diff options
author | Peilin Ye <[email protected]> | 2020-07-28 01:36:04 -0400 |
---|---|---|
committer | Daniel Borkmann <[email protected]> | 2020-07-28 12:50:15 +0200 |
commit | 3c4f850e8441ac8b3b6dbaa6107604c4199ef01f (patch) | |
tree | e71a1c747f21c9b1da813dbca97c10c61fbe071f | |
parent | f6dfbe31e8fa5cbd5bc89df9d7f0fa0af7e69981 (diff) |
xdp: Prevent kernel-infoleak in xsk_getsockopt()
xsk_getsockopt() is copying uninitialized stack memory to userspace when
'extra_stats' is 'false'. Fix it. Doing '= {};' is sufficient since currently
'struct xdp_statistics' is defined as follows:
struct xdp_statistics {
__u64 rx_dropped;
__u64 rx_invalid_descs;
__u64 tx_invalid_descs;
__u64 rx_ring_full;
__u64 rx_fill_ring_empty_descs;
__u64 tx_ring_empty_descs;
};
When being copied to the userspace, 'stats' will not contain any uninitialized
'holes' between struct fields.
Fixes: 8aa5a33578e9 ("xsk: Add new statistics")
Suggested-by: Dan Carpenter <[email protected]>
Signed-off-by: Peilin Ye <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Acked-by: Björn Töpel <[email protected]>
Acked-by: Song Liu <[email protected]>
Acked-by: Arnd Bergmann <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
-rw-r--r-- | net/xdp/xsk.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c index 2e94a7e94671..c3231620d210 100644 --- a/net/xdp/xsk.c +++ b/net/xdp/xsk.c @@ -840,7 +840,7 @@ static int xsk_getsockopt(struct socket *sock, int level, int optname, switch (optname) { case XDP_STATISTICS: { - struct xdp_statistics stats; + struct xdp_statistics stats = {}; bool extra_stats = true; size_t stats_size; |