Akihiko Odaki wrote:
On 2025/01/09 16:31, Michael S. Tsirkin wrote:
On Thu, Jan 09, 2025 at 03:58:44PM +0900, Akihiko Odaki wrote:
tun used to simply advance iov_iter when it needs to pad virtio header,
which leaves the garbage in the buffer as is. This is especially
problematic when tun starts to allow enabling the hash reporting
feature; even if the feature is enabled, the packet may lack a hash
value and may contain a hole in the virtio header because the packet
arrived before the feature gets enabled or does not contain the
header fields to be hashed. If the hole is not filled with zero, it is
impossible to tell if the packet lacks a hash value.
Zero is a valid hash value, so cannot be used as an indication that
hashing is inactive.
In theory, a user of tun can fill the buffer with zero before calling
read() to avoid such a problem, but leaving the garbage in the buffer is
awkward anyway so fill the buffer in tun.
Signed-off-by: Akihiko Odaki <akihiko.odaki@xxxxxxxxxx>
But if the user did it, you have just overwritten his value,
did you not?
Yes. but that means the user expects some part of buffer is not filled
after read() or recvmsg(). I'm a bit worried that not filling the buffer
may break assumptions others (especially the filesystem and socket
infrastructures in the kernel) may have.
If this is user memory that is ignored by the kernel, just reflected
back, then there is no need in general to zero it. There are many such
instances, also in msg_control.
If not zeroing leads to ambiguity with the new feature, that would be
a reason to add it -- it is always safe to do so.
If we are really confident that it will not cause problems, this
behavior can be opt-in based on a flag or we can just write some
documentation warning userspace programmers to initialize the buffer.