lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202111181533.2D90E391@keescook>
Date:   Thu, 18 Nov 2021 15:39:59 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Damien Le Moal <damien.lemoal@...nsource.wdc.com>
Cc:     Jens Axboe <axboe@...nel.dk>, linux-kernel@...r.kernel.org,
        linux-ide@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] sata_fsl: Use struct_group() for memcpy() region

On Fri, Nov 19, 2021 at 08:17:14AM +0900, Damien Le Moal wrote:
> On 2021/11/19 3:38, Kees Cook wrote:
> > In preparation for FORTIFY_SOURCE performing compile-time and run-time
> > field bounds checking for memcpy(), memmove(), and memset(), avoid
> > intentionally writing across neighboring fields.
> > 
> > Use struct_group() in struct command_desc around members acmd and fill,
> > so they can be referenced together. This will allow memset(), memcpy(),
> > and sizeof() to more easily reason about sizes, improve readability,
> > and avoid future warnings about writing beyond the end of acmd:
> > 
> > In function 'fortify_memset_chk',
> >     inlined from 'sata_fsl_qc_prep' at drivers/ata/sata_fsl.c:534:3:
> > ./include/linux/fortify-string.h:199:4: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wattribute-warning]
> >   199 |    __write_overflow_field();
> >       |    ^~~~~~~~~~~~~~~~~~~~~~~~
> > 
> > Signed-off-by: Kees Cook <keescook@...omium.org>
> 
> This lacks some context with regard to FORTIFY_SOURCE and struct_group(). Is
> that already in 5.16 ? It sounds like it is not. Do you want a ack ? Or do you
> want me to queue this up for 5.17 ?

Ah yes, some details are here in the earlier "big" series cover letter
here:
https://lore.kernel.org/linux-hardening/20210818060533.3569517-1-keescook@chromium.org/

One of the requests from earlier review was to split it up for separate
trees for the maintainers that wanted to take stuff via their trees
directly.

The new helpers are landed as of v5.16-rc1, so it can go either way, but
given that the merge window is closed, I would expect this to be for
v5.17.

I am happy to to carry it in my fortify topic branch that I'm expecting
to send for 5.17, but totally up to you. Some folks like to take these
changes via their trees, others would rather not be bothered with it. :)

Thanks!

-Kees

> 
> Cheers.
> 
> > ---
> >  drivers/ata/sata_fsl.c | 10 ++++++----
> >  1 file changed, 6 insertions(+), 4 deletions(-)
> > 
> > diff --git a/drivers/ata/sata_fsl.c b/drivers/ata/sata_fsl.c
> > index e5838b23c9e0..fec3c9032606 100644
> > --- a/drivers/ata/sata_fsl.c
> > +++ b/drivers/ata/sata_fsl.c
> > @@ -246,8 +246,10 @@ enum {
> >  struct command_desc {
> >  	u8 cfis[8 * 4];
> >  	u8 sfis[8 * 4];
> > -	u8 acmd[4 * 4];
> > -	u8 fill[4 * 4];
> > +	struct_group(cdb,
> > +		u8 acmd[4 * 4];
> > +		u8 fill[4 * 4];
> > +	);
> >  	u32 prdt[SATA_FSL_MAX_PRD_DIRECT * 4];
> >  	u32 prdt_indirect[(SATA_FSL_MAX_PRD - SATA_FSL_MAX_PRD_DIRECT) * 4];
> >  };
> > @@ -531,8 +533,8 @@ static enum ata_completion_errors sata_fsl_qc_prep(struct ata_queued_cmd *qc)
> >  	/* setup "ACMD - atapi command" in cmd. desc. if this is ATAPI cmd */
> >  	if (ata_is_atapi(qc->tf.protocol)) {
> >  		desc_info |= ATAPI_CMD;
> > -		memset((void *)&cd->acmd, 0, 32);
> > -		memcpy((void *)&cd->acmd, qc->cdb, qc->dev->cdb_len);
> > +		memset(&cd->cdb, 0, sizeof(cd->cdb));
> > +		memcpy(&cd->cdb, qc->cdb, qc->dev->cdb_len);
> >  	}
> >  
> >  	if (qc->flags & ATA_QCFLAG_DMAMAP)
> > 
> 
> 
> -- 
> Damien Le Moal
> Western Digital Research

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ