| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJZ5v0iS3qMgdab1S-NzGfeLLXV=S6p5Qx8AaqJ50rsUngS=LA@mail.gmail.com>
Date: Tue, 23 Nov 2021 14:19:25 +0100
From: "Rafael J. Wysocki" <rafael@...nel.org>
To: Kees Cook <keescook@...omium.org>, Zhang Rui <rui.zhang@...el.com>,
Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Daniel Lezcano <daniel.lezcano@...aro.org>,
Amit Kucheria <amitk@...nel.org>,
Linux PM <linux-pm@...r.kernel.org>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
"open list:NETWORKING DRIVERS (WIRELESS)"
<linux-wireless@...r.kernel.org>, netdev <netdev@...r.kernel.org>,
dri-devel <dri-devel@...ts.freedesktop.org>,
linux-staging@...ts.linux.dev, linux-block@...r.kernel.org,
linux-kbuild@...r.kernel.org, clang-built-linux@...glegroups.com,
Rasmus Villemoes <linux@...musvillemoes.dk>,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2 12/63] thermal: intel: int340x_thermal: Use
struct_group() for memcpy() region
On Wed, Aug 18, 2021 at 8:08 AM Kees Cook <keescook@...omium.org> wrote:
>
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), avoid intentionally writing across
> neighboring fields.
>
> Use struct_group() in struct art around members weight, and ac[0-9]_max,
> so they can be referenced together. This will allow memcpy() and sizeof()
> to more easily reason about sizes, improve readability, and avoid future
> warnings about writing beyond the end of weight.
>
> "pahole" shows no size nor member offset changes to struct art.
> "objdump -d" shows no meaningful object code changes (i.e. only source
> line number induced differences).
>
> Cc: Zhang Rui <rui.zhang@...el.com>
> Cc: Daniel Lezcano <daniel.lezcano@...aro.org>
> Cc: Amit Kucheria <amitk@...nel.org>
> Cc: linux-pm@...r.kernel.org
> Signed-off-by: Kees Cook <keescook@...omium.org>
Rui, Srinivas, any comments here?
> ---
> .../intel/int340x_thermal/acpi_thermal_rel.c | 5 +-
> .../intel/int340x_thermal/acpi_thermal_rel.h | 48 ++++++++++---------
> 2 files changed, 29 insertions(+), 24 deletions(-)
>
> diff --git a/drivers/thermal/intel/int340x_thermal/acpi_thermal_rel.c b/drivers/thermal/intel/int340x_thermal/acpi_thermal_rel.c
> index a478cff8162a..e90690a234c4 100644
> --- a/drivers/thermal/intel/int340x_thermal/acpi_thermal_rel.c
> +++ b/drivers/thermal/intel/int340x_thermal/acpi_thermal_rel.c
> @@ -250,8 +250,9 @@ static int fill_art(char __user *ubuf)
> get_single_name(arts[i].source, art_user[i].source_device);
> get_single_name(arts[i].target, art_user[i].target_device);
> /* copy the rest int data in addition to source and target */
> - memcpy(&art_user[i].weight, &arts[i].weight,
> - sizeof(u64) * (ACPI_NR_ART_ELEMENTS - 2));
> + BUILD_BUG_ON(sizeof(art_user[i].data) !=
> + sizeof(u64) * (ACPI_NR_ART_ELEMENTS - 2));
> + memcpy(&art_user[i].data, &arts[i].data, sizeof(art_user[i].data));
> }
>
> if (copy_to_user(ubuf, art_user, art_len))
> diff --git a/drivers/thermal/intel/int340x_thermal/acpi_thermal_rel.h b/drivers/thermal/intel/int340x_thermal/acpi_thermal_rel.h
> index 58822575fd54..78d942477035 100644
> --- a/drivers/thermal/intel/int340x_thermal/acpi_thermal_rel.h
> +++ b/drivers/thermal/intel/int340x_thermal/acpi_thermal_rel.h
> @@ -17,17 +17,19 @@
> struct art {
> acpi_handle source;
> acpi_handle target;
> - u64 weight;
> - u64 ac0_max;
> - u64 ac1_max;
> - u64 ac2_max;
> - u64 ac3_max;
> - u64 ac4_max;
> - u64 ac5_max;
> - u64 ac6_max;
> - u64 ac7_max;
> - u64 ac8_max;
> - u64 ac9_max;
> + struct_group(data,
> + u64 weight;
> + u64 ac0_max;
> + u64 ac1_max;
> + u64 ac2_max;
> + u64 ac3_max;
> + u64 ac4_max;
> + u64 ac5_max;
> + u64 ac6_max;
> + u64 ac7_max;
> + u64 ac8_max;
> + u64 ac9_max;
> + );
> } __packed;
>
> struct trt {
> @@ -47,17 +49,19 @@ union art_object {
> struct {
> char source_device[8]; /* ACPI single name */
> char target_device[8]; /* ACPI single name */
> - u64 weight;
> - u64 ac0_max_level;
> - u64 ac1_max_level;
> - u64 ac2_max_level;
> - u64 ac3_max_level;
> - u64 ac4_max_level;
> - u64 ac5_max_level;
> - u64 ac6_max_level;
> - u64 ac7_max_level;
> - u64 ac8_max_level;
> - u64 ac9_max_level;
> + struct_group(data,
> + u64 weight;
> + u64 ac0_max_level;
> + u64 ac1_max_level;
> + u64 ac2_max_level;
> + u64 ac3_max_level;
> + u64 ac4_max_level;
> + u64 ac5_max_level;
> + u64 ac6_max_level;
> + u64 ac7_max_level;
> + u64 ac8_max_level;
> + u64 ac9_max_level;
> + );
> };
> u64 __data[ACPI_NR_ART_ELEMENTS];
> };
> --
> 2.30.2
>
Powered by blists - more mailing lists