lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250930144537.3559207-9-joelagnelf@nvidia.com>
Date: Tue, 30 Sep 2025 10:45:36 -0400
From: Joel Fernandes <joelagnelf@...dia.com>
To: linux-kernel@...r.kernel.org,
	rust-for-linux@...r.kernel.org,
	dri-devel@...ts.freedesktop.org,
	dakr@...nel.org,
	acourbot@...dia.com
Cc: Alistair Popple <apopple@...dia.com>,
	Miguel Ojeda <ojeda@...nel.org>,
	Alex Gaynor <alex.gaynor@...il.com>,
	Boqun Feng <boqun.feng@...il.com>,
	Gary Guo <gary@...yguo.net>,
	bjorn3_gh@...tonmail.com,
	Benno Lossin <lossin@...nel.org>,
	Andreas Hindborg <a.hindborg@...nel.org>,
	Alice Ryhl <aliceryhl@...gle.com>,
	Trevor Gross <tmgross@...ch.edu>,
	David Airlie <airlied@...il.com>,
	Simona Vetter <simona@...ll.ch>,
	Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
	Maxime Ripard <mripard@...nel.org>,
	Thomas Zimmermann <tzimmermann@...e.de>,
	John Hubbard <jhubbard@...dia.com>,
	Joel Fernandes <joelagnelf@...dia.com>,
	Timur Tabi <ttabi@...dia.com>,
	joel@...lfernandes.org,
	Elle Rhumsaa <elle@...thered-steel.dev>,
	Yury Norov <yury.norov@...il.com>,
	Daniel Almeida <daniel.almeida@...labora.com>,
	Andrea Righi <arighi@...dia.com>,
	nouveau@...ts.freedesktop.org
Subject: [PATCH v5 8/9] rust: bitfield: Add hardening for out of bounds access

Similar to bitmap.rs, add hardening to print errors or assert if the
setter API is used to write out-of-bound values.

Suggested-by: Yury Norov <yury.norov@...il.com>
Signed-off-by: Joel Fernandes <joelagnelf@...dia.com>
---
 rust/kernel/bitfield.rs    | 32 +++++++++++++++++++++++++++++++-
 security/Kconfig.hardening |  9 +++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/rust/kernel/bitfield.rs b/rust/kernel/bitfield.rs
index a74e6d45ecd3..655f940479f1 100644
--- a/rust/kernel/bitfield.rs
+++ b/rust/kernel/bitfield.rs
@@ -29,6 +29,20 @@ pub const fn into_raw(self) -> T {
     }
 }
 
+/// Assertion macro for bitfield
+#[macro_export]
+macro_rules! bitfield_assert {
+    ($cond:expr, $($arg:tt)+) => {
+        #[cfg(CONFIG_RUST_BITFIELD_HARDENED)]
+        ::core::assert!($cond, $($arg)*);
+
+        #[cfg(not(CONFIG_RUST_BITFIELD_HARDENED))]
+        if !($cond) {
+            $crate::pr_err!($($arg)+);
+        }
+    }
+}
+
 /// Bitfield macro definition.
 /// Define a struct with accessors to access bits within an inner unsigned integer.
 ///
@@ -358,9 +372,25 @@ impl $name {
         $vis fn [<set_ $field>](mut self, value: $to_type) -> Self {
             const MASK: $storage = $name::[<$field:upper _MASK>];
             const SHIFT: u32 = $name::[<$field:upper _SHIFT>];
+            const BITS: u32 = ($hi - $lo + 1) as u32;
+            const MAX_VALUE: $storage =
+                if BITS >= (::core::mem::size_of::<$storage>() * 8) as u32 {
+                    !0
+                } else {
+                    (1 << BITS) - 1
+                };
+
+            // Check for overflow - value should fit within the field's bits.
             // Here we are potentially narrowing value from a wider bit value
             // to a narrower bit value. So we have to use `as` instead of `::from()`.
-            let val = ((value as $storage) << SHIFT) & MASK;
+            let raw_field_value = value as $storage;
+
+            $crate::bitfield_assert!(
+                raw_field_value <= MAX_VALUE,
+                "value {} exceeds {} for a {} bit field", raw_field_value, MAX_VALUE, BITS
+            );
+
+            let val = (raw_field_value << SHIFT) & MASK;
             let new_val = (self.raw() & !MASK) | val;
             self.0 = ::kernel::bitfield::BitfieldInternalStorage::from_raw(new_val);
 
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index 86f8768c63d4..e9fc6dcbd6c3 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -265,6 +265,15 @@ config RUST_BITMAP_HARDENED
 
 	  If unsure, say N.
 
+config RUST_BITFIELD_HARDENED
+	bool "Check integrity of bitfield Rust API"
+	depends on RUST
+	help
+	  Enables additional assertions in the Rust Bitfield API to catch
+	  values that exceed the bitfield bounds.
+
+	  If unsure, say N.
+
 config BUG_ON_DATA_CORRUPTION
 	bool "Trigger a BUG when data corruption is detected"
 	select LIST_HARDENED
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ