| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMj1kXGWV-S6Wec8LpEj9kvMufpn_Gjgqdybudxq4rnwjg3a+Q@mail.gmail.com>
Date: Mon, 16 Sep 2024 12:40:20 +0200
From: Ard Biesheuvel <ardb@...nel.org>
To: "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc: Miri Korenblit <miriam.rachel.korenblit@...el.com>, Kalle Valo <kvalo@...nel.org>,
Johannes Berg <johannes@...solutions.net>, "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH][next] wifi: iwlwifi: mvm: Use __counted_by() and avoid
-Wfamnae warnings
On Fri, 9 Aug 2024 at 21:17, Gustavo A. R. Silva <gustavoars@...nel.org> wrote:
>
> -Wflex-array-member-not-at-end was introduced in GCC-14, and we are
> getting ready to enable it, globally.
>
> So, use the `DEFINE_FLEX()` helper for multiple on-stack definitions
> of flexible structures where the size of their flexible-array members
> are known at compile-time, and refactor the rest of the code,
> accordingly.
>
> In order to allow for the use of `DEFINE_FLEX()`, a couple of
> structures were annotated with the `__counted_by()` attribute.
>
> With these changes, fix the following warnings:
> drivers/net/wireless/intel/iwlwifi/mvm/d3.c:124:52: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
> drivers/net/wireless/intel/iwlwifi/mvm/d3.c:2053:51: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
> drivers/net/wireless/intel/iwlwifi/mvm/d3.c:2148:43: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
> drivers/net/wireless/intel/iwlwifi/mvm/d3.c:2211:43: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
>
> Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
> ---
> .../net/wireless/intel/iwlwifi/fw/api/sta.h | 2 +-
> drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 126 ++++++++----------
> drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 2 +-
> include/net/mac80211.h | 2 +-
> 4 files changed, 61 insertions(+), 71 deletions(-)
>
> diff --git a/drivers/net/wireless/intel/iwlwifi/fw/api/sta.h b/drivers/net/wireless/intel/iwlwifi/fw/api/sta.h
> index d7f8a276b683..fe6bd34fefa3 100644
> --- a/drivers/net/wireless/intel/iwlwifi/fw/api/sta.h
> +++ b/drivers/net/wireless/intel/iwlwifi/fw/api/sta.h
> @@ -479,7 +479,7 @@ struct iwl_mvm_wep_key_cmd {
> u8 decryption_type;
> u8 flags;
> u8 reserved;
> - struct iwl_mvm_wep_key wep_key[];
> + struct iwl_mvm_wep_key wep_key[] __counted_by(num_keys);
> } __packed; /* SEC_CURR_WEP_KEY_CMD_API_S_VER_2 */
>
> /**
> diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
> index b4d650583ac2..b19579dd8de3 100644
> --- a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
> +++ b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
> @@ -120,19 +120,15 @@ static void iwl_mvm_wowlan_program_keys(struct ieee80211_hw *hw,
> switch (key->cipher) {
> case WLAN_CIPHER_SUITE_WEP40:
> case WLAN_CIPHER_SUITE_WEP104: { /* hack it for now */
> - struct {
> - struct iwl_mvm_wep_key_cmd wep_key_cmd;
> - struct iwl_mvm_wep_key wep_key;
> - } __packed wkc = {
> - .wep_key_cmd.mac_id_n_color =
> - cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id,
> - mvmvif->color)),
> - .wep_key_cmd.num_keys = 1,
> - /* firmware sets STA_KEY_FLG_WEP_13BYTES */
> - .wep_key_cmd.decryption_type = STA_KEY_FLG_WEP,
> - .wep_key.key_index = key->keyidx,
> - .wep_key.key_size = key->keylen,
> - };
> + DEFINE_FLEX(struct iwl_mvm_wep_key_cmd, wkc, wep_key, num_keys, 1);
> +
> + wkc->mac_id_n_color =
> + cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id,
> + mvmvif->color));
> + /* firmware sets STA_KEY_FLG_WEP_13BYTES */
> + wkc->decryption_type = STA_KEY_FLG_WEP;
> + wkc->wep_key[0].key_index = key->keyidx;
> + wkc->wep_key[0].key_size = key->keylen;
>
> /*
> * This will fail -- the key functions don't set support
> @@ -142,18 +138,18 @@ static void iwl_mvm_wowlan_program_keys(struct ieee80211_hw *hw,
> if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
> break;
>
> - memcpy(&wkc.wep_key.key[3], key->key, key->keylen);
> + memcpy(&wkc->wep_key[0].key[3], key->key, key->keylen);
> if (key->keyidx == mvmvif->tx_key_idx) {
> /* TX key must be at offset 0 */
> - wkc.wep_key.key_offset = 0;
> + wkc->wep_key[0].key_offset = 0;
> } else {
> /* others start at 1 */
> data->wep_key_idx++;
> - wkc.wep_key.key_offset = data->wep_key_idx;
> + wkc->wep_key[0].key_offset = data->wep_key_idx;
> }
>
> mutex_lock(&mvm->mutex);
> - ret = iwl_mvm_send_cmd_pdu(mvm, WEP_KEY, 0, sizeof(wkc), &wkc);
> + ret = iwl_mvm_send_cmd_pdu(mvm, WEP_KEY, 0, __struct_size(wkc), wkc);
> data->error = ret != 0;
>
> mvm->ptk_ivlen = key->iv_len;
> @@ -2049,10 +2045,8 @@ static bool iwl_mvm_mlo_gtk_rekey(struct iwl_wowlan_status_data *status,
> struct iwl_wowlan_mlo_gtk *mlo_key = &status->mlo_keys[i];
> struct ieee80211_key_conf *key, *old_key;
> struct ieee80211_key_seq seq;
> - struct {
> - struct ieee80211_key_conf conf;
> - u8 key[32];
> - } conf = {};
> + DEFINE_FLEX(struct ieee80211_key_conf, conf, key, keylen,
> + WOWLAN_KEY_MAX_SIZE);
> u16 flags = le16_to_cpu(mlo_key->flags);
> int j, link_id, key_id, key_type;
>
> @@ -2069,40 +2063,40 @@ static bool iwl_mvm_mlo_gtk_rekey(struct iwl_wowlan_status_data *status,
> key_type >= WOWLAN_MLO_GTK_KEY_NUM_TYPES))
> continue;
>
> - conf.conf.cipher = old_keys->cipher[link_id][key_type];
> + conf->cipher = old_keys->cipher[link_id][key_type];
> /* WARN_ON? */
> - if (!conf.conf.cipher)
> + if (!conf->cipher)
> continue;
>
> - conf.conf.keylen = 0;
> - switch (conf.conf.cipher) {
> + conf->keylen = 0;
> + switch (conf->cipher) {
> case WLAN_CIPHER_SUITE_CCMP:
> case WLAN_CIPHER_SUITE_GCMP:
> - conf.conf.keylen = WLAN_KEY_LEN_CCMP;
> + conf->keylen = WLAN_KEY_LEN_CCMP;
> break;
> case WLAN_CIPHER_SUITE_GCMP_256:
> - conf.conf.keylen = WLAN_KEY_LEN_GCMP_256;
> + conf->keylen = WLAN_KEY_LEN_GCMP_256;
> break;
> case WLAN_CIPHER_SUITE_BIP_GMAC_128:
> - conf.conf.keylen = WLAN_KEY_LEN_BIP_GMAC_128;
> + conf->keylen = WLAN_KEY_LEN_BIP_GMAC_128;
> break;
> case WLAN_CIPHER_SUITE_BIP_GMAC_256:
> - conf.conf.keylen = WLAN_KEY_LEN_BIP_GMAC_256;
> + conf->keylen = WLAN_KEY_LEN_BIP_GMAC_256;
> break;
> case WLAN_CIPHER_SUITE_AES_CMAC:
> - conf.conf.keylen = WLAN_KEY_LEN_AES_CMAC;
> + conf->keylen = WLAN_KEY_LEN_AES_CMAC;
> break;
> case WLAN_CIPHER_SUITE_BIP_CMAC_256:
> - conf.conf.keylen = WLAN_KEY_LEN_BIP_CMAC_256;
> + conf->keylen = WLAN_KEY_LEN_BIP_CMAC_256;
> break;
> }
>
> - if (WARN_ON(!conf.conf.keylen ||
> - conf.conf.keylen > sizeof(conf.key)))
> + if (WARN_ON(!conf->keylen ||
> + conf->keylen > WOWLAN_KEY_MAX_SIZE))
> continue;
>
> - memcpy(conf.conf.key, mlo_key->key, conf.conf.keylen);
> - conf.conf.keyidx = key_id;
> + memcpy(conf->key, mlo_key->key, conf->keylen);
> + conf->keyidx = key_id;
>
> old_key = old_keys->key[link_id][key_id];
> if (old_key) {
> @@ -2114,7 +2108,7 @@ static bool iwl_mvm_mlo_gtk_rekey(struct iwl_wowlan_status_data *status,
>
> IWL_DEBUG_WOWLAN(mvm, "Add MLO key id %d, link id %d\n",
> key_id, link_id);
> - key = ieee80211_gtk_rekey_add(vif, &conf.conf, link_id);
> + key = ieee80211_gtk_rekey_add(vif, conf, link_id);
> if (WARN_ON(IS_ERR(key))) {
> ret = false;
> goto out;
> @@ -2144,30 +2138,28 @@ static bool iwl_mvm_gtk_rekey(struct iwl_wowlan_status_data *status,
> {
> int i, j;
> struct ieee80211_key_conf *key;
> - struct {
> - struct ieee80211_key_conf conf;
> - u8 key[32];
> - } conf = {
> - .conf.cipher = gtk_cipher,
> - };
> + DEFINE_FLEX(struct ieee80211_key_conf, conf, key, keylen,
> + WOWLAN_KEY_MAX_SIZE);
> int link_id = vif->active_links ? __ffs(vif->active_links) : -1;
>
> + conf->cipher = gtk_cipher;
> +
> BUILD_BUG_ON(WLAN_KEY_LEN_CCMP != WLAN_KEY_LEN_GCMP);
> - BUILD_BUG_ON(sizeof(conf.key) < WLAN_KEY_LEN_CCMP);
> - BUILD_BUG_ON(sizeof(conf.key) < WLAN_KEY_LEN_GCMP_256);
> - BUILD_BUG_ON(sizeof(conf.key) < WLAN_KEY_LEN_TKIP);
> - BUILD_BUG_ON(sizeof(conf.key) < sizeof(status->gtk[0].key));
> + BUILD_BUG_ON(conf->keylen < WLAN_KEY_LEN_CCMP);
> + BUILD_BUG_ON(conf->keylen < WLAN_KEY_LEN_GCMP_256);
> + BUILD_BUG_ON(conf->keylen < WLAN_KEY_LEN_TKIP);
> + BUILD_BUG_ON(conf->keylen < sizeof(status->gtk[0].key));
>
Even though the mystery re __ffs() has been solved, I wonder if these
BUILD_BUG()s still make sense: their purpose appears to have been to
ensure that the key[] member is of sufficient size, and this is now
guaranteed. So I think we should just drop them.
In the general case, using BUILD_BUG() on a value of a local variable
like this is always going to be fragile. Compilers are free to reorder
code, and some function calls are implicit, or have global side
effects that may prevent the compiler from making any assumptions
about these values at the point of the BUILD_BUG() invocation.
Powered by blists - more mailing lists