Re: [PATCH] kernel: sys.c: Avoid copying possible padding bytes in copy_to_user

[Julia Lawall]

On Sat, 26 Oct 2019, Joe Perches wrote:

> Initialization is not guaranteed to zero padding bytes so
> use an explicit memset instead to avoid leaking any kernel
> content in any possible padding bytes.

Here is an extract of an email that I sent to Kees at one point that left
me unsure about what should be done about these situations:

>From Kees:

    The only way to correctly handle this is:

    memset(&instance, 0, sizeof(instance));
    instance.one = 1;

>From me:

Actually, this document:

https://wiki.sei.cmu.edu/confluence/display/c/DCL39-C.+Avoid+information+leakage+when+passing+a+structure+across+a+trust+boundary

says that memset is a "noncompliant solution".  They suggest declaring the
structure as packed, as well as some other more unpleasant solutions.
Their point is that 1 will be sitting in a register, and the assignment at
least might copy the upper bytes of the register into the padding space.

-------------------------

Is the memset solution nevertheless what is always wanted in the kernel
when there is padding?

thanks,
julia