HomeFreeBSD

pf: Initialize arrays before copying out to userland

Description

pf: Initialize arrays before copying out to userland

A number of pf ioctls populate an array of structures and copy it out.
They have the following structures:

  • caller specifies the size of its output buffer
  • ioctl handler allocates a kernel buffer of the same size
  • ioctl handler populates the buffer, possibly leaving some items initialized if the caller provided more space than needed
  • ioctl handler copies the entire buffer out to userland

Thus, if more space was provided than is required, we end up copying out
uninitialized kernel memory. Simply zero the buffer at allocation time
to prevent this.

Reported by: KMSAN
Reviewed by: kp
Sponsored by: The FreeBSD Foundation

(cherry picked from commit 2b82c57e399700f5134c47d86d45ef2f2bd465e2)

Details

Provenance
markjAuthored on Jul 28 2021, 2:16 PM
Parents
rG50c21bf33905: Do not expose to scheduler caches of single CPU.
Branches
Unknown
Tags
Unknown