On Tue, 2017-10-31 at 09:14 -0700, Kees Cook wrote: > Some protocols do not correctly wipe the contents of the on-stack > struct sockaddr_storage sent down into recvmsg() (e.g. SCTP), and leak > kernel stack contents to userspace. This wipes it unconditionally before > per-protocol handlers run. > > Note that leaks like this are mitigated by building with > CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y > > Reported-by: Alexander Potapenko <gli...@google.com> > Cc: "David S. Miller" <da...@davemloft.net> > Cc: netdev@vger.kernel.org > Signed-off-by: Kees Cook <keesc...@chromium.org> > --- > net/socket.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/socket.c b/net/socket.c > index c729625eb5d3..34183f4fbdf8 100644 > --- a/net/socket.c > +++ b/net/socket.c > @@ -2188,6 +2188,7 @@ static int ___sys_recvmsg(struct socket *sock, struct > user_msghdr __user *msg, > struct sockaddr __user *uaddr; > int __user *uaddr_len = COMPAT_NAMELEN(msg); > > + memset(&addr, 0, sizeof(addr)); > msg_sys->msg_name = &addr; >
This kind of patch comes every year. Standard answer is : We fix the buggy protocol, we do not make everything slower just because we are lazy. struct sockaddr is 128 bytes, but IPV4 only uses a fraction of it. Also memset() is using long word stores, so next 4-byte or 2-byte stores on same location hit a performance problem on x86. By adding all these defensive programming, we would give strong incentives to bypass the kernel for networking. That would be bad.
