lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <A6D52C12-29BF-4A51-B677-584EFC4F3823@linux.dev>
Date: Sun, 13 Apr 2025 14:42:49 +0200
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Peter Rosin <peda@...ntia.se>
Cc: "Gustavo A. R. Silva" <gustavoars@...nel.org>,
 Kees Cook <kees@...nel.org>,
 linux-kernel@...r.kernel.org,
 linux-hardening@...r.kernel.org
Subject: Re: [RESEND PATCH] mux: Convert mux_control_ops to a flex array
 member in mux_chip

Hi Peter,

On 7. Apr 2025, at 20:20, Kees Cook wrote:
> On Fri, Mar 07, 2025 at 12:32:07PM +0100, Thorsten Blum wrote:
>> On 3. Mar 2025, at 19:44, Kees Cook wrote:
>>> On Mon, Mar 03, 2025 at 12:02:22AM +0100, Thorsten Blum wrote:
>>>> Convert mux_control_ops to a flexible array member at the end of the
>>>> mux_chip struct and add the __counted_by() compiler attribute to
>>>> improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
>>>> CONFIG_FORTIFY_SOURCE.
>>>> 
>>>> Use struct_size() to calculate the number of bytes to allocate for a new
>>>> mux chip and to remove the following Coccinelle/coccicheck warning:
>>>> 
>>>> WARNING: Use struct_size
>>>> 
>>>> Use size_add() to safely add any extra bytes.
>>>> 
>>>> Compile-tested only.
>>> 
>>> I believe this will fail at runtime. Note that sizeof_priv follows the
>>> allocation, so at the very least, you'd need to update:
>>> 
>>> static inline void *mux_chip_priv(struct mux_chip *mux_chip)
>>> {
>>>       return &mux_chip->mux[mux_chip->controllers];
>>> }
>>> 
>>> to not use the mux array itself as a location reference because it will
>>> be seen as out of bounds.
>>> 
>>> To deal with this, the location will need to be calculated using
>>> mux_chip as the base, not mux_chip->mux as the base. For example, see
>>> commit 838ae9f45c4e ("nouveau/gsp: Avoid addressing beyond end of rpc->entries")
>> 
>> Since this should work and is well-defined C code according to [1][2],
>> could you give this patch another look or should I still change it and
>> submit a v2?
> 
> I think C is wrong here, but it seems it will continue to accidentally
> work. I personally would like a v3 that fixes this, but I leave it to
> Peter who is the MUX maintainer...

What's your take on this?

Thanks,
Thorsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ