Re: [PATCH v2] fs: select: fix information leak to userspace

From: Eric Dumazet
Date: Mon Nov 15 2010 - 14:12:32 EST


Le dimanche 14 novembre 2010 Ã 18:06 -0800, Andrew Morton a Ãcrit :
> On Sun, 14 Nov 2010 12:25:33 +0300 Vasiliy Kulikov <segoon@xxxxxxxxxxxx> wrote:
> >
> > if (timeval) {
> > - rtv.tv_sec = rts.tv_sec;
> > - rtv.tv_usec = rts.tv_nsec / NSEC_PER_USEC;
> > + struct timeval rtv = {
> > + .tv_sec = rts.tv_sec,
> > + .tv_usec = rts.tv_nsec / NSEC_PER_USEC
> > + };
> >
> > if (!copy_to_user(p, &rtv, sizeof(rtv)))
> > return ret;
>
> Please check the assembly code - this will still leave four bytes of
> uninitalised stack data in 'rtv', surely.

Thats a good question.

In my understanding, gcc should initialize all holes (and other not
mentioned fields) with 0, even for automatic storage [C99 only mandates
this on static storage]

I tested on x86_64 and this is the case, but could not find a definitive
answer in gcc documentation.

This kind of construct is widely used in networking tree.

Maybe we should ask to gcc experts if this behavior is guaranteed by
gcc, or if we must review our code ;(

CC Jakub

Thanks !


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/