lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231128111028.GA2382233@e124191.cambridge.arm.com> Date: Tue, 28 Nov 2023 11:10:28 +0000 From: Joey Gouly <joey.gouly@....com> To: "Gustavo A. R. Silva" <gustavoars@...nel.org> Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Bill Wendling <morbo@...gle.com>, Kees Cook <keescook@...omium.org>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] neighbour: Fix __randomize_layout crash in struct neighbour Hi, On Sat, Nov 25, 2023 at 03:33:58PM -0600, Gustavo A. R. Silva wrote: > Previously, one-element and zero-length arrays were treated as true > flexible arrays, even though they are actually "fake" flex arrays. > The __randomize_layout would leave them untouched at the end of the > struct, similarly to proper C99 flex-array members. > > However, this approach changed with commit 1ee60356c2dc ("gcc-plugins: > randstruct: Only warn about true flexible arrays"). Now, only C99 > flexible-array members will remain untouched at the end of the struct, > while one-element and zero-length arrays will be subject to randomization. > > Fix a `__randomize_layout` crash in `struct neighbour` by transforming > zero-length array `primary_key` into a proper C99 flexible-array member. > > Fixes: 1ee60356c2dc ("gcc-plugins: randstruct: Only warn about true flexible arrays") > Closes: https://lore.kernel.org/linux-hardening/20231124102458.GB1503258@e124191.cambridge.arm.com/ > Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org> > --- > include/net/neighbour.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/net/neighbour.h b/include/net/neighbour.h > index 07022bb0d44d..0d28172193fa 100644 > --- a/include/net/neighbour.h > +++ b/include/net/neighbour.h > @@ -162,7 +162,7 @@ struct neighbour { > struct rcu_head rcu; > struct net_device *dev; > netdevice_tracker dev_tracker; > - u8 primary_key[0]; > + u8 primary_key[]; > } __randomize_layout; > > struct neigh_ops { Fixes the crash for me! Tested-by: Joey Gouly <joey.gouly@....com>
Powered by blists - more mailing lists