On Sat, Aug 01, 2020 at 03:21:42AM +0300, Dmitry V. Levin wrote: > On Mon, Jul 27, 2020 at 05:36:44PM -0400, Peilin Ye wrote: > > ptrace_get_syscall_info() is copying uninitialized stack memory to > > userspace due to the compiler not initializing holes in statically > > allocated structures. Fix it by initializing `info` with memset(). > > > > Cc: sta...@vger.kernel.org > > Fixes: 201766a20e30 ("ptrace: add PTRACE_GET_SYSCALL_INFO request") > > Suggested-by: Dan Carpenter <dan.carpen...@oracle.com> > > Signed-off-by: Peilin Ye <yepeilin...@gmail.com> > > --- > > kernel/ptrace.c | 14 ++++++++------ > > 1 file changed, 8 insertions(+), 6 deletions(-) > > > > diff --git a/kernel/ptrace.c b/kernel/ptrace.c > > index 43d6179508d6..e48d05b765b5 100644 > > --- a/kernel/ptrace.c > > +++ b/kernel/ptrace.c > > @@ -960,15 +960,17 @@ ptrace_get_syscall_info(struct task_struct *child, > > unsigned long user_size, > > void __user *datavp) > > { > > struct pt_regs *regs = task_pt_regs(child); > > - struct ptrace_syscall_info info = { > > - .op = PTRACE_SYSCALL_INFO_NONE, > > - .arch = syscall_get_arch(child), > > - .instruction_pointer = instruction_pointer(regs), > > - .stack_pointer = user_stack_pointer(regs), > > - }; > > + struct ptrace_syscall_info info; > > unsigned long actual_size = offsetof(struct ptrace_syscall_info, entry); > > unsigned long write_size; > > > > + memset(&info, 0, sizeof(info)); > > + > > + info.op = PTRACE_SYSCALL_INFO_NONE; > > + info.arch = syscall_get_arch(child); > > + info.instruction_pointer = instruction_pointer(regs); > > + info.stack_pointer = user_stack_pointer(regs); > > + > > No, please don't do it this way. If there is a hole in the structure that > the compiler is unable to initialize properly (and there is a 3-byte hole > in the beginning indeed), please plug the hole by turning it into > something that the compiler is capable of initializing.
I see. I will do that and send a v2. > Also, please do not forget to Cc authors of the commit you are fixing. Sorry, I forgot about that. Thank you for pointing it out! Peilin Ye