| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <776bcc3e3814433a8ed2c2027a2cf7c1@AcuMS.aculab.com>
Date: Sat, 19 Sep 2020 15:15:08 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Arvind Sankar' <nivedita@...m.mit.edu>,
Linus Torvalds <torvalds@...ux-foundation.org>
CC: Matthew Wilcox <willy@...radead.org>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Dennis Zhou <dennis@...nel.org>, Tejun Heo <tj@...nel.org>,
Christoph Lameter <cl@...ux.com>,
Linux-MM <linux-mm@...ck.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Kees Cook <keescook@...omium.org>
Subject: RE: [GIT PULL] percpu fix for v5.9-rc6
From: Arvind Sankar
> Sent: 18 September 2020 23:40
..
> Ouch, offsetof() and sizeof() will give different results in the
> presence of alignment padding.
>
> https://godbolt.org/z/rqnxTK
>
> I think, grepping at random, that at least struct scsi_vpd is like this,
> size is 24 but data[] starts at offset 20.
>
> struct scsi_vpd {
> struct rcu_head rcu;
> int len;
> unsigned char data[];
> };
For another standards 'brain-fart' consider:
x = malloc(offsetof(struct scsi_vpd, data[count]));
Since offsetof() is defined to return a compile-time constant
(hi Microsoft) this is illegal unless 'count' is also a
compile-time constant.
(It ought to be defined to be constant if the field is constant.)
If count < 4 then *x = *y will also write past the end of x.
Such structure assignments should be compile-time errors.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists