| Message ID | 20211213223331.135412-1-keescook@chromium.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | Enable strict compile-time memcpy() fortify checks | expand |
On Mon, Dec 13, 2021 at 02:33:14PM -0800, Kees Cook wrote: > Hi, > > This is "phase 2" (of several phases) to hardening the kernel against > memcpy-based buffer overflows. With nearly all compile-time fixes > landed, the next step is to turn on the warning globally to keep future > compile-time issues from happening, and let us take the step towards > run-time checking (and towards a new API for flexible array structures). > > This series is based on latest linux-next, and several patches here > have already been taken by subsystem maintainers but haven't appeared > in linux-next yet, and are noted below. I took the RDMA patches to the rdma tree: > RDMA/mlx5: Use memset_after() to zero struct mlx5_ib_mr > iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl > IB/mthca: Use memset_startat() for clearing mpt_entry I needed rc5 to come out before I could take the mlx5 patch Thanks, Jason
On Mon, 13 Dec 2021 14:33:14 -0800, Kees Cook wrote: > This is "phase 2" (of several phases) to hardening the kernel against > memcpy-based buffer overflows. With nearly all compile-time fixes > landed, the next step is to turn on the warning globally to keep future > compile-time issues from happening, and let us take the step towards > run-time checking (and towards a new API for flexible array structures). > > This series is based on latest linux-next, and several patches here > have already been taken by subsystem maintainers but haven't appeared > in linux-next yet, and are noted below. > > [...] Applied to 5.17/scsi-queue, thanks! [15/17] scsi: lpfc: Use struct_group() to initialize struct lpfc_cgn_info https://git.kernel.org/mkp/scsi/c/532adda9f405
Hi, This is "phase 2" (of several phases) to hardening the kernel against memcpy-based buffer overflows. With nearly all compile-time fixes landed, the next step is to turn on the warning globally to keep future compile-time issues from happening, and let us take the step towards run-time checking (and towards a new API for flexible array structures). This series is based on latest linux-next, and several patches here have already been taken by subsystem maintainers but haven't appeared in linux-next yet, and are noted below. -Kees refactoring patches expected to be going via subsystem trees: sata_fsl: Use struct_group() for memcpy() region https://lore.kernel.org/lkml/23527f89-d098-ab6b-f3c9-a8a395e32df5@opensource.wdc.com/ ath11k: Use memset_startat() for clearing queue descriptors https://lore.kernel.org/lkml/163777372886.11557.5551795598856429949.kvalo@codeaurora.org/ refactoring patches going via my topic tree due to having no current response: net/mlx5e: Use struct_group() for memcpy() region https://lore.kernel.org/lkml/20211118183748.1283069-1-keescook@chromium.org/ net/mlx5e: Avoid field-overflowing memcpy() https://lore.kernel.org/lkml/20211209053402.2202206-1-keescook@chromium.org/ media: omap3isp: Use struct_group() for memcpy() region https://lore.kernel.org/lkml/20211118184352.1284792-1-keescook@chromium.org/ drbd: Use struct_group() to zero algs https://lore.kernel.org/lkml/20211118203712.1288866-1-keescook@chromium.org/ dm integrity: Use struct_group() to zero struct journal_sector https://lore.kernel.org/lkml/20211118203640.1288585-1-keescook@chromium.org/ iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl https://lore.kernel.org/lkml/20211118202335.1285836-1-keescook@chromium.org/ refactoring patches going via my topic tree due to Acks: KVM: x86: Replace memset() "optimization" with normal per-field writes https://lore.kernel.org/lkml/202108181605.44C504C@keescook/ RDMA/mlx5: Use memset_after() to zero struct mlx5_ib_mr https://lore.kernel.org/lkml/YbByJSkBgLRp5S8V@unreal/ intel_th: msu: Use memset_startat() for clearing hw header https://lore.kernel.org/lkml/87sfyzi97l.fsf@ashishki-desk.ger.corp.intel.com/ IB/mthca: Use memset_startat() for clearing mpt_entry https://lore.kernel.org/lkml/20211118202126.1285376-1-keescook@chromium.org/ scsi: lpfc: Use struct_group() to initialize struct lpfc_cgn_info https://lore.kernel.org/lkml/1164349c-93a5-ebb8-94aa-dbe03957c40f@gmail.com/ fortify changes going via my topic tree: fortify: Detect struct member overflows in memcpy() at compile-time fortify: Detect struct member overflows in memmove() at compile-time fortify: Detect struct member overflows in memset() at compile-time fortify: Work around Clang inlining bugs arch/x86/boot/compressed/misc.c | 3 +- arch/x86/kvm/emulate.c | 9 +- arch/x86/kvm/kvm_emulate.h | 6 +- arch/x86/lib/memcpy_32.c | 1 + drivers/ata/sata_fsl.c | 10 +- drivers/block/drbd/drbd_main.c | 3 +- drivers/block/drbd/drbd_protocol.h | 6 +- drivers/block/drbd/drbd_receiver.c | 3 +- drivers/hwtracing/intel_th/msu.c | 4 +- drivers/infiniband/hw/cxgb4/cm.c | 5 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 4 +- drivers/infiniband/hw/mthca/mthca_mr.c | 3 +- drivers/md/dm-integrity.c | 9 +- drivers/media/platform/omap3isp/ispstat.c | 5 +- drivers/net/ethernet/chelsio/cxgb4/t4_msg.h | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en.h | 6 +- .../net/ethernet/mellanox/mlx5/core/en/xdp.c | 4 +- .../net/ethernet/mellanox/mlx5/core/en_tx.c | 2 +- drivers/net/wireless/ath/ath11k/hal_rx.c | 13 +- drivers/scsi/lpfc/lpfc.h | 90 ++++--- drivers/scsi/lpfc/lpfc_init.c | 4 +- include/linux/fortify-string.h | 245 +++++++++++++----- include/linux/if_vlan.h | 6 +- include/uapi/linux/omap3isp.h | 21 +- lib/Makefile | 3 +- lib/string_helpers.c | 6 + .../read_overflow2_field-memcpy.c | 5 + .../read_overflow2_field-memmove.c | 5 + .../write_overflow_field-memcpy.c | 5 + .../write_overflow_field-memmove.c | 5 + .../write_overflow_field-memset.c | 5 + scripts/test_fortify.sh | 8 +- security/Kconfig | 2 +- 33 files changed, 344 insertions(+), 164 deletions(-) create mode 100644 lib/test_fortify/read_overflow2_field-memcpy.c create mode 100644 lib/test_fortify/read_overflow2_field-memmove.c create mode 100644 lib/test_fortify/write_overflow_field-memcpy.c create mode 100644 lib/test_fortify/write_overflow_field-memmove.c create mode 100644 lib/test_fortify/write_overflow_field-memset.c