Bug 214711
Summary: | Information leak from kernel to user space in scsi_ioctl.c | ||
---|---|---|---|
Product: | SCSI Drivers | Reporter: | Andrew Bao (bao00065) |
Component: | Other | Assignee: | scsi_drivers-other |
Status: | NEW --- | ||
Severity: | normal | CC: | bvanassche |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 5.15-rc5 | Subsystem: | |
Regression: | No | Bisected commit-id: |
Description
Andrew Bao
2021-10-13 20:58:40 UTC
Isn't this called an information leak instead of a memory leak? Additionally, my understanding of the C standard is that a compiler is required to zero-initialize members that have not been mentioned in an initializer list. From the ANSI C 202x draft: "The initialization shall occur in initializer list order, each initializer provided for a particular subobject overriding any previously listed initializer for the same subobject; all subobjects that are not initialized explicitly shall be initialized implicitly the same as objects that have static storage duration." Hi Bart, Yes, It is an information leak. "my understanding of the C standard is that a compiler is required to zero-initialize members that have not been mentioned in an initializer list. From the ANSI C 202x d"raft: "The initialization shall occur in initializer list order, each initializer provided for a particular subobject overriding any previously listed initializer for the same subobject; all subobjects that are not initialized explicitly shall be initialized implicitly the same as objects that have static storage duration." I am wondering in what condition the compiler will zero-initialize the field in a struct. And what is the initializer in the context? Let say we have a struct foo: struct foo{ int a; int b; int c; }; method 1: struct foo f; f.a = 1; f.b = 2; In method 1, will the compiler zero-initialize the field f.c? method 2: struct foo f = { .a = 1 .b = 2 }; In method 2, will the compiler zero-initialize the field f.c? By the way, struct compat_cdrom_generic_command { unsigned char cmd[CDROM_PACKET_SIZE]; compat_caddr_t buffer; compat_uint_t buflen; compat_int_t stat; compat_caddr_t sense; unsigned char data_direction; unsigned char pad[3]; compat_int_t quiet; compat_int_t timeout; compat_caddr_t unused; }; If this struct does not declare unsigned char pad[3] in order to fill with padding, will the compiler zero-initialize 3 bytes holes for this struct? Hi Bart, Yes, It is an information leak. "my understanding of the C standard is that a compiler is required to zero-initialize members that have not been mentioned in an initializer list. From the ANSI C 202x d"raft: "The initialization shall occur in initializer list order, each initializer provided for a particular subobject overriding any previously listed initializer for the same subobject; all subobjects that are not initialized explicitly shall be initialized implicitly the same as objects that have static storage duration." I am wondering in what condition the compiler will zero-initialize the field in a struct. And what is the initializer in the context? Let say we have a struct foo: struct foo{ int a; int b; int c; }; method 1: struct foo f; f.a = 1; f.b = 2; In method 1, will the compiler zero-initialize the field f.c? method 2: struct foo f = { .a = 1 .b = 2 }; In method 2, will the compiler zero-initialize the field f.c? By the way, struct compat_cdrom_generic_command { unsigned char cmd[CDROM_PACKET_SIZE]; compat_caddr_t buffer; compat_uint_t buflen; compat_int_t stat; compat_caddr_t sense; unsigned char data_direction; unsigned char pad[3]; compat_int_t quiet; compat_int_t timeout; compat_caddr_t unused; }; If this struct does not declare unsigned char pad[3] in order to fill with padding, will the compiler zero-initialize 3 bytes holes for this struct? C and C++ compilers always initialize all named data members of a data structure in case of aggregate initialization. See also https://stackoverflow.com/questions/10828294/c-and-c-partial-initialization-of-automatic-structure. However, whether or not unnamed padding bytes and bits are initialized depends on the language standard supported by the compiler. See e.g. https://gustedt.wordpress.com/2012/10/24/c11-defects-initialization-of-padding/ Thank you |