lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <61b78f8e-98be-4392-9d3b-f1d211adb384@wanadoo.fr> Date: Sun, 15 Oct 2023 09:20:54 +0200 From: Christophe JAILLET <christophe.jaillet@...adoo.fr> To: Julia Lawall <julia.lawall@...ia.fr>, Kees Cook <keescook@...omium.org> Cc: Pravin B Shelar <pshelar@....org>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, "Gustavo A. R. Silva" <gustavoars@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Tom Rix <trix@...hat.com>, linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org, netdev@...r.kernel.org, dev@...nvswitch.org, linux-hardening@...r.kernel.org, llvm@...ts.linux.dev Subject: Re: [PATCH v2 2/2] net: openvswitch: Annotate struct mask_array with __counted_by Le 15/10/2023 à 06:53, Julia Lawall a écrit : > > > On Sat, 14 Oct 2023, Kees Cook wrote: > >> On Sat, Oct 14, 2023 at 08:34:53AM +0200, Christophe JAILLET wrote: >>> Prepare for the coming implementation by GCC and Clang of the __counted_by >>> attribute. Flexible array members annotated with __counted_by can have >>> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS >>> (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family >>> functions). >>> >>> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr> >>> --- >>> v2: Fix the subject [Ilya Maximets] >>> fix the field name used with __counted_by [Ilya Maximets] >>> >>> v1: https://lore.kernel.org/all/f66ddcf1ef9328f10292ea75a17b584359b6cde3.1696156198.git.christophe.jaillet@wanadoo.fr/ >>> >>> >>> This patch is part of a work done in parallel of what is currently worked >>> on by Kees Cook. >>> >>> My patches are only related to corner cases that do NOT match the >>> semantic of his Coccinelle script[1]. > > What was the problem with the semantic patch in this case? The allocation in tbl_mask_array_alloc() looks like: new = kzalloc(sizeof(struct mask_array) + sizeof(struct sw_flow_mask *) * size + sizeof(u64) * size, GFP_KERNEL); We allocated the struct, the ending flex aray *and* some more memory at the same time. IIUC the cocci script, this extra space is not taken into account with the current script and it won't match. CJ > > thanks, > julia > > >>> >>> In this case, in tbl_mask_array_alloc(), several things are allocated with >>> a single allocation. Then, some pointer arithmetic computes the address of >>> the memory after the flex-array. >>> >>> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci >>> --- >>> net/openvswitch/flow_table.h | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/net/openvswitch/flow_table.h b/net/openvswitch/flow_table.h >>> index 9e659db78c05..f524dc3e4862 100644 >>> --- a/net/openvswitch/flow_table.h >>> +++ b/net/openvswitch/flow_table.h >>> @@ -48,7 +48,7 @@ struct mask_array { >>> int count, max; >>> struct mask_array_stats __percpu *masks_usage_stats; >>> u64 *masks_usage_zero_cntr; >>> - struct sw_flow_mask __rcu *masks[]; >>> + struct sw_flow_mask __rcu *masks[] __counted_by(max); >>> }; >> >> Yup, this looks correct to me. Thanks! >> >> Reviewed-by: Kees Cook <keescook@...omium.org> >> >> -- >> Kees Cook >> >
Powered by blists - more mailing lists