On Thu, Apr 02, 2020 at 08:53:21PM +0200, Pavel Machek wrote: > Hi! > > > From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > > > commit 8096f229421f7b22433775e928d506f0342e5907 upstream. > > > > For the bpf syscall, we are relying on the compiler to properly zero out > > the bpf_attr union that we copy userspace data into. Unfortunately that > > doesn't always work properly, padding and other oddities might not be > > correctly zeroed, and in some tests odd things have been found when the > > stack is pre-initialized to other values. > > > > Fix this by explicitly memsetting the structure to 0 before using > > it. > > Is not that a gcc bug? No. > I mean, that's seriously unhelpful behaviour from security > perspective. I totally agree, and it is something we have been playing whack-a-mole over for a number of years now. Nothing new, but we do have a config option to zero out the stack all the time if you are feeling paranoid and can take the performance hit. > Is there any reason to believe this is not causing problems elsewhere? It probably is, please feel free to audit and fix up the remaining issues that you find. thanks, greg k-h
