lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 22 Nov 2021 15:24:56 +0100
From:   Antoine Tenart <atenart@...nel.org>
To:     davem@...emloft.net, kuba@...nel.org, arnd@...db.de
Cc:     Antoine Tenart <atenart@...nel.org>, netdev@...r.kernel.org,
        linux-arch@...r.kernel.org, jonathon.reinhart@...il.com,
        tglx@...utronix.de, peterz@...radead.org,
        Steven Rostedt <rostedt@...dmis.org>
Subject: [PATCH net-next v2] sections: global data can be in .bss

When checking an address is located in a global data section also check
for the .bss section as global variables initialized to 0 can be in
there (-fzero-initialized-in-bss).

This was found when looking at ensure_safe_net_sysctl which was failing
to detect non-init sysctl pointing to a global data section when the
data was in the .bss section.

Signed-off-by: Antoine Tenart <atenart@...nel.org>
Acked-by: Steven Rostedt (VMware) <rostedt@...dmis.org>
---

A few remarks:

- This still targets net-next but I added Arnd if he prefers to take it
  through the 'asm-generic' tree, now that is_kernel_core_data is in
  include/asm-generic/.

- I kept the Acked-by tag as the change is the same really, the
  difference is the core_kernel_data function was renamed to
  is_kernel_core_data and moved since then.

- @Jonathon: with your analysis and suggestion I think you should be
  listed as a co-developer. If that's fine please say so, and reply
  with both a Co-developed-by and a Signed-off-by tags.

Since v1:
  - Grouped the .data and .bss checks in the same function.

v1 was https://lore.kernel.org/all/20211020083854.1101670-1-atenart@kernel.org/T/

Thanks!
Antoine

 include/asm-generic/sections.h | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/include/asm-generic/sections.h b/include/asm-generic/sections.h
index 1dfadb2e878d..76a0f16e56cf 100644
--- a/include/asm-generic/sections.h
+++ b/include/asm-generic/sections.h
@@ -130,18 +130,24 @@ static inline bool init_section_intersects(void *virt, size_t size)
 
 /**
  * is_kernel_core_data - checks if the pointer address is located in the
- *			 .data section
+ *			 .data or .bss section
  *
  * @addr: address to check
  *
- * Returns: true if the address is located in .data, false otherwise.
+ * Returns: true if the address is located in .data or .bss, false otherwise.
  * Note: On some archs it may return true for core RODATA, and false
  *       for others. But will always be true for core RW data.
  */
 static inline bool is_kernel_core_data(unsigned long addr)
 {
-	return addr >= (unsigned long)_sdata &&
-	       addr < (unsigned long)_edata;
+	if (addr >= (unsigned long)_sdata && addr < (unsigned long)_edata)
+		return true;
+
+	if (addr >= (unsigned long)__bss_start &&
+	    addr < (unsigned long)__bss_stop)
+		return true;
+
+	return false;
 }
 
 /**
-- 
2.33.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ