lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 12 Oct 2017 10:44:47 -0700
From:   Michael Lyle <mlyle@...e.org>
To:     Liang Chen <liangchen.linux@...il.com>,
        linux-bcache@...r.kernel.org
Cc:     i@...y.li, kent.overstreet@...il.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] bcache: safeguard a dangerous addressing in closure_queue

On 10/12/2017 07:37 AM, Liang Chen wrote:
> The use of the union reduces the size of closure struct by taking advantage
> of the current size of its members. The offset of func in work_struct equals
> the size of the first three members, so that work.work_func will just
> reference the forth member - fn.
> 
> This is smart but dangerous. It can be broken if work_struct or the other
> structs get changed, and can be a bit difficult to debug.
> 
> Signed-off-by: Liang Chen <liangchen.linux@...il.com>

So the objective here is to make sure that struct work_struct and the
anonymous struct remain identical?  I agree that's a potential problem
for future maintenance.

Could we use BUILD_BUG_ON with offsets and sizes to do the same, to get
compile-time checking and avoid doing anything at runtime (I know the
compiler can usually omit the BUG but better to be safe)?  Otherwise a
kernel that triggered this problem would compile, and it'd only be if
someone actually used bcache that it would trigger.

Mike

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ