[Linux-kernel-mentees] [PATCH net] rds: Prevent kernel-infoleak in rds_notify_queue_get()
Jason Gunthorpe
jgg at ziepe.ca
Fri Jul 31 18:27:12 UTC 2020
On Fri, Jul 31, 2020 at 07:19:24PM +0200, Greg Kroah-Hartman wrote:
> > I tried for a bit and didn't find a way to get even old gcc 4.4 to not
> > initialize the holes.
>
> Odd, so it is just the "= {0};" that does not zero out the holes?
Nope, it seems to work fine too. I tried a number of situations and I
could not get the compiler to not zero holes, even back to gcc 4.4
It is not just accidental either, take this:
struct rds_rdma_notify {
unsigned long user_token;
unsigned char status;
unsigned long user_token1 __attribute__((aligned(32)));
} foo = {0};
Which has quite a big hole, clang generates:
movq $0, 56(%rdi)
movq $0, 48(%rdi)
movq $0, 40(%rdi)
movq $0, 32(%rdi)
movq $0, 24(%rdi)
movq $0, 16(%rdi)
movq $0, 8(%rdi)
movq $0, (%rdi)
Deliberate extra instructions to fill both holes. gcc 10 does the
same, older gcc's do create a rep stosq over the whole thing.
Some fiddling with godbolt shows quite a variety of output, but I
didn't see anything that looks like a compiler not filling
padding. Even godbolt's gcc 4.1 filled the padding, which is super old.
In several cases it seems the aggregate initializer produced better
code than memset, in other cases it didn't
Without an actual example where this doesn't work right it is hard to
say anything more..
Jason
More information about the Linux-kernel-mentees
mailing list