[an error occurred while processing this directive]
|
|
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKwvOdmeaUQYkd9kZPgwK0kK5BRxFi8aszyFzw8TA4JFF6y8EQ@mail.gmail.com>
Date: Tue, 6 Sep 2022 19:36:46 -0700
From: Nick Desaulniers <ndesaulniers@...gle.com>
To: Kees Cook <keescook@...omium.org>
Cc: Nathan Chancellor <nathan@...nel.org>, Tom Rix <trix@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Vlastimil Babka <vbabka@...e.cz>,
"Steven Rostedt (Google)" <rostedt@...dmis.org>,
David Gow <davidgow@...gle.com>,
Yury Norov <yury.norov@...il.com>,
Masami Hiramatsu <mhiramat@...nel.org>,
Sander Vanheule <sander@...nheule.net>,
linux-hardening@...r.kernel.org, llvm@...ts.linux.dev,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Dan Williams <dan.j.williams@...el.com>,
Isabella Basso <isabbasso@...eup.net>,
Eric Dumazet <edumazet@...gle.com>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Eric Biggers <ebiggers@...gle.com>,
Hannes Reinecke <hare@...e.de>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/3] fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL
On Fri, Sep 2, 2022 at 1:43 PM Kees Cook <keescook@...omium.org> wrote:
>
> Co-developed-by: Nick Desaulniers <ndesaulniers@...gle.com>
That's overly generous of you!
Anyways, the disassembly LGTM and the bot also came back green.
Reviewed-by: Nick Desaulniers <ndesaulniers@...gle.com>
Tested-by: Android Treehugger Robot
Link: https://android-review.googlesource.com/c/kernel/common/+/2206839
Another thought, Nikita suggested that you could also compare mode 1 vs mode 3:
https://github.com/llvm/llvm-project/issues/57510#issuecomment-1235126343
That said, since mode 3 returns 0 for "unknown" I'd imagine that
wouldn't be pretty since it wouldn't be a direct comparison against
__p_size.
Thanks again for the patch!
> Signed-off-by: Nick Desaulniers <ndesaulniers@...gle.com>
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---
> include/linux/fortify-string.h | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
> index eed2119b23c5..07d5d1921eff 100644
> --- a/include/linux/fortify-string.h
> +++ b/include/linux/fortify-string.h
> @@ -19,7 +19,8 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning("
> unsigned char *__p = (unsigned char *)(p); \
> size_t __ret = (size_t)-1; \
> size_t __p_size = __builtin_object_size(p, 1); \
> - if (__p_size != (size_t)-1) { \
> + if (__p_size != (size_t)-1 && \
> + __builtin_constant_p(*__p)) { \
> size_t __p_len = __p_size - 1; \
> if (__builtin_constant_p(__p[__p_len]) && \
> __p[__p_len] == '\0') \
> --
> 2.34.1
>
--
Thanks,
~Nick Desaulniers
Powered by blists - more mailing lists