lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 28 Oct 2022 19:33:17 +0200
From:   Christian König <christian.koenig@....com>
To:     Kees Cook <keescook@...omium.org>
Cc:     Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@...il.com>,
        Alex Deucher <alexander.deucher@....com>,
        "Pan, Xinhui" <Xinhui.Pan@....com>,
        David Airlie <airlied@...il.com>,
        Daniel Vetter <daniel@...ll.ch>,
        Hans de Goede <hdegoede@...hat.com>,
        Grigory Vasilyev <h0tc0d3@...il.com>,
        Claudio Suarez <cssk@...-c.es>,
        Slark Xiao <slark_xiao@....com>,
        Rongguang Wei <weirongguang@...inos.cn>,
        amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] [next] drm/amdgpu: Replace one-element array with
 flexible-array member

Am 28.10.22 um 18:36 schrieb Kees Cook:
> On Fri, Oct 28, 2022 at 09:18:39AM +0200, Christian König wrote:
>> Am 28.10.22 um 07:10 schrieb Paulo Miguel Almeida:
>>> One-element arrays are deprecated, and we are replacing them with
>>> flexible array members instead. So, replace one-element array with
>>> flexible-array member in struct _ATOM_FAKE_EDID_PATCH_RECORD and
>>> refactor the rest of the code accordingly.
>>>
>>> This helps with the ongoing efforts to tighten the FORTIFY_SOURCE
>>> routines on memcpy() and help us make progress towards globally
>>> enabling -fstrict-flex-arrays=3 [1].
>>>
>>> Link: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FKSPP%2Flinux%2Fissues%2F79&amp;data=05%7C01%7Cchristian.koenig%40amd.com%7C600d3657cbe441ae969d08dab9028c1c%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C638025717852262567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=h78kYVA3ee9fDDwD5XGNgYJuUAZtBitVpk2354cOLO4%3D&amp;reserved=0
>>> Link: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FKSPP%2Flinux%2Fissues%2F238&amp;data=05%7C01%7Cchristian.koenig%40amd.com%7C600d3657cbe441ae969d08dab9028c1c%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C638025717852262567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=k1k7LwxIxIw5c9QM3gM2pA9DVGF4Kz20IJWs5tY4xzE%3D&amp;reserved=0
>>> Link: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgcc.gnu.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D101836&amp;data=05%7C01%7Cchristian.koenig%40amd.com%7C600d3657cbe441ae969d08dab9028c1c%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C638025717852262567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=LJB4Rs1xOE82UpLbqtZOgPgi7OmvR02T9fikpKamdiY%3D&amp;reserved=0 [1]
>> I'm not sure if that's a good idea. We had multiple attempts to refactor
>> this now and it always caused a regression.
>>
>> Additional to that the header in question came from our BIOS team and isn't
>> following Linux styles in general.
>>
>> Alex what do you think?
> Fake flexible arrays (i.e. 1-element arrays) are deprecated in Linux[1]
> (and, frankly, deprecated in C since 1999 and even well before then given
> the 0-sized extension that was added in GCC), so we can't continue to
> bring them into kernel sources. Their use breaks both compile-time and
> run-time bounds checking efforts, etc.

I'm perfectly aware of that. The issue is that we have tried to fix this 
multiple times now and reverted back to the original behavior because 
some user with a 10-15 year old hardware complained that it broke his 
system.

We can't really test every hw generation of the last 15 years for 
regressions.

> All that said, converting away from them can be tricky, and I think such
> conversions need to explicitly show how they were checked for binary
> differences[2].

Oh, that's a great idea! Yes, if this can be guaranteed then the change 
is obviously perfectly ok.

Thanks,
Christian.

>
> Paulo, can you please check for deltas and report your findings in the
> commit log? Note that add struct_size() use in the same patch may result
> in binary differences, so for more complex cases, you may want to split
> the 1-element conversion from the struct_size() conversions.
>
> -Kees
>
> [1] https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.kernel.org%2Fprocess%2Fdeprecated.html%23zero-length-and-one-element-arrays&amp;data=05%7C01%7Cchristian.koenig%40amd.com%7C600d3657cbe441ae969d08dab9028c1c%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C638025717852262567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=6v1qt3zMrSTFDgnF9TO3aurqvG1fPjH2grRu47e2tEA%3D&amp;reserved=0
> [2] https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutflux.net%2Fblog%2Farchives%2F2022%2F06%2F24%2Ffinding-binary-differences%2F&amp;data=05%7C01%7Cchristian.koenig%40amd.com%7C600d3657cbe441ae969d08dab9028c1c%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C638025717852262567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=g3yCIXBAD0OJwK5EdxRfJVeSBevbA1WOeyFM%2BiZC%2F%2FM%3D&amp;reserved=0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ