lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 1 Oct 2023 09:23:17 +0200
From: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To: Christophe JAILLET <christophe.jaillet@...adoo.fr>,
 Kent Overstreet <kent.overstreet@...ux.dev>,
 Brian Foster <bfoster@...hat.com>, Kees Cook <keescook@...omium.org>,
 "Gustavo A. R. Silva" <gustavoars@...nel.org>,
 Nathan Chancellor <nathan@...nel.org>,
 Nick Desaulniers <ndesaulniers@...gle.com>, Tom Rix <trix@...hat.com>
Cc: linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
 linux-bcachefs@...r.kernel.org, linux-hardening@...r.kernel.org,
 llvm@...ts.linux.dev
Subject: Re: [PATCH] bcachefs: Use struct_size()



On 10/1/23 09:13, Christophe JAILLET wrote:
> Use struct_size() instead of hand writing it.
> This is less verbose and more robust.
> 
> While at it, prepare for the coming implementation by GCC and Clang of the
> __counted_by attribute. Flexible array members annotated with __counted_by
> can have their accesses bounds-checked at run-time checking via
> CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for
> strcpy/memcpy-family functions).

I would prefer this as two separate patches.

> 
> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>

In any case:

Reviewed-by: Gustavo A. R. Silva <gustavors@...nel.org>

Thanks
--
Gustavo

> ---
> This patch is part of a work done in parallel of what is currently worked
> on by Kees Cook.
> 
> My patches are only related to corner cases that do NOT match the
> semantic of his Coccinelle script[1].
> 
> In this case, struct_size() was not used to compute the size needed for the
> structure and its flex array.
> 
> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
> ---
>   fs/bcachefs/disk_groups.c | 3 +--
>   fs/bcachefs/super_types.h | 2 +-
>   2 files changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/bcachefs/disk_groups.c b/fs/bcachefs/disk_groups.c
> index b292dbef7992..224efa917427 100644
> --- a/fs/bcachefs/disk_groups.c
> +++ b/fs/bcachefs/disk_groups.c
> @@ -166,8 +166,7 @@ int bch2_sb_disk_groups_to_cpu(struct bch_fs *c)
>   	if (!groups)
>   		return 0;
>   
> -	cpu_g = kzalloc(sizeof(*cpu_g) +
> -			sizeof(cpu_g->entries[0]) * nr_groups, GFP_KERNEL);
> +	cpu_g = kzalloc(struct_size(cpu_g, entries, nr_groups), GFP_KERNEL);
>   	if (!cpu_g)
>   		return -BCH_ERR_ENOMEM_disk_groups_to_cpu;
>   
> diff --git a/fs/bcachefs/super_types.h b/fs/bcachefs/super_types.h
> index 597a8db73585..78d6138db62d 100644
> --- a/fs/bcachefs/super_types.h
> +++ b/fs/bcachefs/super_types.h
> @@ -46,7 +46,7 @@ struct bch_disk_group_cpu {
>   struct bch_disk_groups_cpu {
>   	struct rcu_head			rcu;
>   	unsigned			nr;
> -	struct bch_disk_group_cpu	entries[];
> +	struct bch_disk_group_cpu	entries[] __counted_by(nr);
>   };
>   
>   #endif /* _BCACHEFS_SUPER_TYPES_H */

Powered by blists - more mailing lists