lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID:
 <AS8PR02MB7237E215724E0E76C6A50C698BFE2@AS8PR02MB7237.eurprd02.prod.outlook.com>
Date: Sun,  2 Jun 2024 18:13:08 +0200
From: Erick Archer <erick.archer@...look.com>
To: Kalle Valo <kvalo@...nel.org>,
	Nicolas Ferre <nicolas.ferre@...rochip.com>,
	Alexandre Belloni <alexandre.belloni@...tlin.com>,
	Claudiu Beznea <claudiu.beznea@...on.dev>,
	Kees Cook <keescook@...omium.org>,
	"Gustavo A. R. Silva" <gustavoars@...nel.org>,
	Nathan Chancellor <nathan@...nel.org>,
	Nick Desaulniers <ndesaulniers@...gle.com>,
	Bill Wendling <morbo@...gle.com>,
	Justin Stitt <justinstitt@...gle.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Johannes Berg <johannes.berg@...el.com>,
	Alan Stern <stern@...land.harvard.edu>
Cc: Erick Archer <erick.archer@...look.com>,
	linux-wireless@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org,
	linux-kernel@...r.kernel.org,
	linux-hardening@...r.kernel.org,
	llvm@...ts.linux.dev
Subject: [PATCH 0/2] atmel: at76c50x: improve code robustness

Hi,

This series of patches attempts to improve the at76c50x code
robustness.

In the first patch, it is preferred to use sizeof(*pointer) instead
of sizeof(type) due to the type of the variable can change and one
needs not change the former (unlike the latter).

The second patch is an effort to get rid of all multiplications
from allocation functions in order to prevent integer overflows
[1][2]. As the "struct at76_command" ends in a flexible array the
preferred way in the kernel is to use the struct_size() helper to
do the arithmetic instead of the calculation "size + count" in the
kmalloc() function.

At the same time, prepare for the coming implementation by GCC and
Clang of the __counted_by attribute. Flexible array members annotated
with __counted_by can have their accesses bounds-checked at run-time
via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE
(for strcpy/memcpy-family functions).

This way, the code is more readable and safer.

Regards,
Erick

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments [1]
Link: https://github.com/KSPP/linux/issues/160 [2]
---
Erick Archer (2):
  atmel: at76c50x: use sizeof(*pointer) instead of sizeof(type)
  atmel: at76c50x: prefer struct_size over open coded arithmetic

 drivers/net/wireless/atmel/at76c50x-usb.c | 56 ++++++++++-------------
 drivers/net/wireless/atmel/at76c50x-usb.h |  2 +-
 2 files changed, 26 insertions(+), 32 deletions(-)

-- 
2.25.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ