linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] mwl8k: Use struct_group() for memcpy() region
@ 2021-11-18 18:37 Kees Cook
  2021-11-18 19:45 ` Johannes Berg
  0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2021-11-18 18:37 UTC (permalink / raw)
  To: Lennert Buytenhek
  Cc: Kees Cook, Kalle Valo, David S. Miller, Jakub Kicinski,
	wengjianfeng, Lv Yunlong, Arnd Bergmann, Christophe JAILLET,
	Allen Pais, Zheyu Ma, linux-kernel, linux-wireless, netdev,
	linux-hardening

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.

Use struct_group() in struct mwl8k_cmd_set_key around members
key_material, tkip_tx_mic_key, and tkip_rx_mic_key so they can be
referenced together. This will allow memcpy() and sizeof() to more easily
reason about sizes, improve readability, and avoid future warnings about
writing beyond the end of key_material.

"pahole" shows no size nor member offset changes to struct
mwl8k_cmd_set_key. "objdump -d" shows no object code changes.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/net/wireless/marvell/mwl8k.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireless/marvell/mwl8k.c b/drivers/net/wireless/marvell/mwl8k.c
index 529e325498cd..90e881655fb2 100644
--- a/drivers/net/wireless/marvell/mwl8k.c
+++ b/drivers/net/wireless/marvell/mwl8k.c
@@ -4225,9 +4225,11 @@ struct mwl8k_cmd_set_key {
 	__le32 key_info;
 	__le32 key_id;
 	__le16 key_len;
-	__u8 key_material[MAX_ENCR_KEY_LENGTH];
-	__u8 tkip_tx_mic_key[MIC_KEY_LENGTH];
-	__u8 tkip_rx_mic_key[MIC_KEY_LENGTH];
+	struct {
+			__u8 key_material[MAX_ENCR_KEY_LENGTH];
+			__u8 tkip_tx_mic_key[MIC_KEY_LENGTH];
+			__u8 tkip_rx_mic_key[MIC_KEY_LENGTH];
+	} tkip;
 	__le16 tkip_rsc_low;
 	__le32 tkip_rsc_high;
 	__le16 tkip_tsc_low;
@@ -4375,7 +4377,7 @@ static int mwl8k_cmd_encryption_set_key(struct ieee80211_hw *hw,
 		goto done;
 	}
 
-	memcpy(cmd->key_material, key->key, keymlen);
+	memcpy(&cmd->tkip, key->key, keymlen);
 	cmd->action = cpu_to_le32(action);
 
 	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] mwl8k: Use struct_group() for memcpy() region
  2021-11-18 18:37 [PATCH] mwl8k: Use struct_group() for memcpy() region Kees Cook
@ 2021-11-18 19:45 ` Johannes Berg
  2021-11-18 20:24   ` Kees Cook
  0 siblings, 1 reply; 3+ messages in thread
From: Johannes Berg @ 2021-11-18 19:45 UTC (permalink / raw)
  To: Kees Cook, Lennert Buytenhek
  Cc: Kalle Valo, David S. Miller, Jakub Kicinski, wengjianfeng,
	Lv Yunlong, Arnd Bergmann, Christophe JAILLET, Allen Pais,
	Zheyu Ma, linux-kernel, linux-wireless, netdev, linux-hardening

On Thu, 2021-11-18 at 10:37 -0800, Kees Cook wrote:
> 
> -	__u8 key_material[MAX_ENCR_KEY_LENGTH];
> -	__u8 tkip_tx_mic_key[MIC_KEY_LENGTH];
> -	__u8 tkip_rx_mic_key[MIC_KEY_LENGTH];
> +	struct {
> +			__u8 key_material[MAX_ENCR_KEY_LENGTH];
> 

That got one tab too many?

johannes

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] mwl8k: Use struct_group() for memcpy() region
  2021-11-18 19:45 ` Johannes Berg
@ 2021-11-18 20:24   ` Kees Cook
  0 siblings, 0 replies; 3+ messages in thread
From: Kees Cook @ 2021-11-18 20:24 UTC (permalink / raw)
  To: Johannes Berg
  Cc: Lennert Buytenhek, Kalle Valo, David S. Miller, Jakub Kicinski,
	wengjianfeng, Lv Yunlong, Arnd Bergmann, Christophe JAILLET,
	Allen Pais, Zheyu Ma, linux-kernel, linux-wireless, netdev,
	linux-hardening

On Thu, Nov 18, 2021 at 08:45:22PM +0100, Johannes Berg wrote:
> On Thu, 2021-11-18 at 10:37 -0800, Kees Cook wrote:
> > 
> > -	__u8 key_material[MAX_ENCR_KEY_LENGTH];
> > -	__u8 tkip_tx_mic_key[MIC_KEY_LENGTH];
> > -	__u8 tkip_rx_mic_key[MIC_KEY_LENGTH];
> > +	struct {
> > +			__u8 key_material[MAX_ENCR_KEY_LENGTH];
> > 
> 
> That got one tab too many?

Whoops! Thanks, I will adjust. :)

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-11-18 20:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-18 18:37 [PATCH] mwl8k: Use struct_group() for memcpy() region Kees Cook
2021-11-18 19:45 ` Johannes Berg
2021-11-18 20:24   ` Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).