Michael Kelley (LINUX)
2022-Apr-15 03:33 UTC
[RFC PATCH 4/6] hv_sock: Initialize send_buf in hvs_stream_enqueue()
From: Andrea Parri (Microsoft) <parri.andrea at gmail.com> Sent: Wednesday, April 13, 2022 1:48 PM> > So that padding or uninitialized bytes can't leak guest memory contents. > > Signed-off-by: Andrea Parri (Microsoft) <parri.andrea at gmail.com> > --- > net/vmw_vsock/hyperv_transport.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transport.c > index 092cadc2c866d..72ce00928c8e7 100644 > --- a/net/vmw_vsock/hyperv_transport.c > +++ b/net/vmw_vsock/hyperv_transport.c > @@ -655,7 +655,7 @@ static ssize_t hvs_stream_enqueue(struct vsock_sock *vsk, > struct msghdr *msg, > > BUILD_BUG_ON(sizeof(*send_buf) != HV_HYP_PAGE_SIZE); > > - send_buf = kmalloc(sizeof(*send_buf), GFP_KERNEL); > + send_buf = kzalloc(sizeof(*send_buf), GFP_KERNEL);Is this change really needed? All fields are explicitly initialized, and in the data array, only the populated bytes are copied to the ring buffer. There should not be any uninitialized values sent to the host. Zeroing the memory ahead of time certainly provides an extra protection (particularly against padding bytes, but there can't be any since the layout of the data is part of the protocol with Hyper-V). It is expensive protection to zero out 16K+ bytes every time we send out a small message. Michael> if (!send_buf) > return -ENOMEM; > > -- > 2.25.1