lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Aug 2021 09:23:24 -0700 From: Kees Cook <keescook@...omium.org> To: Shai Malin <smalin@...vell.com> Cc: "Gustavo A. R. Silva" <gustavoars@...nel.org>, Keith Packard <keithpac@...zon.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Andrew Morton <akpm@...ux-foundation.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>, "linux-staging@...ts.linux.dev" <linux-staging@...ts.linux.dev>, "linux-block@...r.kernel.org" <linux-block@...r.kernel.org>, "linux-kbuild@...r.kernel.org" <linux-kbuild@...r.kernel.org>, "clang-built-linux@...glegroups.com" <clang-built-linux@...glegroups.com>, "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>, GR-everest-linux-l2 <GR-everest-linux-l2@...vell.com>, Ariel Elior <aelior@...vell.com> Subject: Re: [PATCH 42/64] net: qede: Use memset_after() for counters On Mon, Aug 02, 2021 at 02:29:28PM +0000, Shai Malin wrote: > > On Tue, Jul 31, 2021 at 07:07:00PM -0300, Kees Cook wrote: > > On Tue, Jul 27, 2021 at 01:58:33PM -0700, Kees Cook wrote: > > > In preparation for FORTIFY_SOURCE performing compile-time and run-time > > > field bounds checking for memset(), avoid intentionally writing across > > > neighboring fields. > > > > > > Use memset_after() so memset() doesn't get confused about writing > > > beyond the destination member that is intended to be the starting point > > > of zeroing through the end of the struct. > > > > > > Signed-off-by: Kees Cook <keescook@...omium.org> > > > --- > > > The old code seems to be doing the wrong thing: starting from not the > > > first member, but sized for the whole struct. Which is correct? > > > > Quick ping on this question. > > > > The old code seems to be doing the wrong thing: it starts from the second > > member and writes beyond int_info, clobbering qede_lock: > > Thanks for highlighting the problem, but actually, the memset is redundant. > We will remove it so the change will not be needed. > > > > > struct qede_dev { > > ... > > struct qed_int_info int_info; > > > > /* Smaller private variant of the RTNL lock */ > > struct mutex qede_lock; > > ... > > > > > > struct qed_int_info { > > struct msix_entry *msix; > > u8 msix_cnt; > > > > /* This should be updated by the protocol driver */ > > u8 used_cnt; > > }; > > > > Should this also clear the "msix" member, or should this not write > > beyond int_info? This patch does the latter. > > It should clear only the msix_cnt, no need to clear the entire > qed_int_info structure. Should used_cnt be cleared too? It is currently. Better yet, what patch do you suggest I replace this proposed one with? :) Thanks for looking at this! -Kees -- Kees Cook
Powered by blists - more mailing lists