lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 4 Oct 2023 01:40:45 +0200
From: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To: Kees Cook <keescook@...omium.org>, "David S. Miller" <davem@...emloft.net>
Cc: Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
 Paolo Abeni <pabeni@...hat.com>, Johannes Berg <johannes.berg@...el.com>,
 netdev@...r.kernel.org, "Gustavo A. R. Silva" <gustavoars@...nel.org>,
 Nathan Chancellor <nathan@...nel.org>,
 Nick Desaulniers <ndesaulniers@...gle.com>, Tom Rix <trix@...hat.com>,
 linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org,
 llvm@...ts.linux.dev
Subject: Re: [PATCH] netlink: Annotate struct netlink_policy_dump_state with
 __counted_by



On 10/4/23 01:21, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
> array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
> 
> As found with Coccinelle[1], add __counted_by for struct netlink_policy_dump_state.
> 
> Additionally update the size of the usage array length before accessing
> it. This requires remembering the old size for the memset() and later
> assignments.
> 
> Cc: "David S. Miller" <davem@...emloft.net>
> Cc: Eric Dumazet <edumazet@...gle.com>
> Cc: Jakub Kicinski <kuba@...nel.org>
> Cc: Paolo Abeni <pabeni@...hat.com>
> Cc: Johannes Berg <johannes.berg@...el.com>
> Cc: netdev@...r.kernel.org
> Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci [1]
> Signed-off-by: Kees Cook <keescook@...omium.org>

Reviewed-by: Gustavo A. R. Silva <gustavoars@...nel.org>

Thanks
--
Gustavo

> ---
>   net/netlink/policy.c | 15 ++++++++-------
>   1 file changed, 8 insertions(+), 7 deletions(-)
> 
> diff --git a/net/netlink/policy.c b/net/netlink/policy.c
> index 87e3de0fde89..e2f111edf66c 100644
> --- a/net/netlink/policy.c
> +++ b/net/netlink/policy.c
> @@ -21,7 +21,7 @@ struct netlink_policy_dump_state {
>   	struct {
>   		const struct nla_policy *policy;
>   		unsigned int maxtype;
> -	} policies[];
> +	} policies[] __counted_by(n_alloc);
>   };
>   
>   static int add_policy(struct netlink_policy_dump_state **statep,
> @@ -29,7 +29,7 @@ static int add_policy(struct netlink_policy_dump_state **statep,
>   		      unsigned int maxtype)
>   {
>   	struct netlink_policy_dump_state *state = *statep;
> -	unsigned int n_alloc, i;
> +	unsigned int old_n_alloc, n_alloc, i;
>   
>   	if (!policy || !maxtype)
>   		return 0;
> @@ -52,12 +52,13 @@ static int add_policy(struct netlink_policy_dump_state **statep,
>   	if (!state)
>   		return -ENOMEM;
>   
> -	memset(&state->policies[state->n_alloc], 0,
> -	       flex_array_size(state, policies, n_alloc - state->n_alloc));
> -
> -	state->policies[state->n_alloc].policy = policy;
> -	state->policies[state->n_alloc].maxtype = maxtype;
> +	old_n_alloc = state->n_alloc;
>   	state->n_alloc = n_alloc;
> +	memset(&state->policies[old_n_alloc], 0,
> +	       flex_array_size(state, policies, n_alloc - old_n_alloc));
> +
> +	state->policies[old_n_alloc].policy = policy;
> +	state->policies[old_n_alloc].maxtype = maxtype;
>   	*statep = state;
>   
>   	return 0;

Powered by blists - more mailing lists