| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20A47316-D274-45DD-BA15-F66139654D44@linux.dev>
Date: Tue, 4 Mar 2025 09:58:21 +0100
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Kees Cook <kees@...nel.org>
Cc: Peter Rosin <peda@...ntia.se>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [RESEND PATCH] mux: Convert mux_control_ops to a flex array
member in mux_chip
On 3. Mar 2025, at 19:44, Kees Cook wrote:
> On Mon, Mar 03, 2025 at 12:02:22AM +0100, Thorsten Blum wrote:
>> Convert mux_control_ops to a flexible array member at the end of the
>> mux_chip struct and add the __counted_by() compiler attribute to
>> improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
>> CONFIG_FORTIFY_SOURCE.
>>
>> Use struct_size() to calculate the number of bytes to allocate for a new
>> mux chip and to remove the following Coccinelle/coccicheck warning:
>>
>> WARNING: Use struct_size
>>
>> Use size_add() to safely add any extra bytes.
>>
>> Compile-tested only.
>
> I believe this will fail at runtime. Note that sizeof_priv follows the
> allocation, so at the very least, you'd need to update:
>
> static inline void *mux_chip_priv(struct mux_chip *mux_chip)
> {
> return &mux_chip->mux[mux_chip->controllers];
> }
>
> to not use the mux array itself as a location reference because it will
> be seen as out of bounds.
Getting the address doesn't fail at runtime, does it? For this example
it works, but maybe I'm missing some compiler flag?
https://godbolt.org/z/qTEdqn9WW
Thanks,
Thorsten
Powered by blists - more mailing lists