lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <EF33DB16-407A-4A09-8FF8-E216A2B231C4@linux.dev>
Date: Tue, 29 Apr 2025 13:55:53 +0200
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Peter Rosin <peda@...ntia.se>
Cc: "Gustavo A. R. Silva" <gustavoars@...nel.org>,
 Kees Cook <kees@...nel.org>,
 linux-kernel@...r.kernel.org,
 linux-hardening@...r.kernel.org
Subject: Re: [RESEND PATCH] mux: Convert mux_control_ops to a flex array
 member in mux_chip

Peter?

On 13. Apr 2025, at 14:42, Thorsten Blum wrote:
> On 7. Apr 2025, at 20:20, Kees Cook wrote:
>> On Fri, Mar 07, 2025 at 12:32:07PM +0100, Thorsten Blum wrote:
>>> On 3. Mar 2025, at 19:44, Kees Cook wrote:
>>>> On Mon, Mar 03, 2025 at 12:02:22AM +0100, Thorsten Blum wrote:
>>>>> Convert mux_control_ops to a flexible array member at the end of the
>>>>> mux_chip struct and add the __counted_by() compiler attribute to
>>>>> improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
>>>>> CONFIG_FORTIFY_SOURCE.
>>>>> 
>>>>> Use struct_size() to calculate the number of bytes to allocate for a new
>>>>> mux chip and to remove the following Coccinelle/coccicheck warning:
>>>>> 
>>>>> WARNING: Use struct_size
>>>>> 
>>>>> Use size_add() to safely add any extra bytes.
>>>>> 
>>>>> Compile-tested only.
>>>> 
>>>> I believe this will fail at runtime. Note that sizeof_priv follows the
>>>> allocation, so at the very least, you'd need to update:
>>>> 
>>>> static inline void *mux_chip_priv(struct mux_chip *mux_chip)
>>>> {
>>>>      return &mux_chip->mux[mux_chip->controllers];
>>>> }
>>>> 
>>>> to not use the mux array itself as a location reference because it will
>>>> be seen as out of bounds.
>>>> 
>>>> To deal with this, the location will need to be calculated using
>>>> mux_chip as the base, not mux_chip->mux as the base. For example, see
>>>> commit 838ae9f45c4e ("nouveau/gsp: Avoid addressing beyond end of rpc->entries")
>>> 
>>> Since this should work and is well-defined C code according to [1][2],
>>> could you give this patch another look or should I still change it and
>>> submit a v2?
>> 
>> I think C is wrong here, but it seems it will continue to accidentally
>> work. I personally would like a v3 that fixes this, but I leave it to
>> Peter who is the MUX maintainer...
> 
> What's your take on this?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ