| Message ID | 20170607180033.19747-1-Yuval.Mintz@cavium.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
On 06/07/2017 11:00 AM, Yuval Mintz wrote: > Some of the structure's fields are not initialized by the > rtnetlink. If driver doesn't set those in ndo_get_vf_config(), > they'd leak memory to user. > > Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> > CC: Michal Schmidt <mschmidt@redhat.com> > --- > net/core/rtnetlink.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c > index 9e2c0a7..5e61456 100644 > --- a/net/core/rtnetlink.c > +++ b/net/core/rtnetlink.c > @@ -1124,6 +1124,8 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb, > struct ifla_vf_mac vf_mac; > struct ifla_vf_info ivi; > > + memset(&ivi, 0, sizeof(ivi)); > + > /* Not all SR-IOV capable drivers support the > * spoofcheck and "RSS query enable" query. Preset to > * -1 so the user space tool can detect that the driver > @@ -1132,7 +1134,6 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb, > ivi.spoofchk = -1; > ivi.rss_query_en = -1; > ivi.trusted = -1; > - memset(ivi.mac, 0, sizeof(ivi.mac)); > /* The default value for VF link state is "auto" > * IFLA_VF_LINK_STATE_AUTO which equals zero > */ > It's been a few years since I worked in this code but I do recall this portion. Good idea... Thanks! Reviewed-by: Greg Rose <gvrose8192@gmail.com>
From: Yuval Mintz <Yuval.Mintz@cavium.com> Date: Wed, 7 Jun 2017 21:00:33 +0300 > Some of the structure's fields are not initialized by the > rtnetlink. If driver doesn't set those in ndo_get_vf_config(), > they'd leak memory to user. > > Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> > CC: Michal Schmidt <mschmidt@redhat.com> Good catch, applied and queued up for -stable, thanks.
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 9e2c0a7..5e61456 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -1124,6 +1124,8 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb, struct ifla_vf_mac vf_mac; struct ifla_vf_info ivi; + memset(&ivi, 0, sizeof(ivi)); + /* Not all SR-IOV capable drivers support the * spoofcheck and "RSS query enable" query. Preset to * -1 so the user space tool can detect that the driver @@ -1132,7 +1134,6 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb, ivi.spoofchk = -1; ivi.rss_query_en = -1; ivi.trusted = -1; - memset(ivi.mac, 0, sizeof(ivi.mac)); /* The default value for VF link state is "auto" * IFLA_VF_LINK_STATE_AUTO which equals zero */
Some of the structure's fields are not initialized by the rtnetlink. If driver doesn't set those in ndo_get_vf_config(), they'd leak memory to user. Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> CC: Michal Schmidt <mschmidt@redhat.com> --- net/core/rtnetlink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)