[PATCH 4.15,4.14] path.h: Include compiler types to avoid missed struct attributes

[PATCH 4.15,4.14] path.h: Include compiler types to avoid missed struct attributes

[Kees Cook]

commit 28128c61e08eaeced9cc8ec0e6b5d677b5b94690 upstream.

The header files for some structures could get included in such a way
that struct attributes (specifically __randomize_layout from path.h) would
be parsed as variable names instead of attributes. This could lead to
some instances of a structure being unrandomized, causing nasty GPFs, etc.

This patch makes sure the compiler_types.h header is included in path.h.

Reported-by: Patrick McLean <chutzpah@gentoo.org>
Root-caused-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Tested-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Fixes: 3859a271a003 ("randstruct: Mark various structs for randomization")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[kees: Adjusted to just path.h for -stable, as this is a smaller change]
Signed-off-by: Kees Cook <keescook@chromium.org>
---
This is a much more narrow fix for the issue. I adjusted the commit subject
and body, but still reference the "full" upstream commit. Is this the best
way to handle this?
---
 include/linux/path.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/linux/path.h b/include/linux/path.h
index 81e65a5be7ce..74a59d190a3c 100644
--- a/include/linux/path.h
+++ b/include/linux/path.h
@@ -2,6 +2,8 @@
 #ifndef _LINUX_PATH_H
 #define _LINUX_PATH_H
 
+#include <linux/compiler_types.h>
+
 struct dentry;
 struct vfsmount;
 
-- 
2.7.4


-- 
Kees Cook
Pixel Security

Re: [PATCH 4.15,4.14] path.h: Include compiler types to avoid missed struct attributes

[Greg Kroah-Hartman]

On Thu, Feb 22, 2018 at 03:34:29PM -0800, Kees Cook wrote:
> commit 28128c61e08eaeced9cc8ec0e6b5d677b5b94690 upstream.
> 
> The header files for some structures could get included in such a way
> that struct attributes (specifically __randomize_layout from path.h) would
> be parsed as variable names instead of attributes. This could lead to
> some instances of a structure being unrandomized, causing nasty GPFs, etc.
> 
> This patch makes sure the compiler_types.h header is included in path.h.
> 
> Reported-by: Patrick McLean <chutzpah@gentoo.org>
> Root-caused-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
> Tested-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
> Fixes: 3859a271a003 ("randstruct: Mark various structs for randomization")
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> [kees: Adjusted to just path.h for -stable, as this is a smaller change]
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> This is a much more narrow fix for the issue. I adjusted the commit subject
> and body, but still reference the "full" upstream commit. Is this the best
> way to handle this?

What's wrong with just taking the original upstream commit here?  It's
only 2 lines, in kconfig.h instead of path.h.  What is the reason this
has to be in path.h for 4.14.y and 4.15.y?

thanks,

greg k-h

Re: [PATCH 4.15,4.14] path.h: Include compiler types to avoid missed struct attributes

[Kees Cook]

On Thu, Feb 22, 2018 at 11:08 PM, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
> On Thu, Feb 22, 2018 at 03:34:29PM -0800, Kees Cook wrote:
>> commit 28128c61e08eaeced9cc8ec0e6b5d677b5b94690 upstream.
>>
>> The header files for some structures could get included in such a way
>> that struct attributes (specifically __randomize_layout from path.h) would
>> be parsed as variable names instead of attributes. This could lead to
>> some instances of a structure being unrandomized, causing nasty GPFs, etc.
>>
>> This patch makes sure the compiler_types.h header is included in path.h.
>>
>> Reported-by: Patrick McLean <chutzpah@gentoo.org>
>> Root-caused-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
>> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
>> Tested-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
>> Fixes: 3859a271a003 ("randstruct: Mark various structs for randomization")
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
>> [kees: Adjusted to just path.h for -stable, as this is a smaller change]
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>> ---
>> This is a much more narrow fix for the issue. I adjusted the commit subject
>> and body, but still reference the "full" upstream commit. Is this the best
>> way to handle this?
>
> What's wrong with just taking the original upstream commit here?  It's
> only 2 lines, in kconfig.h instead of path.h.  What is the reason this
> has to be in path.h for 4.14.y and 4.15.y?

I was (rightly) worried about unexpected build changes. If you'd
rather stick to upstream, we can do it. It'll just need at least one
fix so far:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f9da844d87796ac31b04e81ee95e155e9043132

Do you want me to just send those two?

-Kees

-- 
Kees Cook
Pixel Security

Re: [PATCH 4.15,4.14] path.h: Include compiler types to avoid missed struct attributes

[Greg Kroah-Hartman]

On Fri, Feb 23, 2018 at 09:27:13AM -0800, Kees Cook wrote:
> On Thu, Feb 22, 2018 at 11:08 PM, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> > On Thu, Feb 22, 2018 at 03:34:29PM -0800, Kees Cook wrote:
> >> commit 28128c61e08eaeced9cc8ec0e6b5d677b5b94690 upstream.
> >>
> >> The header files for some structures could get included in such a way
> >> that struct attributes (specifically __randomize_layout from path.h) would
> >> be parsed as variable names instead of attributes. This could lead to
> >> some instances of a structure being unrandomized, causing nasty GPFs, etc.
> >>
> >> This patch makes sure the compiler_types.h header is included in path.h.
> >>
> >> Reported-by: Patrick McLean <chutzpah@gentoo.org>
> >> Root-caused-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
> >> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
> >> Tested-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
> >> Fixes: 3859a271a003 ("randstruct: Mark various structs for randomization")
> >> Signed-off-by: Kees Cook <keescook@chromium.org>
> >> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> >> [kees: Adjusted to just path.h for -stable, as this is a smaller change]
> >> Signed-off-by: Kees Cook <keescook@chromium.org>
> >> ---
> >> This is a much more narrow fix for the issue. I adjusted the commit subject
> >> and body, but still reference the "full" upstream commit. Is this the best
> >> way to handle this?
> >
> > What's wrong with just taking the original upstream commit here?  It's
> > only 2 lines, in kconfig.h instead of path.h.  What is the reason this
> > has to be in path.h for 4.14.y and 4.15.y?
> 
> I was (rightly) worried about unexpected build changes. If you'd
> rather stick to upstream, we can do it. It'll just need at least one
> fix so far:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f9da844d87796ac31b04e81ee95e155e9043132
> 
> Do you want me to just send those two?

I can just take the git commits as-is, right?  If not, a backport is
always welcome :)

thanks,

greg k-h

Re: [PATCH 4.15,4.14] path.h: Include compiler types to avoid missed struct attributes

[Kees Cook]

On Fri, Feb 23, 2018 at 11:37 AM, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f9da844d87796ac31b04e81ee95e155e9043132
>
> I can just take the git commits as-is, right?  If not, a backport is
> always welcome :)

As it turns out, yes, the renaming of compiler_types.h was backported too.

In this case, please queue for 4.14 and 4.15, these patches:

28128c61e08eaeced9cc8ec0e6b5d677b5b94690
0f9da844d87796ac31b04e81ee95e155e9043132

Thanks!

-Kees

-- 
Kees Cook
Pixel Security

Re: [PATCH 4.15,4.14] path.h: Include compiler types to avoid missed struct attributes

[Greg Kroah-Hartman]

On Fri, Feb 23, 2018 at 12:27:52PM -0800, Kees Cook wrote:
> On Fri, Feb 23, 2018 at 11:37 AM, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f9da844d87796ac31b04e81ee95e155e9043132
> >
> > I can just take the git commits as-is, right?  If not, a backport is
> > always welcome :)
> 
> As it turns out, yes, the renaming of compiler_types.h was backported too.
> 
> In this case, please queue for 4.14 and 4.15, these patches:
> 
> 28128c61e08eaeced9cc8ec0e6b5d677b5b94690
> 0f9da844d87796ac31b04e81ee95e155e9043132

Now applied, thanks.

greg k-h