lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 05 Apr 2023 17:37:01 -0700
From:   Kees Cook <kees@...flux.net>
To:     Dan Williams <dan.j.williams@...el.com>,
        "Rafael J. Wysocki" <rjw@...ysocki.net>,
        Linux ACPI <linux-acpi@...r.kernel.org>
CC:     LKML <linux-kernel@...r.kernel.org>,
        Bob Moore <robert.moore@...el.com>
Subject: RE: [PATCH 22/32] ACPICA: actbl2: Replace 1-element arrays with flexible arrays



On April 5, 2023 5:22:55 PM PDT, Dan Williams <dan.j.williams@...el.com> wrote:
>Dan Williams wrote:
>> Rafael J. Wysocki wrote:
>> > From: Kees Cook <kees@...flux.net>
>> > 
>> > ACPICA commit 44f1af0664599e87bebc3a1260692baa27b2f264
>> > 
>> > Similar to "Replace one-element array with flexible-array", replace the
>> > 1-element array with a proper flexible array member as defined by C99.
>> > 
>> > This allows the code to operate without tripping compile-time and run-
>> > time bounds checkers (e.g. via __builtin_object_size(), -fsanitize=bounds,
>> > and/or -fstrict-flex-arrays=3).
>> > 
>> > The sizeof() uses with struct acpi_nfit_flush_address and struct
>> > acpi_nfit_smbios have been adjusted to drop the open-coded subtraction
>> > of the trailing single element. The result is no binary differences in
>> > .text nor .data sections.
>> > 
>> > Link: https://github.com/acpica/acpica/commit/44f1af06
>> > Signed-off-by: Bob Moore <robert.moore@...el.com>
>> > Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@...el.com>
>> 
>> Reviewed-by: Dan Williams <dan.j.williams@...el.com>
>
>Unit tests say NAK, though.
>
>This causes a regression, but I think I see where. Will send a fixed
>patch in a bit.

Ah, which tests? I must have missed something!

Thanks for digging in.

-Kees


-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ