Hello, This series fixes unreachable code bug and removes dead code in is_pure_ops_struct(). Thanks. Joonwon Kang (2): randstruct: fix a bug in is_pure_ops_struct() randstruct: remove dead code in is_pure_ops_struct() scripts/gcc-plugins/randomize_layout_plugin.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) -- 2.17.1
Before this, there were false negatives in the case where a struct contains other structs which contain only function pointers because of unreachable code in is_pure_ops_struct(). Signed-off-by: Joonwon Kang <kjw1627@gmail.com> --- scripts/gcc-plugins/randomize_layout_plugin.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index 6d5bbd31db7f..bd29e4e7a524 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -443,13 +443,13 @@ static int is_pure_ops_struct(const_tree node) if (node == fieldtype) continue; - if (!is_fptr(fieldtype)) - return 0; - - if (code != RECORD_TYPE && code != UNION_TYPE) + if (code == RECORD_TYPE || code == UNION_TYPE) { + if (!is_pure_ops_struct(fieldtype)) + return 0; continue; + } - if (!is_pure_ops_struct(fieldtype)) + if (!is_fptr(fieldtype)) return 0; } -- 2.17.1
Recursive declaration for struct which has member of the same struct type, for example, struct foo { struct foo f; ... }; is not allowed. So, it is unnecessary to check if a struct has this kind of member. Signed-off-by: Joonwon Kang <kjw1627@gmail.com> --- scripts/gcc-plugins/randomize_layout_plugin.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index bd29e4e7a524..e14efe23e645 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -440,9 +440,6 @@ static int is_pure_ops_struct(const_tree node) const_tree fieldtype = get_field_type(field); enum tree_code code = TREE_CODE(fieldtype); - if (node == fieldtype) - continue; - if (code == RECORD_TYPE || code == UNION_TYPE) { if (!is_pure_ops_struct(fieldtype)) return 0; -- 2.17.1
On Thu, Aug 01, 2019 at 03:01:10AM +0900, Joonwon Kang wrote:
> Before this, there were false negatives in the case where a struct
> contains other structs which contain only function pointers because
> of unreachable code in is_pure_ops_struct().
>
> Signed-off-by: Joonwon Kang <kjw1627@gmail.com>
I've applied this (with some commit log tweaks) and it should be visible
in linux-next soon. I'll send this on to Linus before -rc3.
--
Kees Cook
On Thu, Aug 01, 2019 at 03:01:49AM +0900, Joonwon Kang wrote: > Recursive declaration for struct which has member of the same struct > type, for example, > > struct foo { > struct foo f; > ... > }; > > is not allowed. So, it is unnecessary to check if a struct has this > kind of member. Is that the only case where this loop could happen? Seems also safe to just leave it as-is... -Kees > > Signed-off-by: Joonwon Kang <kjw1627@gmail.com> > --- > scripts/gcc-plugins/randomize_layout_plugin.c | 3 --- > 1 file changed, 3 deletions(-) > > diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c > index bd29e4e7a524..e14efe23e645 100644 > --- a/scripts/gcc-plugins/randomize_layout_plugin.c > +++ b/scripts/gcc-plugins/randomize_layout_plugin.c > @@ -440,9 +440,6 @@ static int is_pure_ops_struct(const_tree node) > const_tree fieldtype = get_field_type(field); > enum tree_code code = TREE_CODE(fieldtype); > > - if (node == fieldtype) > - continue; > - > if (code == RECORD_TYPE || code == UNION_TYPE) { > if (!is_pure_ops_struct(fieldtype)) > return 0; > -- > 2.17.1 > -- Kees Cook
On Wed, Jul 31, 2019 at 12:59:30PM -0700, Kees Cook wrote: > On Thu, Aug 01, 2019 at 03:01:49AM +0900, Joonwon Kang wrote: > > Recursive declaration for struct which has member of the same struct > > type, for example, > > > > struct foo { > > struct foo f; > > ... > > }; > > > > is not allowed. So, it is unnecessary to check if a struct has this > > kind of member. > > Is that the only case where this loop could happen? Seems also safe to > just leave it as-is... > > -Kees I think it is pretty obvious that it is the only case. I compiled kernel with allyesconfig and the condition never hit even once. However, it will also be no problem to just leave it as-is as you mentioned. > > > > > Signed-off-by: Joonwon Kang <kjw1627@gmail.com> > > --- > > scripts/gcc-plugins/randomize_layout_plugin.c | 3 --- > > 1 file changed, 3 deletions(-) > > > > diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c > > index bd29e4e7a524..e14efe23e645 100644 > > --- a/scripts/gcc-plugins/randomize_layout_plugin.c > > +++ b/scripts/gcc-plugins/randomize_layout_plugin.c > > @@ -440,9 +440,6 @@ static int is_pure_ops_struct(const_tree node) > > const_tree fieldtype = get_field_type(field); > > enum tree_code code = TREE_CODE(fieldtype); > > > > - if (node == fieldtype) > > - continue; > > - > > if (code == RECORD_TYPE || code == UNION_TYPE) { > > if (!is_pure_ops_struct(fieldtype)) > > return 0; > > -- > > 2.17.1 > > > > -- > Kees Cook