lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <3b04a8fc177eee5ce2eaa24ae8164140188478c0.camel@huaweicloud.com>
Date: Fri, 16 Aug 2024 14:28:16 +0200
From: Roberto Sassu <roberto.sassu@...weicloud.com>
To: "Gustavo A. R. Silva" <gustavoars@...nel.org>, Mimi Zohar
 <zohar@...ux.ibm.com>, Roberto Sassu <roberto.sassu@...wei.com>, Dmitry
 Kasatkin <dmitry.kasatkin@...il.com>, Eric Snowberg
 <eric.snowberg@...cle.com>, Paul Moore <paul@...l-moore.com>, James Morris
 <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>
Cc: linux-integrity@...r.kernel.org, linux-security-module@...r.kernel.org, 
	linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH][next] integrity: Use static_assert() to check struct
 sizes

On Thu, 2024-08-08 at 16:04 -0600, Gustavo A. R. Silva wrote:
> Commit 38aa3f5ac6d2 ("integrity: Avoid -Wflex-array-member-not-at-end
> warnings") introduced tagged `struct evm_ima_xattr_data_hdr` and
> `struct ima_digest_data_hdr`. We want to ensure that when new members
> need to be added to the flexible structures, they are always included
> within these tagged structs.
> 
> So, we use `static_assert()` to ensure that the memory layout for
> both the flexible structure and the tagged struct is the same after
> any changes.

Looks good to me.

Tested-by: Roberto Sassu <roberto.sassu@...wei.com>
Reviewed-by: Roberto Sassu <roberto.sassu@...wei.com>

Thanks

Roberto

> Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
> ---
>  security/integrity/integrity.h | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
> index 660f76cb69d3..c2c2da691123 100644
> --- a/security/integrity/integrity.h
> +++ b/security/integrity/integrity.h
> @@ -37,6 +37,8 @@ struct evm_ima_xattr_data {
>  	);
>  	u8 data[];
>  } __packed;
> +static_assert(offsetof(struct evm_ima_xattr_data, data) == sizeof(struct evm_ima_xattr_data_hdr),
> +	      "struct member likely outside of __struct_group()");
>  
>  /* Only used in the EVM HMAC code. */
>  struct evm_xattr {
> @@ -65,6 +67,8 @@ struct ima_digest_data {
>  	);
>  	u8 digest[];
>  } __packed;
> +static_assert(offsetof(struct ima_digest_data, digest) == sizeof(struct ima_digest_data_hdr),
> +	      "struct member likely outside of __struct_group()");
>  
>  /*
>   * Instead of wrapping the ima_digest_data struct inside a local structure

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ