bug in some versions of GCC where {} will /not/ zero > padding bits; actually, Jason's test program in this mail > https://lore.kernel.org/lkml/20200731143604.GF24045@ziepe.ca/ > has the right ingredients to trigger the bug, but the GCC > versions used are outside of the bug window. :) > > For more details on these cases and more (including said GCC bug), see my > paper at: > > https://www.nccgroup.com/us/about-us/newsroom-and-events/blog/2019/october/padding-the-struct-how-a-compiler-optimization-can-disclose-stack-memory/ > > Hopefully this paper can serve as a helpful reference when these cases are > encountered in the kernel. I read the paper and didn't find exact GCC version, only remark that it was before GCC 7. So my question, why is this case different from any other GCC bugs? AFAIK, we don't add kernel code to overcome GCC bugs which exist in specific versions, which already were fixed. More on that, this paper talks about specific flow which doesn't exist in the discussed patch. Thanks _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees