|
Message-ID: <fe00723e-bdd0-3558-a137-da5f4f3d6127@redhat.com> Date: Wed, 14 Mar 2018 15:21:07 +0100 From: Florian Weimer <fweimer@...hat.com> To: Linus Torvalds <torvalds@...ux-foundation.org>, Kees Cook <keescook@...omium.org> Cc: Ingo Molnar <mingo@...nel.org>, P J P <pjp@...oraproject.org>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, Steven Rostedt <rostedt@...dmis.org>, Arnd Bergmann <arnd@...db.de>, Daniel Micay <danielmicay@...il.com>, Dave Hansen <dave.hansen@...ux.intel.com>, Alexander Popov <alex.popov@...ux.com>, Kernel Hardening <kernel-hardening@...ts.openwall.com>, PaX Team <pageexec@...email.hu>, Brad Spengler <spender@...ecurity.net>, Andy Lutomirski <luto@...nel.org>, Tycho Andersen <tycho@...ho.ws>, Laura Abbott <labbott@...hat.com>, Mark Rutland <mark.rutland@....com>, Borislav Petkov <bp@...en8.de>, Richard Sandiford <richard.sandiford@....com>, Thomas Gleixner <tglx@...utronix.de>, "H . Peter Anvin" <hpa@...or.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, "Dmitry V . Levin" <ldv@...linux.org>, Emese Revfy <re.emese@...il.com>, Jonathan Corbet <corbet@....net>, Andrey Ryabinin <aryabinin@...tuozzo.com>, "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>, Thomas Garnier <thgarnie@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Alexei Starovoitov <ast@...nel.org>, Josef Bacik <jbacik@...com>, Masami Hiramatsu <mhiramat@...nel.org>, Nicholas Piggin <npiggin@...il.com>, Al Viro <viro@...iv.linux.org.uk>, "David S . Miller" <davem@...emloft.net>, Ding Tianhong <dingtianhong@...wei.com>, David Woodhouse <dwmw@...zon.co.uk>, Josh Poimboeuf <jpoimboe@...hat.com>, Dominik Brodowski <linux@...inikbrodowski.net>, Juergen Gross <jgross@...e.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Dan Williams <dan.j.williams@...el.com>, Mathias Krause <minipli@...glemail.com>, Vikas Shivappa <vikas.shivappa@...ux.intel.com>, Kyle Huey <me@...ehuey.com>, Dmitry Safonov <dsafonov@...tuozzo.com>, Will Deacon <will.deacon@....com>, X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: Fully initialized stack usage (was Re: [PATCH RFC v9 4/7] x86/entry: Erase kernel stack in syscall_trace_enter()) On 03/12/2018 06:45 PM, Linus Torvalds wrote: > On Mon, Mar 12, 2018 at 10:17 AM, Kees Cook<keescook@...omium.org> wrote: >> On Mon, Mar 12, 2018 at 10:09 AM, Linus Torvalds >> <torvalds@...ux-foundation.org> wrote: >>> struct xyz var = { }; >>> >>> I'm not sure what that will do with padding. >> AIUI, this does not guarantee padding initialization (yet another >> "undefined behavior"). This is why we've had to sprinkle memset(&var, >> 0, sizeof(var)) in places where a structure has padding and got >> leaked. :( >> >> I assume this may be orthogonal to -finit-local-vars, and maybe we'll >> need some -finit-padding or something. (Though, honestly, is there >> anyone that wants to get_padding_ correct, but not variable >> initialization?) > We would definitely have wanted it over the years, yes. And > conceptually it's a separate issue, so a separate flag makes sense. What would be the model for the kernel? Write zero to the padding initially, and on copying structs, make sure that you either copy the padding from the source, or clear the target? Clearing the padding while copying might be somewhat expensive. Thanks, Florian
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.