From: James Simmons <jsimmons@infradead.org>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org, Oleg Drokin <oleg.drokin@intel.com>,
Andreas Dilger <andreas.dilger@intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"John L. Hammond" <john.hammond@intel.com>,
Emoly Liu <emoly.liu@intel.com>,
Vitaly Fertman <vitaly_fertman@xyratex.com>,
Bruno Faccini <bruno.faccini@intel.com>,
Bruce Korb <bruce.korb@gmail.com>,
lustre-devel@lists.lustre.org, devel@driverdev.osuosl.org
Subject: Re: [PATCH] staging: lustre: ldlm: use designated initializers
Date: Mon, 19 Dec 2016 16:22:58 +0000 (GMT) [thread overview]
Message-ID: <alpine.LFD.2.20.1612191614320.25173@casper.infradead.org> (raw)
In-Reply-To: <20161217010045.GA140343@beast>
> Prepare to mark sensitive kernel structures for randomization by making
> sure they're using designated initializers. These were identified during
> allyesconfig builds of x86, arm, and arm64, with most initializer fixes
> extracted from grsecurity.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> drivers/staging/lustre/lustre/ldlm/ldlm_flock.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c b/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c
> index 722160784f83..f815827532dc 100644
> --- a/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c
> +++ b/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c
> @@ -143,7 +143,7 @@ static int ldlm_process_flock_lock(struct ldlm_lock *req, __u64 *flags,
> int added = (mode == LCK_NL);
> int overlaps = 0;
> int splitted = 0;
> - const struct ldlm_callback_suite null_cbs = { NULL };
> + const struct ldlm_callback_suite null_cbs = { };
>
> CDEBUG(D_DLMTRACE,
> "flags %#llx owner %llu pid %u mode %u start %llu end %llu\n",
Nak. Filling null_cbs with random data is a bad idea. If you look at
ldlm_lock_create() where this is used you have
if (cbs) {
lock->l_blocking_ast = cbs->lcs_blocking;
lock->l_completion_ast = cbs->lcs_completion;
lock->l_glimpse_ast = cbs->lcs_glimpse;
}
Having lock->l_* point to random addresses is a bad idea.
What really needs to be done is proper initialization of that
structure. A bunch of patches will be coming to address this.
WARNING: multiple messages have this Message-ID (diff)
From: James Simmons <jsimmons@infradead.org>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org, Oleg Drokin <oleg.drokin@intel.com>,
Andreas Dilger <andreas.dilger@intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"John L. Hammond" <john.hammond@intel.com>,
Emoly Liu <emoly.liu@intel.com>,
Vitaly Fertman <vitaly_fertman@xyratex.com>,
Bruno Faccini <bruno.faccini@intel.com>,
Bruce Korb <bruce.korb@gmail.com>,
lustre-devel@lists.lustre.org, devel@driverdev.osuosl.org
Subject: [lustre-devel] [PATCH] staging: lustre: ldlm: use designated initializers
Date: Mon, 19 Dec 2016 16:22:58 +0000 (GMT) [thread overview]
Message-ID: <alpine.LFD.2.20.1612191614320.25173@casper.infradead.org> (raw)
In-Reply-To: <20161217010045.GA140343@beast>
> Prepare to mark sensitive kernel structures for randomization by making
> sure they're using designated initializers. These were identified during
> allyesconfig builds of x86, arm, and arm64, with most initializer fixes
> extracted from grsecurity.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> drivers/staging/lustre/lustre/ldlm/ldlm_flock.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c b/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c
> index 722160784f83..f815827532dc 100644
> --- a/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c
> +++ b/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c
> @@ -143,7 +143,7 @@ static int ldlm_process_flock_lock(struct ldlm_lock *req, __u64 *flags,
> int added = (mode == LCK_NL);
> int overlaps = 0;
> int splitted = 0;
> - const struct ldlm_callback_suite null_cbs = { NULL };
> + const struct ldlm_callback_suite null_cbs = { };
>
> CDEBUG(D_DLMTRACE,
> "flags %#llx owner %llu pid %u mode %u start %llu end %llu\n",
Nak. Filling null_cbs with random data is a bad idea. If you look at
ldlm_lock_create() where this is used you have
if (cbs) {
lock->l_blocking_ast = cbs->lcs_blocking;
lock->l_completion_ast = cbs->lcs_completion;
lock->l_glimpse_ast = cbs->lcs_glimpse;
}
Having lock->l_* point to random addresses is a bad idea.
What really needs to be done is proper initialization of that
structure. A bunch of patches will be coming to address this.
next prev parent reply other threads:[~2016-12-19 16:23 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-17 1:00 [PATCH] staging: lustre: ldlm: use designated initializers Kees Cook
2016-12-17 1:00 ` [lustre-devel] " Kees Cook
2016-12-19 16:22 ` James Simmons [this message]
2016-12-19 16:22 ` James Simmons
2016-12-19 16:47 ` Bruce Korb
2016-12-19 16:48 ` [lustre-devel] " Bruce Korb
2016-12-19 17:12 ` James Simmons
2016-12-19 17:12 ` [lustre-devel] " James Simmons
2016-12-20 7:10 ` Dan Carpenter
2016-12-20 7:10 ` [lustre-devel] " Dan Carpenter
2016-12-20 14:57 ` Hammond, John
2016-12-20 14:57 ` [lustre-devel] " Hammond, John
2016-12-20 16:47 ` Bruce Korb
2016-12-20 16:48 ` [lustre-devel] " Bruce Korb
2016-12-20 18:52 ` Dan Carpenter
2016-12-20 18:52 ` [lustre-devel] " Dan Carpenter
2016-12-20 19:07 ` Dan Carpenter
2016-12-20 19:07 ` [lustre-devel] " Dan Carpenter
2016-12-20 19:46 ` Kees Cook
2016-12-20 19:46 ` [lustre-devel] " Kees Cook
2016-12-19 16:50 ` Patrick Farrell
2016-12-19 17:11 ` James Simmons
2016-12-19 17:11 ` James Simmons
2016-12-20 10:40 ` Dan Carpenter
2016-12-20 10:40 ` [lustre-devel] " Dan Carpenter
2016-12-20 17:29 ` Designated initializers, struct randomization and addressing? Joe Perches
2016-12-20 17:29 ` [lustre-devel] " Joe Perches
2017-01-03 23:47 ` Kees Cook
2017-01-03 23:55 ` Bruce Korb
2017-01-04 0:13 ` Kees Cook
2017-01-04 6:27 ` Julia Lawall
2017-01-04 6:35 ` Kees Cook
2017-01-04 16:55 ` Stephen Hemminger
2017-01-04 17:37 ` Julia Lawall
2017-01-04 22:30 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.20.1612191614320.25173@casper.infradead.org \
--to=jsimmons@infradead.org \
--cc=andreas.dilger@intel.com \
--cc=bruce.korb@gmail.com \
--cc=bruno.faccini@intel.com \
--cc=devel@driverdev.osuosl.org \
--cc=emoly.liu@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=john.hammond@intel.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lustre-devel@lists.lustre.org \
--cc=oleg.drokin@intel.com \
--cc=vitaly_fertman@xyratex.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.