* [PATCH] mptcp: Use struct_group() to avoid cross-field memset()
@ 2022-01-21 7:39 Kees Cook
2022-01-21 20:44 ` Mat Martineau
2022-01-22 3:40 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 3+ messages in thread
From: Kees Cook @ 2022-01-21 7:39 UTC (permalink / raw)
To: Mat Martineau
Cc: Kees Cook, Matthieu Baerts, David S. Miller, Jakub Kicinski,
netdev, mptcp, linux-kernel, linux-hardening
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.
Use struct_group() to capture the fields to be reset, so that memset()
can be appropriately bounds-checked by the compiler.
Cc: Mat Martineau <mathew.j.martineau@linux.intel.com>
Cc: Matthieu Baerts <matthieu.baerts@tessares.net>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org
Cc: mptcp@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
---
net/mptcp/protocol.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index 0e6b42c76ea0..85317ce38e3f 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -408,7 +408,7 @@ DECLARE_PER_CPU(struct mptcp_delegated_action, mptcp_delegated_actions);
struct mptcp_subflow_context {
struct list_head node;/* conn_list of subflows */
- char reset_start[0];
+ struct_group(reset,
unsigned long avg_pacing_rate; /* protected by msk socket lock */
u64 local_key;
@@ -458,7 +458,7 @@ struct mptcp_subflow_context {
long delegated_status;
- char reset_end[0];
+ );
struct list_head delegated_node; /* link into delegated_action, protected by local BH */
@@ -494,7 +494,7 @@ mptcp_subflow_tcp_sock(const struct mptcp_subflow_context *subflow)
static inline void
mptcp_subflow_ctx_reset(struct mptcp_subflow_context *subflow)
{
- memset(subflow->reset_start, 0, subflow->reset_end - subflow->reset_start);
+ memset(&subflow->reset, 0, sizeof(subflow->reset));
subflow->request_mptcp = 1;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] mptcp: Use struct_group() to avoid cross-field memset()
2022-01-21 7:39 [PATCH] mptcp: Use struct_group() to avoid cross-field memset() Kees Cook
@ 2022-01-21 20:44 ` Mat Martineau
2022-01-22 3:40 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: Mat Martineau @ 2022-01-21 20:44 UTC (permalink / raw)
To: Kees Cook
Cc: Matthieu Baerts, David S. Miller, Jakub Kicinski, netdev, mptcp,
linux-kernel, linux-hardening
On Thu, 20 Jan 2022, Kees Cook wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), memmove(), and memset(), avoid
> intentionally writing across neighboring fields.
>
> Use struct_group() to capture the fields to be reset, so that memset()
> can be appropriately bounds-checked by the compiler.
>
> Cc: Mat Martineau <mathew.j.martineau@linux.intel.com>
> Cc: Matthieu Baerts <matthieu.baerts@tessares.net>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: netdev@vger.kernel.org
> Cc: mptcp@lists.linux.dev
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> net/mptcp/protocol.h | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
Thanks Kees, looks good to me. I checked around for other MPTCP structs
that would need similar attention and didn't see any.
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
> diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
> index 0e6b42c76ea0..85317ce38e3f 100644
> --- a/net/mptcp/protocol.h
> +++ b/net/mptcp/protocol.h
> @@ -408,7 +408,7 @@ DECLARE_PER_CPU(struct mptcp_delegated_action, mptcp_delegated_actions);
> struct mptcp_subflow_context {
> struct list_head node;/* conn_list of subflows */
>
> - char reset_start[0];
> + struct_group(reset,
>
> unsigned long avg_pacing_rate; /* protected by msk socket lock */
> u64 local_key;
> @@ -458,7 +458,7 @@ struct mptcp_subflow_context {
>
> long delegated_status;
>
> - char reset_end[0];
> + );
>
> struct list_head delegated_node; /* link into delegated_action, protected by local BH */
>
> @@ -494,7 +494,7 @@ mptcp_subflow_tcp_sock(const struct mptcp_subflow_context *subflow)
> static inline void
> mptcp_subflow_ctx_reset(struct mptcp_subflow_context *subflow)
> {
> - memset(subflow->reset_start, 0, subflow->reset_end - subflow->reset_start);
> + memset(&subflow->reset, 0, sizeof(subflow->reset));
> subflow->request_mptcp = 1;
> }
>
> --
> 2.30.2
>
>
--
Mat Martineau
Intel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] mptcp: Use struct_group() to avoid cross-field memset()
2022-01-21 7:39 [PATCH] mptcp: Use struct_group() to avoid cross-field memset() Kees Cook
2022-01-21 20:44 ` Mat Martineau
@ 2022-01-22 3:40 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2022-01-22 3:40 UTC (permalink / raw)
To: Kees Cook
Cc: mathew.j.martineau, matthieu.baerts, davem, kuba, netdev, mptcp,
linux-kernel, linux-hardening
Hello:
This patch was applied to netdev/net.git (master)
by Jakub Kicinski <kuba@kernel.org>:
On Thu, 20 Jan 2022 23:39:35 -0800 you wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), memmove(), and memset(), avoid
> intentionally writing across neighboring fields.
>
> Use struct_group() to capture the fields to be reset, so that memset()
> can be appropriately bounds-checked by the compiler.
>
> [...]
Here is the summary with links:
- mptcp: Use struct_group() to avoid cross-field memset()
https://git.kernel.org/netdev/net/c/63ec72bd5848
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-22 3:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-21 7:39 [PATCH] mptcp: Use struct_group() to avoid cross-field memset() Kees Cook
2022-01-21 20:44 ` Mat Martineau
2022-01-22 3:40 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).