Skip to content

Commit

Permalink
xdp: Prevent kernel-infoleak in xsk_getsockopt()
Browse files Browse the repository at this point in the history 
xsk_getsockopt() is copying uninitialized stack memory to userspace when
'extra_stats' is 'false'. Fix it. Doing '= {};' is sufficient since currently
'struct xdp_statistics' is defined as follows:

  struct xdp_statistics {
    __u64 rx_dropped;
    __u64 rx_invalid_descs;
    __u64 tx_invalid_descs;
    __u64 rx_ring_full;
    __u64 rx_fill_ring_empty_descs;
    __u64 tx_ring_empty_descs;
  };

When being copied to the userspace, 'stats' will not contain any uninitialized
'holes' between struct fields.

Fixes: 8aa5a33 ("xsk: Add new statistics")
Suggested-by: Dan Carpenter <[email protected]>
Signed-off-by: Peilin Ye <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Acked-by: Björn Töpel <[email protected]>
Acked-by: Song Liu <[email protected]>
Acked-by: Arnd Bergmann <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
  • Loading branch information
@peilin-ye @borkmann
peilin-ye authored and borkmann committed Jul 28, 2020
1 parent f6dfbe3 commit 3c4f850
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/xdp/xsk.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -840,7 +840,7 @@ static int xsk_getsockopt(struct socket *sock, int level, int optname,
switch (optname) {
case XDP_STATISTICS:
{
struct xdp_statistics stats;
struct xdp_statistics stats = {};
bool extra_stats = true;
size_t stats_size;

Expand Down

0 comments on commit 3c4f850

Please sign in to comment.