| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <61b78f8e-98be-4392-9d3b-f1d211adb384@wanadoo.fr>
Date: Sun, 15 Oct 2023 09:20:54 +0200
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: Julia Lawall <julia.lawall@...ia.fr>, Kees Cook <keescook@...omium.org>
Cc: Pravin B Shelar <pshelar@....org>, "David S. Miller"
<davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>, Tom Rix <trix@...hat.com>,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
netdev@...r.kernel.org, dev@...nvswitch.org,
linux-hardening@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH v2 2/2] net: openvswitch: Annotate struct mask_array with
__counted_by
Le 15/10/2023 à 06:53, Julia Lawall a écrit :
>
>
> On Sat, 14 Oct 2023, Kees Cook wrote:
>
>> On Sat, Oct 14, 2023 at 08:34:53AM +0200, Christophe JAILLET wrote:
>>> Prepare for the coming implementation by GCC and Clang of the __counted_by
>>> attribute. Flexible array members annotated with __counted_by can have
>>> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
>>> (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
>>> functions).
>>>
>>> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
>>> ---
>>> v2: Fix the subject [Ilya Maximets]
>>> fix the field name used with __counted_by [Ilya Maximets]
>>>
>>> v1: https://lore.kernel.org/all/f66ddcf1ef9328f10292ea75a17b584359b6cde3.1696156198.git.christophe.jaillet@wanadoo.fr/
>>>
>>>
>>> This patch is part of a work done in parallel of what is currently worked
>>> on by Kees Cook.
>>>
>>> My patches are only related to corner cases that do NOT match the
>>> semantic of his Coccinelle script[1].
>
> What was the problem with the semantic patch in this case?
The allocation in tbl_mask_array_alloc() looks like:
new = kzalloc(sizeof(struct mask_array) +
sizeof(struct sw_flow_mask *) * size +
sizeof(u64) * size, GFP_KERNEL);
We allocated the struct, the ending flex aray *and* some more memory at
the same time.
IIUC the cocci script, this extra space is not taken into account with
the current script and it won't match.
CJ
>
> thanks,
> julia
>
>
>>>
>>> In this case, in tbl_mask_array_alloc(), several things are allocated with
>>> a single allocation. Then, some pointer arithmetic computes the address of
>>> the memory after the flex-array.
>>>
>>> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
>>> ---
>>> net/openvswitch/flow_table.h | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/net/openvswitch/flow_table.h b/net/openvswitch/flow_table.h
>>> index 9e659db78c05..f524dc3e4862 100644
>>> --- a/net/openvswitch/flow_table.h
>>> +++ b/net/openvswitch/flow_table.h
>>> @@ -48,7 +48,7 @@ struct mask_array {
>>> int count, max;
>>> struct mask_array_stats __percpu *masks_usage_stats;
>>> u64 *masks_usage_zero_cntr;
>>> - struct sw_flow_mask __rcu *masks[];
>>> + struct sw_flow_mask __rcu *masks[] __counted_by(max);
>>> };
>>
>> Yup, this looks correct to me. Thanks!
>>
>> Reviewed-by: Kees Cook <keescook@...omium.org>
>>
>> --
>> Kees Cook
>>
>
Powered by blists - more mailing lists