lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Tue, 24 Aug 2021 13:51:44 +0000
From:   Prabhakar Kushwaha <pkushwaha@...vell.com>
To:     Kees Cook <keescook@...omium.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC:     Ariel Elior <aelior@...vell.com>,
        Sudarsana Reddy Kalluru <skalluru@...vell.com>,
        GR-everest-linux-l2 <GR-everest-linux-l2@...vell.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Shai Malin <smalin@...vell.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
        "dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
        "linux-staging@...ts.linux.dev" <linux-staging@...ts.linux.dev>,
        "linux-block@...r.kernel.org" <linux-block@...r.kernel.org>,
        "linux-kbuild@...r.kernel.org" <linux-kbuild@...r.kernel.org>,
        "clang-built-linux@...glegroups.com" 
        <clang-built-linux@...glegroups.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>
Subject: RE: [PATCH v2 17/63] bnx2x: Use struct_group() for memcpy() region


> -----Original Message-----
> From: Kees Cook <keescook@...omium.org>
> Sent: Wednesday, August 18, 2021 11:35 AM
> To: linux-kernel@...r.kernel.org
> Cc: Kees Cook <keescook@...omium.org>; Ariel Elior <aelior@...vell.com>;
> Sudarsana Reddy Kalluru <skalluru@...vell.com>; GR-everest-linux-l2 <GR-
> everest-linux-l2@...vell.com>; David S. Miller <davem@...emloft.net>; Jakub
> Kicinski <kuba@...nel.org>; netdev@...r.kernel.org; Gustavo A. R. Silva
> <gustavoars@...nel.org>; Greg Kroah-Hartman <gregkh@...uxfoundation.org>;
> Andrew Morton <akpm@...ux-foundation.org>; linux-wireless@...r.kernel.org;
> dri-devel@...ts.freedesktop.org; linux-staging@...ts.linux.dev; linux-
> block@...r.kernel.org; linux-kbuild@...r.kernel.org; clang-built-
> linux@...glegroups.com; Rasmus Villemoes <linux@...musvillemoes.dk>;
> linux-hardening@...r.kernel.org
> Subject: [PATCH v2 17/63] bnx2x: Use struct_group() for memcpy() region
> 
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), memmove(), and memset(), avoid
> intentionally writing across neighboring fields.
> 
> Use struct_group() in struct nig_stats around members egress_mac_pkt0_lo,
> egress_mac_pkt0_hi, egress_mac_pkt1_lo, and egress_mac_pkt1_hi (and the
> respective members in struct bnx2x_eth_stats), so they can be referenced
> together. This will allow memcpy() and sizeof() to more easily reason
> about sizes, improve readability, and avoid future warnings about writing
> beyond the end of struct bnx2x_eth_stats's rx_stat_ifhcinbadoctets_hi.
> 
> "pahole" shows no size nor member offset changes to either struct.
> "objdump -d" shows no meaningful object code changes (i.e. only source
> line number induced differences and optimizations).
> 
> Additionally adds BUILD_BUG_ON() to compare the separate struct group
> sizes.
> 
> Cc: Ariel Elior <aelior@...vell.com>
> Cc: Sudarsana Kalluru <skalluru@...vell.com>
> Cc: GR-everest-linux-l2@...vell.com
> Cc: "David S. Miller" <davem@...emloft.net>
> Cc: Jakub Kicinski <kuba@...nel.org>
> Cc: netdev@...r.kernel.org
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---

Reviewed-by: Prabhakar Kushwaha <pkushwaha@...vell.com>

Powered by blists - more mailing lists