Message ID | 20220920192202.190793-2-keescook@chromium.org (mailing list archive) |
---|---|
State | Mainlined |
Commit | 3e1730842f142add55dc658929221521a9ea62b6 |
Headers | show |
Series | fortify: Use __builtin_dynamic_object_size() when available | expand |
On 9/20/22 3:21 PM, Kees Cook wrote: > After expanding bounds checking to use __builtin_dynamic_object_size(), > Clang produces a false positive when building with CONFIG_FORTIFY_SOURCE=y > and CONFIG_UBSAN_BOUNDS=y when operating on an array with a dynamic > offset. Work around this by using a direct assignment of an empty > instance. Avoids this warning: > > ../include/linux/fortify-string.h:309:4: warning: call to __write_overflow_field declared with 'warn > ing' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wat > tribute-warning] > __write_overflow_field(p_size_field, size); > ^ > > which was isolated to the memset() call in xen_load_idt(). > > Note that this looks very much like another bug that was worked around: > https://github.com/ClangBuiltLinux/linux/issues/1592 > > Cc: Juergen Gross <jgross@suse.com> > Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> > Cc: Nathan Chancellor <nathan@kernel.org> > Cc: Nick Desaulniers <ndesaulniers@google.com> > Cc: xen-devel@lists.xenproject.org > Cc: llvm@lists.linux.dev > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c index 0ed2e487a693..9b1a58dda935 100644 --- a/arch/x86/xen/enlighten_pv.c +++ b/arch/x86/xen/enlighten_pv.c @@ -765,6 +765,7 @@ static void xen_load_idt(const struct desc_ptr *desc) { static DEFINE_SPINLOCK(lock); static struct trap_info traps[257]; + static const struct trap_info zero = { }; unsigned out; trace_xen_cpu_load_idt(desc); @@ -774,7 +775,7 @@ static void xen_load_idt(const struct desc_ptr *desc) memcpy(this_cpu_ptr(&idt_desc), desc, sizeof(idt_desc)); out = xen_convert_trap_info(desc, traps, false); - memset(&traps[out], 0, sizeof(traps[0])); + traps[out] = zero; xen_mc_flush(); if (HYPERVISOR_set_trap_table(traps))
After expanding bounds checking to use __builtin_dynamic_object_size(), Clang produces a false positive when building with CONFIG_FORTIFY_SOURCE=y and CONFIG_UBSAN_BOUNDS=y when operating on an array with a dynamic offset. Work around this by using a direct assignment of an empty instance. Avoids this warning: ../include/linux/fortify-string.h:309:4: warning: call to __write_overflow_field declared with 'warn ing' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wat tribute-warning] __write_overflow_field(p_size_field, size); ^ which was isolated to the memset() call in xen_load_idt(). Note that this looks very much like another bug that was worked around: https://github.com/ClangBuiltLinux/linux/issues/1592 Cc: Juergen Gross <jgross@suse.com> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: Nathan Chancellor <nathan@kernel.org> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: xen-devel@lists.xenproject.org Cc: llvm@lists.linux.dev Signed-off-by: Kees Cook <keescook@chromium.org> --- arch/x86/xen/enlighten_pv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)