[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20211213223331.135412-1-keescook@chromium.org>
Date: Mon, 13 Dec 2021 14:33:14 -0800
From: Kees Cook <keescook@...omium.org>
To: linux-hardening@...r.kernel.org
Cc: Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org
Subject: [PATCH 00/17] Enable strict compile-time memcpy() fortify checks
Hi,
This is "phase 2" (of several phases) to hardening the kernel against
memcpy-based buffer overflows. With nearly all compile-time fixes
landed, the next step is to turn on the warning globally to keep future
compile-time issues from happening, and let us take the step towards
run-time checking (and towards a new API for flexible array structures).
This series is based on latest linux-next, and several patches here
have already been taken by subsystem maintainers but haven't appeared
in linux-next yet, and are noted below.
-Kees
refactoring patches expected to be going via subsystem trees:
sata_fsl: Use struct_group() for memcpy() region
https://lore.kernel.org/lkml/23527f89-d098-ab6b-f3c9-a8a395e32df5@opensource.wdc.com/
ath11k: Use memset_startat() for clearing queue descriptors
https://lore.kernel.org/lkml/163777372886.11557.5551795598856429949.kvalo@codeaurora.org/
refactoring patches going via my topic tree due to having no current response:
net/mlx5e: Use struct_group() for memcpy() region
https://lore.kernel.org/lkml/20211118183748.1283069-1-keescook@chromium.org/
net/mlx5e: Avoid field-overflowing memcpy()
https://lore.kernel.org/lkml/20211209053402.2202206-1-keescook@chromium.org/
media: omap3isp: Use struct_group() for memcpy() region
https://lore.kernel.org/lkml/20211118184352.1284792-1-keescook@chromium.org/
drbd: Use struct_group() to zero algs
https://lore.kernel.org/lkml/20211118203712.1288866-1-keescook@chromium.org/
dm integrity: Use struct_group() to zero struct journal_sector
https://lore.kernel.org/lkml/20211118203640.1288585-1-keescook@chromium.org/
iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl
https://lore.kernel.org/lkml/20211118202335.1285836-1-keescook@chromium.org/
refactoring patches going via my topic tree due to Acks:
KVM: x86: Replace memset() "optimization" with normal per-field writes
https://lore.kernel.org/lkml/202108181605.44C504C@keescook/
RDMA/mlx5: Use memset_after() to zero struct mlx5_ib_mr
https://lore.kernel.org/lkml/YbByJSkBgLRp5S8V@unreal/
intel_th: msu: Use memset_startat() for clearing hw header
https://lore.kernel.org/lkml/87sfyzi97l.fsf@ashishki-desk.ger.corp.intel.com/
IB/mthca: Use memset_startat() for clearing mpt_entry
https://lore.kernel.org/lkml/20211118202126.1285376-1-keescook@chromium.org/
scsi: lpfc: Use struct_group() to initialize struct lpfc_cgn_info
https://lore.kernel.org/lkml/1164349c-93a5-ebb8-94aa-dbe03957c40f@gmail.com/
fortify changes going via my topic tree:
fortify: Detect struct member overflows in memcpy() at compile-time
fortify: Detect struct member overflows in memmove() at compile-time
fortify: Detect struct member overflows in memset() at compile-time
fortify: Work around Clang inlining bugs
arch/x86/boot/compressed/misc.c | 3 +-
arch/x86/kvm/emulate.c | 9 +-
arch/x86/kvm/kvm_emulate.h | 6 +-
arch/x86/lib/memcpy_32.c | 1 +
drivers/ata/sata_fsl.c | 10 +-
drivers/block/drbd/drbd_main.c | 3 +-
drivers/block/drbd/drbd_protocol.h | 6 +-
drivers/block/drbd/drbd_receiver.c | 3 +-
drivers/hwtracing/intel_th/msu.c | 4 +-
drivers/infiniband/hw/cxgb4/cm.c | 5 +-
drivers/infiniband/hw/mlx5/mlx5_ib.h | 4 +-
drivers/infiniband/hw/mthca/mthca_mr.c | 3 +-
drivers/md/dm-integrity.c | 9 +-
drivers/media/platform/omap3isp/ispstat.c | 5 +-
drivers/net/ethernet/chelsio/cxgb4/t4_msg.h | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en.h | 6 +-
.../net/ethernet/mellanox/mlx5/core/en/xdp.c | 4 +-
.../net/ethernet/mellanox/mlx5/core/en_tx.c | 2 +-
drivers/net/wireless/ath/ath11k/hal_rx.c | 13 +-
drivers/scsi/lpfc/lpfc.h | 90 ++++---
drivers/scsi/lpfc/lpfc_init.c | 4 +-
include/linux/fortify-string.h | 245 +++++++++++++-----
include/linux/if_vlan.h | 6 +-
include/uapi/linux/omap3isp.h | 21 +-
lib/Makefile | 3 +-
lib/string_helpers.c | 6 +
.../read_overflow2_field-memcpy.c | 5 +
.../read_overflow2_field-memmove.c | 5 +
.../write_overflow_field-memcpy.c | 5 +
.../write_overflow_field-memmove.c | 5 +
.../write_overflow_field-memset.c | 5 +
scripts/test_fortify.sh | 8 +-
security/Kconfig | 2 +-
33 files changed, 344 insertions(+), 164 deletions(-)
create mode 100644 lib/test_fortify/read_overflow2_field-memcpy.c
create mode 100644 lib/test_fortify/read_overflow2_field-memmove.c
create mode 100644 lib/test_fortify/write_overflow_field-memcpy.c
create mode 100644 lib/test_fortify/write_overflow_field-memmove.c
create mode 100644 lib/test_fortify/write_overflow_field-memset.c
--
2.30.2
Powered by blists - more mailing lists