lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220309185032.229123-1-keescook@chromium.org>
Date:   Wed,  9 Mar 2022 10:50:32 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Thomas Bogendoerfer <tsbogend@...ha.franken.de>
Cc:     Kees Cook <keescook@...omium.org>,
        Randy Dunlap <rdunlap@...radead.org>,
        linux-mips@...r.kernel.org, kernel test robot <lkp@...el.com>,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: [PATCH] MIPS: boot/compressed: Use array reference for image bounds

As done with other image addresses in other architectures, use an
explicit flexible array instead of "address of char", which can trip
bounds checking done by the compiler. Found when building with
-Warray-bounds:

In file included from ./include/linux/byteorder/little_endian.h:5,
                 from ./arch/mips/include/uapi/asm/byteorder.h:15,
                 from ./arch/mips/include/asm/bitops.h:21,
                 from ./include/linux/bitops.h:33,
                 from ./include/linux/kernel.h:22,
                 from arch/mips/boot/compressed/decompress.c:13:
arch/mips/boot/compressed/decompress.c: In function 'decompress_kernel':
./include/asm-generic/unaligned.h:14:8: warning: array subscript -1 is outside array bounds of 'unsigned char[1]' [-Warray-bounds]
   14 |  __pptr->x;        \
      |  ~~~~~~^~~
./include/uapi/linux/byteorder/little_endian.h:35:51: note: in definition of macro '__le32_to_cpu'
   35 | #define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
      |                                                   ^
./include/asm-generic/unaligned.h:32:21: note: in expansion of macro '__get_unaligned_t'
   32 |  return le32_to_cpu(__get_unaligned_t(__le32, p));
      |                     ^~~~~~~~~~~~~~~~~
arch/mips/boot/compressed/decompress.c:29:37: note: while referencing '__image_end'
   29 | extern unsigned char __image_begin, __image_end;
      |                                     ^~~~~~~~~~~

Cc: Thomas Bogendoerfer <tsbogend@...ha.franken.de>
Cc: Randy Dunlap <rdunlap@...radead.org>
Cc: linux-mips@...r.kernel.org
Signed-off-by: Kees Cook <keescook@...omium.org>
---
 arch/mips/boot/compressed/decompress.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c
index aae1346a509a..5b38a802e101 100644
--- a/arch/mips/boot/compressed/decompress.c
+++ b/arch/mips/boot/compressed/decompress.c
@@ -26,7 +26,7 @@ unsigned long free_mem_ptr;
 unsigned long free_mem_end_ptr;
 
 /* The linker tells us where the image is. */
-extern unsigned char __image_begin, __image_end;
+extern unsigned char __image_begin[], __image_end[];
 
 /* debug interfaces  */
 #ifdef CONFIG_DEBUG_ZBOOT
@@ -91,9 +91,9 @@ void decompress_kernel(unsigned long boot_heap_start)
 {
 	unsigned long zimage_start, zimage_size;
 
-	zimage_start = (unsigned long)(&__image_begin);
-	zimage_size = (unsigned long)(&__image_end) -
-	    (unsigned long)(&__image_begin);
+	zimage_start = (unsigned long)(__image_begin);
+	zimage_size = (unsigned long)(__image_end) -
+	    (unsigned long)(__image_begin);
 
 	puts("zimage at:     ");
 	puthex(zimage_start);
@@ -121,7 +121,7 @@ void decompress_kernel(unsigned long boot_heap_start)
 		dtb_size = fdt_totalsize((void *)&__appended_dtb);
 
 		/* last four bytes is always image size in little endian */
-		image_size = get_unaligned_le32((void *)&__image_end - 4);
+		image_size = get_unaligned_le32((void *)__image_end - 4);
 
 		/* The device tree's address must be properly aligned  */
 		image_size = ALIGN(image_size, STRUCT_ALIGNMENT);
-- 
2.32.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ