lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAGXu5jKkHAHpzEpmHNJ6iPhXJKXoZH9Wy4mnCnE1=TEgTcHSRw@mail.gmail.com>
Date:   Wed, 28 Feb 2018 08:54:31 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Jinbum Park <jinb.park7@...il.com>
Cc:     linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Kernel Hardening <kernel-hardening@...ts.openwall.com>,
        Philippe Ombredanne <pombredanne@...b.co>,
        Greg KH <gregkh@...uxfoundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        Andy Lutomirski <luto@...capital.net>,
        Dmitry Safonov <dsafonov@...tuozzo.com>,
        Will Deacon <will.deacon@....com>,
        Mark Rutland <mark.rutland@....com>,
        Daniel Micay <danielmicay@...il.com>,
        Arnd Bergmann <arnd@...db.de>,
        Catalin Marinas <catalin.marinas@....com>
Subject: Re: [kernel-hardening] [PATCH 1/2] arm: mm: Define vdso_start,
 vdso_end as array

On Wed, Feb 28, 2018 at 6:29 AM, Jinbum Park <jinb.park7@...il.com> wrote:
> Define vdso_start, vdso_end as array to avoid compile-time analysis error
> for the case of built with CONFIG_FORTIFY_SOURCE.
>
> and, since vdso_start, vdso_end are used in vdso.c only,
> move extern-declaration from vdso.h to vdso.c.
>
> If kernel is built with CONFIG_FORTIFY_SOURCE,
> compile-time error happens at this code.
> - if (memcmp(&vdso_start, "\177ELF", 4))
>
> The size of "&vdso_start" is recognized as 1 byte, but n is 4,
> So that compile-time error is reported.
>
> Signed-off-by: Jinbum Park <jinb.park7@...il.com>

Thanks!

Acked-by: Kees Cook <keescook@...omium.org>

-Kees

> ---
>  arch/arm/include/asm/vdso.h |  2 --
>  arch/arm/kernel/vdso.c      | 12 +++++++-----
>  2 files changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/arch/arm/include/asm/vdso.h b/arch/arm/include/asm/vdso.h
> index 9c99e81..5b85889 100644
> --- a/arch/arm/include/asm/vdso.h
> +++ b/arch/arm/include/asm/vdso.h
> @@ -12,8 +12,6 @@
>
>  void arm_install_vdso(struct mm_struct *mm, unsigned long addr);
>
> -extern char vdso_start, vdso_end;
> -
>  extern unsigned int vdso_total_pages;
>
>  #else /* CONFIG_VDSO */
> diff --git a/arch/arm/kernel/vdso.c b/arch/arm/kernel/vdso.c
> index a4d6dc0..f4dd7f9 100644
> --- a/arch/arm/kernel/vdso.c
> +++ b/arch/arm/kernel/vdso.c
> @@ -39,6 +39,8 @@
>
>  static struct page **vdso_text_pagelist;
>
> +extern char vdso_start[], vdso_end[];
> +
>  /* Total number of pages needed for the data and text portions of the VDSO. */
>  unsigned int vdso_total_pages __ro_after_init;
>
> @@ -197,13 +199,13 @@ static int __init vdso_init(void)
>         unsigned int text_pages;
>         int i;
>
> -       if (memcmp(&vdso_start, "\177ELF", 4)) {
> +       if (memcmp(vdso_start, "\177ELF", 4)) {
>                 pr_err("VDSO is not a valid ELF object!\n");
>                 return -ENOEXEC;
>         }
>
> -       text_pages = (&vdso_end - &vdso_start) >> PAGE_SHIFT;
> -       pr_debug("vdso: %i text pages at base %p\n", text_pages, &vdso_start);
> +       text_pages = (vdso_end - vdso_start) >> PAGE_SHIFT;
> +       pr_debug("vdso: %i text pages at base %p\n", text_pages, vdso_start);
>
>         /* Allocate the VDSO text pagelist */
>         vdso_text_pagelist = kcalloc(text_pages, sizeof(struct page *),
> @@ -218,7 +220,7 @@ static int __init vdso_init(void)
>         for (i = 0; i < text_pages; i++) {
>                 struct page *page;
>
> -               page = virt_to_page(&vdso_start + i * PAGE_SIZE);
> +               page = virt_to_page(vdso_start + i * PAGE_SIZE);
>                 vdso_text_pagelist[i] = page;
>         }
>
> @@ -229,7 +231,7 @@ static int __init vdso_init(void)
>
>         cntvct_ok = cntvct_functional();
>
> -       patch_vdso(&vdso_start);
> +       patch_vdso(vdso_start);
>
>         return 0;
>  }
> --
> 1.9.1
>



-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ