Message ID | 20220121073935.1154263-1-keescook@chromium.org (mailing list archive) |
---|---|
State | Mainlined |
Commit | 63ec72bd58487935a2e40d2cdffe5c9498f1275e |
Headers | show |
Series | mptcp: Use struct_group() to avoid cross-field memset() | expand |
On Thu, 20 Jan 2022, Kees Cook wrote: > In preparation for FORTIFY_SOURCE performing compile-time and run-time > field bounds checking for memcpy(), memmove(), and memset(), avoid > intentionally writing across neighboring fields. > > Use struct_group() to capture the fields to be reset, so that memset() > can be appropriately bounds-checked by the compiler. > > Cc: Mat Martineau <mathew.j.martineau@linux.intel.com> > Cc: Matthieu Baerts <matthieu.baerts@tessares.net> > Cc: "David S. Miller" <davem@davemloft.net> > Cc: Jakub Kicinski <kuba@kernel.org> > Cc: netdev@vger.kernel.org > Cc: mptcp@lists.linux.dev > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > net/mptcp/protocol.h | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > Thanks Kees, looks good to me. I checked around for other MPTCP structs that would need similar attention and didn't see any. Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> > diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h > index 0e6b42c76ea0..85317ce38e3f 100644 > --- a/net/mptcp/protocol.h > +++ b/net/mptcp/protocol.h > @@ -408,7 +408,7 @@ DECLARE_PER_CPU(struct mptcp_delegated_action, mptcp_delegated_actions); > struct mptcp_subflow_context { > struct list_head node;/* conn_list of subflows */ > > - char reset_start[0]; > + struct_group(reset, > > unsigned long avg_pacing_rate; /* protected by msk socket lock */ > u64 local_key; > @@ -458,7 +458,7 @@ struct mptcp_subflow_context { > > long delegated_status; > > - char reset_end[0]; > + ); > > struct list_head delegated_node; /* link into delegated_action, protected by local BH */ > > @@ -494,7 +494,7 @@ mptcp_subflow_tcp_sock(const struct mptcp_subflow_context *subflow) > static inline void > mptcp_subflow_ctx_reset(struct mptcp_subflow_context *subflow) > { > - memset(subflow->reset_start, 0, subflow->reset_end - subflow->reset_start); > + memset(&subflow->reset, 0, sizeof(subflow->reset)); > subflow->request_mptcp = 1; > } > > -- > 2.30.2 > > -- Mat Martineau Intel
Hello: This patch was applied to netdev/net.git (master) by Jakub Kicinski <kuba@kernel.org>: On Thu, 20 Jan 2022 23:39:35 -0800 you wrote: > In preparation for FORTIFY_SOURCE performing compile-time and run-time > field bounds checking for memcpy(), memmove(), and memset(), avoid > intentionally writing across neighboring fields. > > Use struct_group() to capture the fields to be reset, so that memset() > can be appropriately bounds-checked by the compiler. > > [...] Here is the summary with links: - mptcp: Use struct_group() to avoid cross-field memset() https://git.kernel.org/netdev/net/c/63ec72bd5848 You are awesome, thank you!
diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 0e6b42c76ea0..85317ce38e3f 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -408,7 +408,7 @@ DECLARE_PER_CPU(struct mptcp_delegated_action, mptcp_delegated_actions); struct mptcp_subflow_context { struct list_head node;/* conn_list of subflows */ - char reset_start[0]; + struct_group(reset, unsigned long avg_pacing_rate; /* protected by msk socket lock */ u64 local_key; @@ -458,7 +458,7 @@ struct mptcp_subflow_context { long delegated_status; - char reset_end[0]; + ); struct list_head delegated_node; /* link into delegated_action, protected by local BH */ @@ -494,7 +494,7 @@ mptcp_subflow_tcp_sock(const struct mptcp_subflow_context *subflow) static inline void mptcp_subflow_ctx_reset(struct mptcp_subflow_context *subflow) { - memset(subflow->reset_start, 0, subflow->reset_end - subflow->reset_start); + memset(&subflow->reset, 0, sizeof(subflow->reset)); subflow->request_mptcp = 1; }
In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally writing across neighboring fields. Use struct_group() to capture the fields to be reset, so that memset() can be appropriately bounds-checked by the compiler. Cc: Mat Martineau <mathew.j.martineau@linux.intel.com> Cc: Matthieu Baerts <matthieu.baerts@tessares.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: netdev@vger.kernel.org Cc: mptcp@lists.linux.dev Signed-off-by: Kees Cook <keescook@chromium.org> --- net/mptcp/protocol.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)