| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220504014440.3697851-1-keescook@chromium.org>
Date: Tue, 3 May 2022 18:44:09 -0700
From: Kees Cook <keescook@...omium.org>
To: "Gustavo A . R . Silva" <gustavoars@...nel.org>
Cc: Kees Cook <keescook@...omium.org>,
Alexei Starovoitov <ast@...nel.org>,
alsa-devel@...a-project.org, Al Viro <viro@...iv.linux.org.uk>,
Andrew Gabbasov <andrew_gabbasov@...tor.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Gross <agross@...nel.org>,
Andy Lavr <andy.lavr@...il.com>,
Arend van Spriel <aspriel@...il.com>,
Baowen Zheng <baowen.zheng@...igine.com>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Bradley Grove <linuxdrivers@...otech.com>,
brcm80211-dev-list.pdl@...adcom.com,
Christian Brauner <brauner@...nel.org>,
Christian Göttsche <cgzones@...glemail.com>,
Christian Lamparter <chunkeey@...glemail.com>,
Chris Zankel <chris@...kel.net>,
Cong Wang <cong.wang@...edance.com>,
Daniel Axtens <dja@...ens.net>,
Daniel Vetter <daniel.vetter@...ll.ch>,
Dan Williams <dan.j.williams@...el.com>,
David Gow <davidgow@...gle.com>,
David Howells <dhowells@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
Dennis Dalessandro <dennis.dalessandro@...nelisnetworks.com>,
devicetree@...r.kernel.org, Dexuan Cui <decui@...rosoft.com>,
Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
Eli Cohen <elic@...dia.com>,
Eric Dumazet <edumazet@...gle.com>,
Eric Paris <eparis@...isplace.org>,
Eugeniu Rosca <erosca@...adit-jv.com>,
Felipe Balbi <balbi@...nel.org>,
Francis Laniel <laniel_francis@...vacyrequired.com>,
Frank Rowand <frowand.list@...il.com>,
Franky Lin <franky.lin@...adcom.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Gregory Greenman <gregory.greenman@...el.com>,
Guenter Roeck <linux@...ck-us.net>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Hante Meuleman <hante.meuleman@...adcom.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Hulk Robot <hulkci@...wei.com>,
Jakub Kicinski <kuba@...nel.org>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
James Morris <jmorris@...ei.org>,
Jarkko Sakkinen <jarkko@...nel.org>,
Jaroslav Kysela <perex@...ex.cz>,
Jason Gunthorpe <jgg@...pe.ca>, Jens Axboe <axboe@...nel.dk>,
Johan Hedberg <johan.hedberg@...il.com>,
Johannes Berg <johannes.berg@...el.com>,
Johannes Berg <johannes@...solutions.net>,
John Keeping <john@...anate.com>,
Juergen Gross <jgross@...e.com>, Kalle Valo <kvalo@...nel.org>,
Keith Packard <keithp@...thp.com>, keyrings@...r.kernel.org,
kunit-dev@...glegroups.com,
Kuniyuki Iwashima <kuniyu@...zon.co.jp>,
"K. Y. Srinivasan" <kys@...rosoft.com>,
Lars-Peter Clausen <lars@...afoo.de>,
Lee Jones <lee.jones@...aro.org>,
Leon Romanovsky <leon@...nel.org>,
Liam Girdwood <lgirdwood@...il.com>,
linux1394-devel@...ts.sourceforge.net,
linux-afs@...ts.infradead.org,
linux-arm-kernel@...ts.infradead.org,
linux-arm-msm@...r.kernel.org, linux-bluetooth@...r.kernel.org,
linux-hardening@...r.kernel.org, linux-hyperv@...r.kernel.org,
linux-integrity@...r.kernel.org, linux-rdma@...r.kernel.org,
linux-scsi@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-usb@...r.kernel.org, linux-wireless@...r.kernel.org,
linux-xtensa@...ux-xtensa.org, llvm@...ts.linux.dev,
Loic Poulain <loic.poulain@...aro.org>,
Louis Peens <louis.peens@...igine.com>,
Luca Coelho <luciano.coelho@...el.com>,
Luiz Augusto von Dentz <luiz.dentz@...il.com>,
Marc Dionne <marc.dionne@...istor.com>,
Marcel Holtmann <marcel@...tmann.org>,
Mark Brown <broonie@...nel.org>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
Max Filippov <jcmvbkbc@...il.com>,
Mimi Zohar <zohar@...ux.ibm.com>,
Muchun Song <songmuchun@...edance.com>,
Nathan Chancellor <nathan@...nel.org>, netdev@...r.kernel.org,
Nick Desaulniers <ndesaulniers@...gle.com>,
Nuno Sá <nuno.sa@...log.com>,
Paolo Abeni <pabeni@...hat.com>,
Paul Moore <paul@...l-moore.com>,
Rich Felker <dalias@...ifal.cx>,
Rob Herring <robh+dt@...nel.org>,
Russell King <linux@...linux.org.uk>, selinux@...r.kernel.org,
"Serge E. Hallyn" <serge@...lyn.com>,
SHA-cyfmac-dev-list@...ineon.com,
Simon Horman <simon.horman@...igine.com>,
Stefano Stabellini <sstabellini@...nel.org>,
Stefan Richter <stefanr@...6.in-berlin.de>,
Steffen Klassert <steffen.klassert@...unet.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Tadeusz Struk <tadeusz.struk@...aro.org>,
Takashi Iwai <tiwai@...e.com>, Tom Rix <trix@...hat.com>,
Udipto Goswami <quic_ugoswami@...cinc.com>,
Vincenzo Frascino <vincenzo.frascino@....com>,
wcn36xx@...ts.infradead.org, Wei Liu <wei.liu@...nel.org>,
xen-devel@...ts.xenproject.org,
Xiu Jianfeng <xiujianfeng@...wei.com>,
Yang Yingliang <yangyingliang@...wei.com>
Subject: [PATCH 00/32] Introduce flexible array struct memcpy() helpers
Hi,
This is the next phase of memcpy() buffer bounds checking[1], which
starts by adding a new set of helpers to address common code patterns
that result in memcpy() usage that can't be easily verified by the
compiler (i.e. dynamic bounds due to flexible arrays). The runtime WARN
from memcpy has been posted before, but now there's more context around
alternatives for refactoring false positives, etc.
The core of this series is patches 2 (flex_array.h), 3 (flex_array
KUnit), and 4 (runtime memcpy WARN). Patch 1 is a fix to land before 4
(and I can send separately), and everything else are examples of what the
conversions look like for one of the helpers, mem_to_flex_dup(). These
will need to land via their respective trees, but they all depend on
patch 2, which I'm hoping to land in the coming merge window.
I'm happy to also point out that the conversions (patches 5+) are actually
a net reduction in lines of code:
49 files changed, 154 insertions(+), 244 deletions(-)
Anyway, please let me know what you think. And apologies in advance
if this is spammy; the CC list got rather large due to the "treewide"
nature of the example conversions.
Also available here:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=flexcpy/next-20220502
-Kees
[1] https://lwn.net/Articles/864521/
Kees Cook (32):
netlink: Avoid memcpy() across flexible array boundary
Introduce flexible array struct memcpy() helpers
flex_array: Add Kunit tests
fortify: Add run-time WARN for cross-field memcpy()
brcmfmac: Use mem_to_flex_dup() with struct brcmf_fweh_queue_item
iwlwifi: calib: Prepare to use mem_to_flex_dup()
iwlwifi: calib: Use mem_to_flex_dup() with struct iwl_calib_result
iwlwifi: mvm: Use mem_to_flex_dup() with struct ieee80211_key_conf
p54: Use mem_to_flex_dup() with struct p54_cal_database
wcn36xx: Use mem_to_flex_dup() with struct wcn36xx_hal_ind_msg
nl80211: Use mem_to_flex_dup() with struct cfg80211_cqm_config
cfg80211: Use mem_to_flex_dup() with struct cfg80211_bss_ies
mac80211: Use mem_to_flex_dup() with several structs
af_unix: Use mem_to_flex_dup() with struct unix_address
802/garp: Use mem_to_flex_dup() with struct garp_attr
802/mrp: Use mem_to_flex_dup() with struct mrp_attr
net/flow_offload: Use mem_to_flex_dup() with struct flow_action_cookie
firewire: Use __mem_to_flex_dup() with struct iso_interrupt_event
afs: Use mem_to_flex_dup() with struct afs_acl
ASoC: sigmadsp: Use mem_to_flex_dup() with struct sigmadsp_data
soc: qcom: apr: Use mem_to_flex_dup() with struct apr_rx_buf
atags_proc: Use mem_to_flex_dup() with struct buffer
Bluetooth: Use mem_to_flex_dup() with struct
hci_op_configure_data_path
IB/hfi1: Use mem_to_flex_dup() for struct tid_rb_node
Drivers: hv: utils: Use mem_to_flex_dup() with struct cn_msg
ima: Use mem_to_flex_dup() with struct modsig
KEYS: Use mem_to_flex_dup() with struct user_key_payload
selinux: Use mem_to_flex_dup() with xfrm and sidtab
xtensa: Use mem_to_flex_dup() with struct property
usb: gadget: f_fs: Use mem_to_flex_dup() with struct ffs_buffer
xenbus: Use mem_to_flex_dup() with struct read_buffer
esas2r: Use __mem_to_flex() with struct atto_ioctl
arch/arm/kernel/atags_proc.c | 12 +-
arch/xtensa/platforms/xtfpga/setup.c | 9 +-
drivers/firewire/core-cdev.c | 7 +-
drivers/hv/hv_utils_transport.c | 7 +-
drivers/infiniband/hw/hfi1/user_exp_rcv.c | 7 +-
drivers/infiniband/hw/hfi1/user_exp_rcv.h | 4 +-
drivers/net/wireless/ath/wcn36xx/smd.c | 8 +-
drivers/net/wireless/ath/wcn36xx/smd.h | 4 +-
.../broadcom/brcm80211/brcmfmac/fweh.c | 11 +-
drivers/net/wireless/intel/iwlwifi/dvm/agn.h | 2 +-
.../net/wireless/intel/iwlwifi/dvm/calib.c | 23 +-
.../net/wireless/intel/iwlwifi/dvm/ucode.c | 8 +-
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 8 +-
drivers/net/wireless/intersil/p54/eeprom.c | 8 +-
drivers/net/wireless/intersil/p54/p54.h | 4 +-
drivers/scsi/esas2r/atioctl.h | 1 +
drivers/scsi/esas2r/esas2r_ioctl.c | 11 +-
drivers/soc/qcom/apr.c | 12 +-
drivers/usb/gadget/function/f_fs.c | 11 +-
drivers/xen/xenbus/xenbus_dev_frontend.c | 12 +-
fs/afs/internal.h | 4 +-
fs/afs/xattr.c | 7 +-
include/keys/user-type.h | 4 +-
include/linux/flex_array.h | 637 ++++++++++++++++++
include/linux/fortify-string.h | 70 +-
include/linux/of.h | 3 +-
include/linux/string.h | 1 +
include/net/af_unix.h | 14 +-
include/net/bluetooth/hci.h | 4 +-
include/net/cfg80211.h | 4 +-
include/net/flow_offload.h | 4 +-
include/net/garp.h | 4 +-
include/net/mac80211.h | 4 +-
include/net/mrp.h | 4 +-
include/uapi/linux/connector.h | 4 +-
include/uapi/linux/firewire-cdev.h | 4 +-
include/uapi/linux/netlink.h | 1 +
include/uapi/linux/stddef.h | 14 +
include/uapi/linux/xfrm.h | 4 +-
lib/Kconfig.debug | 12 +-
lib/Makefile | 1 +
lib/flex_array_kunit.c | 523 ++++++++++++++
net/802/garp.c | 9 +-
net/802/mrp.c | 9 +-
net/bluetooth/hci_request.c | 9 +-
net/core/flow_offload.c | 7 +-
net/mac80211/cfg.c | 22 +-
net/mac80211/ieee80211_i.h | 12 +-
net/netlink/af_netlink.c | 5 +-
net/unix/af_unix.c | 7 +-
net/wireless/core.h | 4 +-
net/wireless/nl80211.c | 15 +-
net/wireless/scan.c | 21 +-
security/integrity/ima/ima_modsig.c | 12 +-
security/keys/user_defined.c | 7 +-
security/selinux/ss/sidtab.c | 9 +-
security/selinux/xfrm.c | 7 +-
sound/soc/codecs/sigmadsp.c | 11 +-
58 files changed, 1409 insertions(+), 253 deletions(-)
create mode 100644 include/linux/flex_array.h
create mode 100644 lib/flex_array_kunit.c
--
2.32.0
Powered by blists - more mailing lists