xdp: Prevent kernel-infoleak in xsk_getsockopt()

xsk_getsockopt() is copying uninitialized stack memory to userspace when 'extra_stats' is 'false'. Fix it. Doing '= {};' is sufficient since currently 'struct xdp_statistics' is defined as follows: struct xdp_statistics { __u64 rx_dropped; __u64 rx_invalid_descs; __u64 tx_invalid_descs; __u64 rx_ring_full; __u64 rx_fill_ring_empty_descs; __u64 tx_ring_empty_descs; }; When being copied to the userspace, 'stats' will not contain any uninitialized 'holes' between struct fields. Fixes: 8aa5a33578e9 ("xsk: Add new statistics") Suggested-by: Dan Carpenter <[email protected]> Signed-off-by: Peilin Ye <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Acked-by: Björn Töpel <[email protected]> Acked-by: Song Liu <[email protected]> Acked-by: Arnd Bergmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected]
author: Peilin Ye <[email protected]> 2020-07-28 01:36:04 -0400
committer: Daniel Borkmann <[email protected]> 2020-07-28 12:50:15 +0200
commit: 3c4f850e8441ac8b3b6dbaa6107604c4199ef01f (patch)
tree: e71a1c747f21c9b1da813dbca97c10c61fbe071f
parent: f6dfbe31e8fa5cbd5bc89df9d7f0fa0af7e69981 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index 2e94a7e94671..c3231620d210 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -840,7 +840,7 @@ static int xsk_getsockopt(struct socket *sock, int level, int optname,
 	switch (optname) {
 	case XDP_STATISTICS:
 	{
-		struct xdp_statistics stats;
+		struct xdp_statistics stats = {};
 		bool extra_stats = true;
 		size_t stats_size;
author	Peilin Ye <[email protected]>	2020-07-28 01:36:04 -0400
committer	Daniel Borkmann <[email protected]>	2020-07-28 12:50:15 +0200
commit	3c4f850e8441ac8b3b6dbaa6107604c4199ef01f (patch)
tree	e71a1c747f21c9b1da813dbca97c10c61fbe071f
parent	f6dfbe31e8fa5cbd5bc89df9d7f0fa0af7e69981 (diff)