From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S947328AbdDTT4Y (ORCPT <rfc822;w@1wt.eu>);
        Thu, 20 Apr 2017 15:56:24 -0400
Received: from shards.monkeyblade.net ([184.105.139.130]:48470 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S947221AbdDTT4X (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 20 Apr 2017 15:56:23 -0400
Date: Thu, 20 Apr 2017 15:56:20 -0400 (EDT)
Message-Id: <20170420.155620.2005862240803164222.davem@davemloft.net>
To: glider@google.com
Cc: dvyukov@google.com, kcc@google.com, edumazet@google.com,
        kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org
Subject: Re: [PATCH] net/packet: initialize val in packet_getsockopt()
From: David Miller <davem@davemloft.net>
In-Reply-To: <20170418174708.26341-1-glider@google.com>
References: <20170418174708.26341-1-glider@google.com>
X-Mailer: Mew version 6.7 on Emacs 24.5 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Thu, 20 Apr 2017 12:14:59 -0700 (PDT)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Alexander Potapenko <glider@google.com>
Date: Tue, 18 Apr 2017 19:47:08 +0200

> In the case getsockopt() is called with PACKET_HDRLEN and zero length,
> |val| remains uninitialized and the syscall may behave differently
> depending on its value. This doesn't have security consequences (as the
> uninit bytes aren't copied back), but it's still cleaner to initialize
> |val|.
> 
> This bug has been detected with KMSAN.
> 
> Signed-off-by: Alexander Potapenko <glider@google.com>

Copying into an 'int' only 1, 2, or 3 bytes is not going to work
properly.

Either enforce that it must be 4 bytes long, or handle the smaller
sizes properly such that it will work regardless of endianness.

Thanks.