lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 15 Oct 2023 09:20:54 +0200
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: Julia Lawall <julia.lawall@...ia.fr>, Kees Cook <keescook@...omium.org>
Cc: Pravin B Shelar <pshelar@....org>, "David S. Miller"
 <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
 "Gustavo A. R. Silva" <gustavoars@...nel.org>,
 Nathan Chancellor <nathan@...nel.org>,
 Nick Desaulniers <ndesaulniers@...gle.com>, Tom Rix <trix@...hat.com>,
 linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
 netdev@...r.kernel.org, dev@...nvswitch.org,
 linux-hardening@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH v2 2/2] net: openvswitch: Annotate struct mask_array with
 __counted_by

Le 15/10/2023 à 06:53, Julia Lawall a écrit :
> 
> 
> On Sat, 14 Oct 2023, Kees Cook wrote:
> 
>> On Sat, Oct 14, 2023 at 08:34:53AM +0200, Christophe JAILLET wrote:
>>> Prepare for the coming implementation by GCC and Clang of the __counted_by
>>> attribute. Flexible array members annotated with __counted_by can have
>>> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
>>> (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
>>> functions).
>>>
>>> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
>>> ---
>>> v2: Fix the subject  [Ilya Maximets]
>>>      fix the field name used with __counted_by  [Ilya Maximets]
>>>
>>> v1: https://lore.kernel.org/all/f66ddcf1ef9328f10292ea75a17b584359b6cde3.1696156198.git.christophe.jaillet@wanadoo.fr/
>>>
>>>
>>> This patch is part of a work done in parallel of what is currently worked
>>> on by Kees Cook.
>>>
>>> My patches are only related to corner cases that do NOT match the
>>> semantic of his Coccinelle script[1].
> 
> What was the problem with the semantic patch in this case?


The allocation in tbl_mask_array_alloc() looks like:
	new = kzalloc(sizeof(struct mask_array) +
		      sizeof(struct sw_flow_mask *) * size +
		      sizeof(u64) * size, GFP_KERNEL);


We allocated the struct, the ending flex aray *and* some more memory at 
the same time.

IIUC the cocci script, this extra space is not taken into account with 
the current script and it won't match.

CJ


> 
> thanks,
> julia
> 
> 
>>>
>>> In this case, in tbl_mask_array_alloc(), several things are allocated with
>>> a single allocation. Then, some pointer arithmetic computes the address of
>>> the memory after the flex-array.
>>>
>>> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
>>> ---
>>>   net/openvswitch/flow_table.h | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/net/openvswitch/flow_table.h b/net/openvswitch/flow_table.h
>>> index 9e659db78c05..f524dc3e4862 100644
>>> --- a/net/openvswitch/flow_table.h
>>> +++ b/net/openvswitch/flow_table.h
>>> @@ -48,7 +48,7 @@ struct mask_array {
>>>   	int count, max;
>>>   	struct mask_array_stats __percpu *masks_usage_stats;
>>>   	u64 *masks_usage_zero_cntr;
>>> -	struct sw_flow_mask __rcu *masks[];
>>> +	struct sw_flow_mask __rcu *masks[] __counted_by(max);
>>>   };
>>
>> Yup, this looks correct to me. Thanks!
>>
>> Reviewed-by: Kees Cook <keescook@...omium.org>
>>
>> --
>> Kees Cook
>>
> 


Powered by blists - more mailing lists