[PATCH] af_unix: Silence randstruct GCC plugin warning

[PATCH] af_unix: Silence randstruct GCC plugin warning

[Kees Cook]

While preparing for Clang randstruct support (which duplicated many of
the warnings the randstruct GCC plugin warned about), one strange one
remained only for the randstruct GCC plugin. Eliminating this rids
the plugin of the last exception.

It seems the plugin is happy to dereference individual members of
a cross-struct cast, but it is upset about casting to a whole object
pointer. This only manifests in one place in the kernel, so just replace
the variable with individual member accesses. There is no change in
executable instruction output.

Drop the last exception from the randstruct GCC plugin.

Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Kuniyuki Iwashima <kuniyu@amazon.co.jp>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Cong Wang <cong.wang@bytedance.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: netdev@vger.kernel.org
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
If someone can Ack this, I can carry it in the gcc-plugins tree,
as I'm trying to remove all its exceptions so I can drop that code.
---
 net/unix/af_unix.c                            | 8 +++-----
 scripts/gcc-plugins/randomize_layout_plugin.c | 2 --
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index e71a312faa1e..36367e7e3e0a 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1808,11 +1808,9 @@ static int maybe_init_creds(struct scm_cookie *scm,
 static bool unix_skb_scm_eq(struct sk_buff *skb,
 			    struct scm_cookie *scm)
 {
-	const struct unix_skb_parms *u = &UNIXCB(skb);
-
-	return u->pid == scm->pid &&
-	       uid_eq(u->uid, scm->creds.uid) &&
-	       gid_eq(u->gid, scm->creds.gid) &&
+	return UNIXCB(skb).pid == scm->pid &&
+	       uid_eq(UNIXCB(skb).uid, scm->creds.uid) &&
+	       gid_eq(UNIXCB(skb).gid, scm->creds.gid) &&
 	       unix_secdata_eq(scm, skb);
 }
 
diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c
index c9d345a91c41..2ca768d88a68 100644
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -46,8 +46,6 @@ struct whitelist_entry {
 };
 
 static const struct whitelist_entry whitelist[] = {
-	/* unix_skb_parms via UNIXCB() buffer */
-	{ "net/unix/af_unix.c", "unix_skb_parms", "char" },
 	{ }
 };
 
-- 
2.32.0

Re: [PATCH] af_unix: Silence randstruct GCC plugin warning

[Kuniyuki Iwashima]

From:   Kees Cook <keescook@chromium.org>
Date:   Tue, 10 May 2022 17:01:09 -0700
> While preparing for Clang randstruct support (which duplicated many of
> the warnings the randstruct GCC plugin warned about), one strange one
> remained only for the randstruct GCC plugin. Eliminating this rids
> the plugin of the last exception.
> 
> It seems the plugin is happy to dereference individual members of
> a cross-struct cast, but it is upset about casting to a whole object
> pointer. This only manifests in one place in the kernel, so just replace
> the variable with individual member accesses. There is no change in
> executable instruction output.
> 
> Drop the last exception from the randstruct GCC plugin.
> 
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Christoph Hellwig <hch@infradead.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: Kuniyuki Iwashima <kuniyu@amazon.co.jp>
> Cc: Alexei Starovoitov <ast@kernel.org>
> Cc: Cong Wang <cong.wang@bytedance.com>
> Cc: Al Viro <viro@zeniv.linux.org.uk>
> Cc: netdev@vger.kernel.org
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>

LGTM, thank you.

Acked-by: Kuniyuki Iwashima <kuniyu@amazon.co.jp>

Re: [PATCH] af_unix: Silence randstruct GCC plugin warning

[Jakub Kicinski]

On Tue, 10 May 2022 17:01:09 -0700 Kees Cook wrote:
> While preparing for Clang randstruct support (which duplicated many of
> the warnings the randstruct GCC plugin warned about), one strange one
> remained only for the randstruct GCC plugin. Eliminating this rids
> the plugin of the last exception.
> 
> It seems the plugin is happy to dereference individual members of
> a cross-struct cast, but it is upset about casting to a whole object
> pointer. This only manifests in one place in the kernel, so just replace
> the variable with individual member accesses. There is no change in
> executable instruction output.
> 
> Drop the last exception from the randstruct GCC plugin.
> 
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Christoph Hellwig <hch@infradead.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: Kuniyuki Iwashima <kuniyu@amazon.co.jp>
> Cc: Alexei Starovoitov <ast@kernel.org>
> Cc: Cong Wang <cong.wang@bytedance.com>
> Cc: Al Viro <viro@zeniv.linux.org.uk>
> Cc: netdev@vger.kernel.org
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> If someone can Ack this, I can carry it in the gcc-plugins tree,
> as I'm trying to remove all its exceptions so I can drop that code.

Acked-by: Jakub Kicinski <kuba@kernel.org>