| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251119184500.GA3303394@ax162>
Date: Wed, 19 Nov 2025 11:45:00 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
kernel test robot <lkp@...el.com>,
Eric Biggers <ebiggers@...nel.org>,
Ard Biesheuvel <ardb@...nel.org>, Kees Cook <kees@...nel.org>,
linux-crypto@...r.kernel.org, llvm@...ts.linux.dev,
oe-kbuild-all@...ts.linux.dev, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH libcrypto 2/2] crypto: chacha20poly1305: statically check
fixed array lengths
On Wed, Nov 19, 2025 at 05:46:44PM +0100, Jason A. Donenfeld wrote:
> Hey Linus,
>
> On Wed, Nov 19, 2025 at 5:29 PM Linus Torvalds
> <torvalds@...ux-foundation.org> wrote:
> >
> > On Wed, 19 Nov 2025 at 04:46, kernel test robot <lkp@...el.com> wrote:
> > >
> > > >> drivers/net/wireguard/cookie.c:193:2: warning: array argument is too small; contains 31 elements, callee requires at least 32 [-Warray-bounds]
> >
> > Hmm. Is this a compiler bug?
>
> It's not. It's a 0day test bot bug! My original patch had in it some
> commentary about what a bug would look like when it's caught by the
> compiler. In order to provoke that compiler output, I mentioned in the
> commit message that this diff will produce such and such result:
>
> diff --git a/drivers/net/wireguard/cookie.h b/drivers/net/wireguard/cookie.h
> index c4bd61ca03f2..2839c46029f8 100644
> --- a/drivers/net/wireguard/cookie.h
> +++ b/drivers/net/wireguard/cookie.h
> @@ -13,7 +13,7 @@ struct wg_peer;
>
> struct cookie_checker {
> u8 secret[NOISE_HASH_LEN];
> - u8 cookie_encryption_key[NOISE_SYMMETRIC_KEY_LEN];
> + u8 cookie_encryption_key[NOISE_SYMMETRIC_KEY_LEN - 1];
> u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN];
> u64 secret_birthdate;
> struct rw_semaphore secret_lock;
>
> It looks like the 0day test bot just went through the email and
> applied all the `diff --git ...` hunks, without taking into account
> the context area above where the actual patches start.
I don't think it is a bot issue. Just running 'b4 shazam' (i.e. just
applying the patch with 'git am') on the series results in:
commit 6ddc87109d4bb589d02cc3a8b037c99fdc4cbbf9
Author: Jason A. Donenfeld <Jason@...c4.com>
Date: Tue Nov 18 18:02:40 2025 +0100
crypto: chacha20poly1305: statically check fixed array lengths
Several parameters of the chacha20poly1305 functions require arrays of
an exact length. Use the new min_array_size() macro to instruct gcc and
clang to statically check that the caller is passing an object of at
least that length.
Here it is in action, with this faulty patch:
diff --git a/drivers/net/wireguard/cookie.h b/drivers/net/wireguard/cookie.h
index c4bd61ca03f2..2839c46029f8 100644
--- a/drivers/net/wireguard/cookie.h
+++ b/drivers/net/wireguard/cookie.h
@@ -13,7 +13,7 @@ struct wg_peer;
struct cookie_checker {
u8 secret[NOISE_HASH_LEN];
- u8 cookie_encryption_key[NOISE_SYMMETRIC_KEY_LEN];
+ u8 cookie_encryption_key[NOISE_SYMMETRIC_KEY_LEN - 1];
u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN];
u64 secret_birthdate;
struct rw_semaphore secret_lock;
followed by the rest of the patch for me.
Cheers,
Nathan
Powered by blists - more mailing lists