netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc - linux-dev - Linux kernel development work

diff options

author	Haimin Zhang <tcs.kernel@gmail.com>	2021-12-15 19:15:30 +0800
committer	Jakub Kicinski <kuba@kernel.org>	2021-12-15 17:49:13 -0800
commit	481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (patch)
tree	3e90ccb18df415c98980ff8a0f7bc92f658bd20b /net/packet/af_packet.c
parent	dpaa2-eth: fix ethtool statistics (diff)
download	linux-dev-481221775d53d6215a6e5e9ce1cce6d2b4ab9a46.tar.xz linux-dev-481221775d53d6215a6e5e9ce1cce6d2b4ab9a46.zip

netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc

Zero-initialize memory for new map's value in function nsim_bpf_map_alloc since it may cause a potential kernel information leak issue, as follows: 1. nsim_bpf_map_alloc calls nsim_map_alloc_elem to allocate elements for a new map. 2. nsim_map_alloc_elem uses kmalloc to allocate map's value, but doesn't zero it. 3. A user application can use IOCTL BPF_MAP_LOOKUP_ELEM to get specific element's information in the map. 4. The kernel function map_lookup_elem will call bpf_map_copy_value to get the information allocated at step-2, then use copy_to_user to copy to the user buffer. This can only leak information for an array map. Fixes: 395cacb5f1a0 ("netdevsim: bpf: support fake map offload") Suggested-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Haimin Zhang <tcs.kernel@gmail.com> Link: https://lore.kernel.org/r/20211215111530.72103-1-tcs.kernel@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'net/packet/af_packet.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: