RE: [RFC PATCH 4/6] hv_sock: Initialize send_buf in hvs_stream_enqueue()

From: Michael Kelley (LINUX)
Date: Thu Apr 14 2022 - 23:49:54 EST


From: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> Sent: Wednesday, April 13, 2022 1:48 PM
>
> So that padding or uninitialized bytes can't leak guest memory contents.
>
> Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx>
> ---
> net/vmw_vsock/hyperv_transport.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transport.c
> index 092cadc2c866d..72ce00928c8e7 100644
> --- a/net/vmw_vsock/hyperv_transport.c
> +++ b/net/vmw_vsock/hyperv_transport.c
> @@ -655,7 +655,7 @@ static ssize_t hvs_stream_enqueue(struct vsock_sock *vsk,
> struct msghdr *msg,
>
> BUILD_BUG_ON(sizeof(*send_buf) != HV_HYP_PAGE_SIZE);
>
> - send_buf = kmalloc(sizeof(*send_buf), GFP_KERNEL);
> + send_buf = kzalloc(sizeof(*send_buf), GFP_KERNEL);

Is this change really needed? All fields are explicitly initialized, and in the data
array, only the populated bytes are copied to the ring buffer. There should not
be any uninitialized values sent to the host. Zeroing the memory ahead of
time certainly provides an extra protection (particularly against padding bytes,
but there can't be any since the layout of the data is part of the protocol with
Hyper-V). It is expensive protection to zero out 16K+ bytes every time we send
out a small message.

Michael

> if (!send_buf)
> return -ENOMEM;
>
> --
> 2.25.1