From: Jason Wang <jasowang@redhat.com>
To: peter.maydell@linaro.org
Cc: "Patrick Venture" <venture@google.com>,
"Jason Wang" <jasowang@redhat.com>,
qemu-devel@nongnu.org, "Philippe Mathieu-Daudé" <f4bug@amsat.org>,
"Hao Wu" <wuhaotsh@google.com>,
"Peter Foley" <pefoley@google.com>
Subject: [PULL 03/13] net: Fix uninitialized data usage
Date: Mon, 10 Jan 2022 11:39:50 +0800 [thread overview]
Message-ID: <20220110034000.20221-4-jasowang@redhat.com> (raw)
In-Reply-To: <20220110034000.20221-1-jasowang@redhat.com>
From: Peter Foley <pefoley@google.com>
e.g.
1109 15:16:20.151506 Uninitialized bytes in ioctl_common_pre at offset 0 inside [0x7ffc516af9b8, 4)
1109 15:16:20.151659 ==588974==WARNING: MemorySanitizer: use-of-uninitialized-value
1109 15:16:20.312923 #0 0x5639b88acb21 in tap_probe_vnet_hdr_len third_party/qemu/net/tap-linux.c:183:9
1109 15:16:20.312952 #1 0x5639b88afd66 in net_tap_fd_init third_party/qemu/net/tap.c:409:9
1109 15:16:20.312954 #2 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
1109 15:16:20.312956 #3 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
1109 15:16:20.312957 #4 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
1109 15:16:20.312958 #5 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
1109 15:16:20.312960 #6 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
1109 15:16:20.312961 #7 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
1109 15:16:20.312962 #8 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
1109 15:16:20.312964 #9 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
1109 15:16:20.312965 #10 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
1109 15:16:20.312967 #11 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
1109 15:16:20.312968 #12 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
1109 15:16:20.312969 #13 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
1109 15:16:20.312970
1109 15:16:20.312975 Uninitialized value was stored to memory at
1109 15:16:20.313393 #0 0x5639b88acbee in tap_probe_vnet_hdr_len third_party/qemu/net/tap-linux.c
1109 15:16:20.313396 #1 0x5639b88afd66 in net_tap_fd_init third_party/qemu/net/tap.c:409:9
1109 15:16:20.313398 #2 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
1109 15:16:20.313399 #3 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
1109 15:16:20.313400 #4 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
1109 15:16:20.313401 #5 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
1109 15:16:20.313403 #6 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
1109 15:16:20.313404 #7 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
1109 15:16:20.313405 #8 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
1109 15:16:20.313407 #9 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
1109 15:16:20.313408 #10 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
1109 15:16:20.313409 #11 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
1109 15:16:20.313410 #12 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
1109 15:16:20.313412 #13 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
1109 15:16:20.313413
1109 15:16:20.313417 Uninitialized value was stored to memory at
1109 15:16:20.313791 #0 0x5639b88affbd in net_tap_fd_init third_party/qemu/net/tap.c:400:26
1109 15:16:20.313826 #1 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
1109 15:16:20.313829 #2 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
1109 15:16:20.313831 #3 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
1109 15:16:20.313836 #4 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
1109 15:16:20.313838 #5 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
1109 15:16:20.313839 #6 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
1109 15:16:20.313841 #7 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
1109 15:16:20.313843 #8 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
1109 15:16:20.313844 #9 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
1109 15:16:20.313845 #10 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
1109 15:16:20.313846 #11 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
1109 15:16:20.313847 #12 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
1109 15:16:20.313849
1109 15:16:20.313851 Uninitialized value was created by an allocation of 'ifr' in the stack frame of function 'tap_probe_vnet_hdr'
1109 15:16:20.313855 #0 0x5639b88ac680 in tap_probe_vnet_hdr third_party/qemu/net/tap-linux.c:151
1109 15:16:20.313856
1109 15:16:20.313878 SUMMARY: MemorySanitizer: use-of-uninitialized-value third_party/qemu/net/tap-linux.c:183:9 in tap_probe_vnet_hdr_len
Fixes: dc69004c7d8 ("net: move tap_probe_vnet_hdr() to tap-linux.c")
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Patrick Venture <venture@google.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Peter Foley <pefoley@google.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
net/tap-linux.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/tap-linux.c b/net/tap-linux.c
index 9584769..5e70b93 100644
--- a/net/tap-linux.c
+++ b/net/tap-linux.c
@@ -150,6 +150,7 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, Error **errp)
int tap_probe_vnet_hdr(int fd, Error **errp)
{
struct ifreq ifr;
+ memset(&ifr, 0, sizeof(ifr));
if (ioctl(fd, TUNGETIFF, &ifr) != 0) {
/* TUNGETIFF is available since kernel v2.6.27 */
--
2.7.4
next prev parent reply other threads:[~2022-01-10 3:44 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-10 3:39 [PULL 00/13] Net patches Jason Wang
2022-01-10 3:39 ` [PULL 01/13] hw/net/vmxnet3: Log guest-triggerable errors using LOG_GUEST_ERROR Jason Wang
2022-01-10 3:39 ` [PULL 02/13] net/tap: Set return code on failure Jason Wang
2022-01-10 3:39 ` Jason Wang [this message]
2022-01-10 3:39 ` [PULL 04/13] net/colo-compare.c: Optimize compare order for performance Jason Wang
2022-01-10 3:39 ` [PULL 05/13] net/colo-compare.c: Update the default value comments Jason Wang
2022-01-10 3:39 ` [PULL 06/13] net/filter: Optimize filter_send to coroutine Jason Wang
2022-01-10 3:39 ` [PULL 07/13] net/vmnet: add vmnet dependency and customizable option Jason Wang
2022-01-10 3:39 ` [PULL 08/13] net/vmnet: add vmnet backends to qapi/net Jason Wang
2022-01-10 3:39 ` [PULL 09/13] net/vmnet: implement shared mode (vmnet-shared) Jason Wang
2022-01-10 3:39 ` [PULL 10/13] net/vmnet: implement host mode (vmnet-host) Jason Wang
2022-01-10 3:39 ` [PULL 11/13] net/vmnet: implement bridged mode (vmnet-bridged) Jason Wang
2022-01-10 3:39 ` [PULL 12/13] net/vmnet: update qemu-options.hx Jason Wang
2022-01-10 3:40 ` [PULL 13/13] net/vmnet: update MAINTAINERS list Jason Wang
2022-01-10 16:49 ` [PULL 00/13] Net patches Peter Maydell
2022-01-11 2:09 ` Jason Wang
2022-01-11 22:02 ` Vladislav Yaroshchuk
2022-01-12 5:39 ` Jason Wang
2022-01-12 6:19 ` Vladislav Yaroshchuk
2022-01-12 7:49 ` Jason Wang
2022-01-12 7:10 ` Roman Bolshakov
2022-01-12 7:51 ` Jason Wang
2022-01-12 13:16 ` Vladislav Yaroshchuk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220110034000.20221-4-jasowang@redhat.com \
--to=jasowang@redhat.com \
--cc=f4bug@amsat.org \
--cc=pefoley@google.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=venture@google.com \
--cc=wuhaotsh@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.