| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Sep 2014 13:03:43 +0200
From: Hannes Frederic Sowa <hannes@...hat.com>
To: David Laight <David.Laight@...LAB.COM>
Cc: Kees Cook <keescook@...omium.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"David S. Miller" <davem@...emloft.net>,
Jason Wang <jasowang@...hat.com>,
Zhi Yong Wu <wuzhy@...ux.vnet.ibm.com>,
"Michael S. Tsirkin" <mst@...hat.com>,
Tom Herbert <therbert@...gle.com>,
Masatake YAMATO <yamato@...hat.com>, Xi Wang <xii@...gle.com>,
stephen hemminger <stephen@...workplumber.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH] tun: make sure interface usage can not overflow
On Di, 2014-09-30 at 08:20 +0000, David Laight wrote:
> From: Hannes Frederic
> > On Mo, 2014-09-29 at 12:41 -0700, Kees Cook wrote:
> > > On Mon, Sep 29, 2014 at 4:04 AM, David Laight <David.Laight@...lab.com> wrote:
> > > > From: Kees Cook
> > > >> This makes the size argument a const, since it is always populated by
> > > >> the caller.
> > > >
> > > > There is almost no point making parameters 'const.
> > > > ('const foo *' makes sense).
> > > >
> > > >> Additionally double-checks to make sure the copy_from_user
> > > >> can never overflow, keeping CONFIG_DEBUG_STRICT_USER_COPY_CHECKS happy:
> > > >>
> > > >> In function 'copy_from_user',
> > > >> inlined from '__tun_chr_ioctl' at drivers/net/tun.c:1871:7:
> > > >> ... copy_from_user() buffer size is not provably correct
> > > >
> > > > If 'ifreq_len' could be too big then you want to error the ioctl, not panic.
> > > > If it can't be too big you don't need the check.
> > >
> > > The ifreq_len comes from the callers, and is the output of "sizeof"
> > > which is const. Changing the function parameter to "const" means any
> > > changes made in the future where the incoming value isn't const, the
> > > compiler will throw a warning.
> >
> > Hmmm, I think you want something like BUILD_BUG_ON(!
> > __builtin_constant_p(var)). const in function argument only ensures that
> > the value cannot be modified in the function.
>
> You'd have to do something in the header file - nothing in the function
> body can do that check.
Sure, it should work. You only need to make sure that gcc inlines the
function, so the value is constant (it is not enough that gcc knows the
value range, one specific constant is needed). So the simplest fix for
this is to specify __tun_chr_ioctl as __always_inline. ;)
Bye,
Hannes
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists