lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <6a3fb58c-440a-31f7-72f8-36e07383d603@embeddedor.com> Date: Wed, 4 Oct 2023 01:40:45 +0200 From: "Gustavo A. R. Silva" <gustavo@...eddedor.com> To: Kees Cook <keescook@...omium.org>, "David S. Miller" <davem@...emloft.net> Cc: Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Johannes Berg <johannes.berg@...el.com>, netdev@...r.kernel.org, "Gustavo A. R. Silva" <gustavoars@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Tom Rix <trix@...hat.com>, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org, llvm@...ts.linux.dev Subject: Re: [PATCH] netlink: Annotate struct netlink_policy_dump_state with __counted_by On 10/4/23 01:21, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for > array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct netlink_policy_dump_state. > > Additionally update the size of the usage array length before accessing > it. This requires remembering the old size for the memset() and later > assignments. > > Cc: "David S. Miller" <davem@...emloft.net> > Cc: Eric Dumazet <edumazet@...gle.com> > Cc: Jakub Kicinski <kuba@...nel.org> > Cc: Paolo Abeni <pabeni@...hat.com> > Cc: Johannes Berg <johannes.berg@...el.com> > Cc: netdev@...r.kernel.org > Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci [1] > Signed-off-by: Kees Cook <keescook@...omium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@...nel.org> Thanks -- Gustavo > --- > net/netlink/policy.c | 15 ++++++++------- > 1 file changed, 8 insertions(+), 7 deletions(-) > > diff --git a/net/netlink/policy.c b/net/netlink/policy.c > index 87e3de0fde89..e2f111edf66c 100644 > --- a/net/netlink/policy.c > +++ b/net/netlink/policy.c > @@ -21,7 +21,7 @@ struct netlink_policy_dump_state { > struct { > const struct nla_policy *policy; > unsigned int maxtype; > - } policies[]; > + } policies[] __counted_by(n_alloc); > }; > > static int add_policy(struct netlink_policy_dump_state **statep, > @@ -29,7 +29,7 @@ static int add_policy(struct netlink_policy_dump_state **statep, > unsigned int maxtype) > { > struct netlink_policy_dump_state *state = *statep; > - unsigned int n_alloc, i; > + unsigned int old_n_alloc, n_alloc, i; > > if (!policy || !maxtype) > return 0; > @@ -52,12 +52,13 @@ static int add_policy(struct netlink_policy_dump_state **statep, > if (!state) > return -ENOMEM; > > - memset(&state->policies[state->n_alloc], 0, > - flex_array_size(state, policies, n_alloc - state->n_alloc)); > - > - state->policies[state->n_alloc].policy = policy; > - state->policies[state->n_alloc].maxtype = maxtype; > + old_n_alloc = state->n_alloc; > state->n_alloc = n_alloc; > + memset(&state->policies[old_n_alloc], 0, > + flex_array_size(state, policies, n_alloc - old_n_alloc)); > + > + state->policies[old_n_alloc].policy = policy; > + state->policies[old_n_alloc].maxtype = maxtype; > *statep = state; > > return 0;
Powered by blists - more mailing lists