| Message ID | 20230522212949.never.283-kees@kernel.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1734616vqo;
Mon, 22 May 2023 14:41:59 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ67HxuDElT8O/nvEva+jTw5ojROceF8etKyghLO5WUMh99eK20s43FSazPbIToT6kzr5qc8
X-Received: by 2002:a05:6a21:1011:b0:104:6f59:3dc4 with SMTP id
nk17-20020a056a21101100b001046f593dc4mr9120144pzb.62.1684791718959;
Mon, 22 May 2023 14:41:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1684791718; cv=none;
d=google.com; s=arc-20160816;
b=S7NOF4PvVbmhLWEhB5ryFVzSuljuhQkguN57uw/rJieoR2sIzwAcH+JfDRQpWsLlpz
CjYeqMJ/0QwmSZxePcrKUhH8GnRlJPP/4OZ68ARGmll/7rhl/40L7QWKD2c/CQtMdNtb
hRCEiUsPOtHfcCwhDSVteZASGng3aMIlIuZlGBLjn7AFqQfqpU4eGJN4GF8cuEaA3R2n
o5bO112ODvvFq+3h6zn7KPNq++u0BPzehh21ogITAredT6IgI+PPMfJEa4D22bD0vc/a
x3SQklrsiyGdl1V8dKzYiLkiul/U+87+4zvQagucOK7E45ffH++gefqFY4v7EY+4QvFV
LHeg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=XBLyvMJIXVEoPILXi5pTygeAcZW5DafmkS3+kdAf2Kc=;
b=ypLBVJESsMtCtQpNiUWuvqVggC6lz3gaEr2oe/uss1FtcxtmCDZR52XhSrsbAsp03t
QDLhOIuY4Qjq0jaFTK08waOUxXZxperqtOLXIJNbWGWi2FVgewox0yhsCWC1oYvn0s7h
0F8j5+cRGSxC0r41dMD0HLG4k9UIbJiH7hfZ5DaWHwtjCiJuwrGR50HmCCV8CCbubxXw
FZfirIuf7DABQdTb5Qg59rLwz7d4ki7MFslvRgxC74GFjLACf7Zj5s8P5+YxZ3tMjyBB
6gCgX2UPdnd8SMuXd/gXRoRYZC8dT0iiG4sWqRISmMvMT+zou+T9N3r4uqdCpOL4GOLS
jvJw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=X82Q2Hod;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
gw17-20020a17090b0a5100b00250bbca6fdfsi5191398pjb.105.2023.05.22.14.41.46;
Mon, 22 May 2023 14:41:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=X82Q2Hod;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S234484AbjEVVaD (ORCPT <rfc822;ahmedalshaiji.dev@gmail.com>
+ 99 others); Mon, 22 May 2023 17:30:03 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43578 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229874AbjEVVaA (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 22 May 2023 17:30:00 -0400
Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com
[IPv6:2607:f8b0:4864:20::636])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 954D1100
for <linux-kernel@vger.kernel.org>;
Mon, 22 May 2023 14:29:55 -0700 (PDT)
Received: by mail-pl1-x636.google.com with SMTP id
d9443c01a7336-1ae408f4d1aso49973485ad.0
for <linux-kernel@vger.kernel.org>;
Mon, 22 May 2023 14:29:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=chromium.org; s=google; t=1684790995; x=1687382995;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=XBLyvMJIXVEoPILXi5pTygeAcZW5DafmkS3+kdAf2Kc=;
b=X82Q2HodtT8g9HraWMIl6WRHWVTb82m3RSWbgXxmB7cWHpQ/9EMmYZZIsVjf9DaLD8
SCAMWIwbtqwUg4HoPylm8ZEiqw1RJfD9rED4QOx8TyhkjCC33fQN6VzHYNghySnyMAB7
MGGfYIqkq2GjXt67wofcPVZ+leITFGwe2m8y4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1684790995; x=1687382995;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=XBLyvMJIXVEoPILXi5pTygeAcZW5DafmkS3+kdAf2Kc=;
b=K1T/FgpXn2bl9S0QbDZ5AyUA/LOIzjeyS7uGm64yhWHEFBSeaNXRYBdxM9lHbDwhIq
pZMUTsezIyEatBUbRxhOfR4HgtvcfF90X60ZhbcbwQWgWl+vGjez8wIW8r/Apu/RjERD
jhapMdk1HeXH6QldRO9lwK7gttBrH4AwPufzvnapxyDQNjcOjICCfxj+If3betPp+Bs2
VwPhvEpGGS/YHtqh6NN85OO5HbK7YJI8KVJTS4BvpeK73RimABI1fABMr9oVg0J6ZljX
JQILv9bz1eCi6NVnq7D7vLuOPi02fBYRXDG28k3Scl8jOUBSY7VNz3mAocePuk8g68VT
cFaQ==
X-Gm-Message-State: AC+VfDwsVeWej7eZNGuob/Ot6Q+sXQSkpTAWrSmiJ8kjTaaWPfGVnJIt
l18Yd/cccMykRAj0wx5Z6d0hTUQjz8vDnJ/sQx4=
X-Received: by 2002:a17:902:fe18:b0:1aa:e5cd:6478 with SMTP id
g24-20020a170902fe1800b001aae5cd6478mr11818786plj.58.1684790995120;
Mon, 22 May 2023 14:29:55 -0700 (PDT)
Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net.
[198.0.35.241])
by smtp.gmail.com with ESMTPSA id
z5-20020a170903018500b001ae5044c2aasm5277702plg.145.2023.05.22.14.29.54
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 22 May 2023 14:29:54 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Arnd Bergmann <arnd@arndb.de>
Cc: Kees Cook <keescook@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH] lkdtm/bugs: Switch from 1-element array to flexible array
Date: Mon, 22 May 2023 14:29:53 -0700
Message-Id: <20230522212949.never.283-kees@kernel.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=833;
h=from:subject:message-id; bh=y81tjhfBvnUmPtitkb7B7N9eatfqA8YTYmeHZOhOfxU=;
b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBka97QZrwNn2mIbVBJBSpfEndS4xU/2XPiI0Wr+S0L
Kun4w4mJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZGve0AAKCRCJcvTf3G3AJhfoD/
42C/6DH/maDdsB2RoaWdC8ev+KyoGozc+vS5p1KDZ3iuw3IdatQX6VB19FAmC02Qfft/ityZtkUckj
DyVfyVg19qbMD1BkB/qgdU8WXc8RkzbQvg3iBKVBA1WpCqo9IHzANU04bMYIFxH8gUXwM6qGdu6qTa
hMGJEOG4ux3t7KkFPZeooTAsE2P+AfGD7Smctm/qEYdORFqp5bNrMNLZmwNR6szCNIYY5GjALFX4Ts
FoZcxWAfoNOHT/LhIiSbsV9GftsB5mp/ifmu1jhd2Ttq3rYiQaH1seUxZkpUmRgElpA6KgcAI78Icp
hqfYvhzGH03caTMr+GntC7w1V64N5w7Yr+Sv4taGCJ2YE3UJ3WFRUmQv4MvnMlxn0jqxhCZ7S4ew2J
XtqhvQE8OwRE9icsBdehtRH5j+tcyVEn5Fc5Bw0rHaHvySqkhLsieKO8Lu8ja5zcekuK5Wk7E3CfRO
U5Ceud1NDAdSdg57fvIDDrqsQDK0HYqgDP7QgeNFLcTYE7l6OEHvOwZApnOGpOygPTwMlYw+364roT
jJZW6H1q8ZNH8ViIbM/d4y/xfeE2MFg+HlakXFQJfX6neJ2aYReVrOa65MS/IsSz5fkg7ut33y82zH
JGxSuqXQZ3FB4ZaUIji8Q0OVcq00PQ6E8xX57dH1rzE5rZjFOUMISwSXQkHw==
X-Developer-Key: i=keescook@chromium.org; a=openpgp;
fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1766632161659050005?=
X-GMAIL-MSGID: =?utf-8?q?1766632161659050005?=
|
| Series |
lkdtm/bugs: Switch from 1-element array to flexible array
|
|
Commit Message
Kees Cook
May 22, 2023, 9:29 p.m. UTC
The testing for ARRAY_BOUNDS just wants an uninstrumented array,
and the proper flexible array definition is fine for that.
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/misc/lkdtm/bugs.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Comments
On Mon, May 22, 2023 at 2:30 PM Kees Cook <keescook@chromium.org> wrote: > > The testing for ARRAY_BOUNDS just wants an uninstrumented array, > and the proper flexible array definition is fine for that. > > Cc: Arnd Bergmann <arnd@arndb.de> > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Bill Wendling <morbo@google.com> > --- > drivers/misc/lkdtm/bugs.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/drivers/misc/lkdtm/bugs.c b/drivers/misc/lkdtm/bugs.c > index 48821f4c2b21..224f42cdddf2 100644 > --- a/drivers/misc/lkdtm/bugs.c > +++ b/drivers/misc/lkdtm/bugs.c > @@ -305,11 +305,10 @@ static void lkdtm_OVERFLOW_UNSIGNED(void) > ignored = value; > } > > -/* Intentionally using old-style flex array definition of 1 byte. */ > struct array_bounds_flex_array { > int one; > int two; > - char data[1]; > + char data[]; > }; > > struct array_bounds { > -- > 2.34.1 >
Hi Kees,
kernel test robot noticed the following build errors:
[auto build test ERROR on char-misc/char-misc-testing]
[also build test ERROR on char-misc/char-misc-next char-misc/char-misc-linus soc/for-next kees/for-next/pstore kees/for-next/kspp linus/master v6.4-rc3 next-20230522]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Kees-Cook/lkdtm-bugs-Switch-from-1-element-array-to-flexible-array/20230523-053132
base: char-misc/char-misc-testing
patch link: https://lore.kernel.org/r/20230522212949.never.283-kees%40kernel.org
patch subject: [PATCH] lkdtm/bugs: Switch from 1-element array to flexible array
config: hexagon-randconfig-r045-20230522
compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project b0fb98227c90adf2536c9ad644a74d5e92961111)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/af7b561141f8723e1c5c3339bdc5e782a62fbcb6
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Kees-Cook/lkdtm-bugs-Switch-from-1-element-array-to-flexible-array/20230523-053132
git checkout af7b561141f8723e1c5c3339bdc5e782a62fbcb6
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=hexagon olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=hexagon SHELL=/bin/bash drivers/misc/lkdtm/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202305230934.cRtSUQia-lkp@intel.com/
All errors (new ones prefixed by >>):
>> drivers/misc/lkdtm/bugs.c:343:24: error: invalid application of 'sizeof' to an incomplete type 'char[]'
for (i = 0; i < sizeof(not_checked->data) + 1; i++)
^~~~~~~~~~~~~~~~~~~
1 error generated.
vim +343 drivers/misc/lkdtm/bugs.c
ae2e1aad3e48e4 Kees Cook 2020-04-06 320
73f62e60d80c2d Kees Cook 2022-03-03 321 static void lkdtm_ARRAY_BOUNDS(void)
ae2e1aad3e48e4 Kees Cook 2020-04-06 322 {
ae2e1aad3e48e4 Kees Cook 2020-04-06 323 struct array_bounds_flex_array *not_checked;
ae2e1aad3e48e4 Kees Cook 2020-04-06 324 struct array_bounds *checked;
ae2e1aad3e48e4 Kees Cook 2020-04-06 325 volatile int i;
ae2e1aad3e48e4 Kees Cook 2020-04-06 326
ae2e1aad3e48e4 Kees Cook 2020-04-06 327 not_checked = kmalloc(sizeof(*not_checked) * 2, GFP_KERNEL);
ae2e1aad3e48e4 Kees Cook 2020-04-06 328 checked = kmalloc(sizeof(*checked) * 2, GFP_KERNEL);
4a9800c81d2f34 Jiasheng Jiang 2022-01-20 329 if (!not_checked || !checked) {
4a9800c81d2f34 Jiasheng Jiang 2022-01-20 330 kfree(not_checked);
4a9800c81d2f34 Jiasheng Jiang 2022-01-20 331 kfree(checked);
4a9800c81d2f34 Jiasheng Jiang 2022-01-20 332 return;
4a9800c81d2f34 Jiasheng Jiang 2022-01-20 333 }
ae2e1aad3e48e4 Kees Cook 2020-04-06 334
ae2e1aad3e48e4 Kees Cook 2020-04-06 335 pr_info("Array access within bounds ...\n");
ae2e1aad3e48e4 Kees Cook 2020-04-06 336 /* For both, touch all bytes in the actual member size. */
ae2e1aad3e48e4 Kees Cook 2020-04-06 337 for (i = 0; i < sizeof(checked->data); i++)
ae2e1aad3e48e4 Kees Cook 2020-04-06 338 checked->data[i] = 'A';
ae2e1aad3e48e4 Kees Cook 2020-04-06 339 /*
ae2e1aad3e48e4 Kees Cook 2020-04-06 340 * For the uninstrumented flex array member, also touch 1 byte
ae2e1aad3e48e4 Kees Cook 2020-04-06 341 * beyond to verify it is correctly uninstrumented.
ae2e1aad3e48e4 Kees Cook 2020-04-06 342 */
ae2e1aad3e48e4 Kees Cook 2020-04-06 @343 for (i = 0; i < sizeof(not_checked->data) + 1; i++)
ae2e1aad3e48e4 Kees Cook 2020-04-06 344 not_checked->data[i] = 'A';
ae2e1aad3e48e4 Kees Cook 2020-04-06 345
ae2e1aad3e48e4 Kees Cook 2020-04-06 346 pr_info("Array access beyond bounds ...\n");
ae2e1aad3e48e4 Kees Cook 2020-04-06 347 for (i = 0; i < sizeof(checked->data) + 1; i++)
ae2e1aad3e48e4 Kees Cook 2020-04-06 348 checked->data[i] = 'B';
ae2e1aad3e48e4 Kees Cook 2020-04-06 349
ae2e1aad3e48e4 Kees Cook 2020-04-06 350 kfree(not_checked);
ae2e1aad3e48e4 Kees Cook 2020-04-06 351 kfree(checked);
464e86b4abadfc Kees Cook 2020-06-25 352 pr_err("FAIL: survived array bounds overflow!\n");
8bfdbddd68249e Christophe Leroy 2022-04-11 353 if (IS_ENABLED(CONFIG_UBSAN_BOUNDS))
8bfdbddd68249e Christophe Leroy 2022-04-11 354 pr_expected_config(CONFIG_UBSAN_TRAP);
8bfdbddd68249e Christophe Leroy 2022-04-11 355 else
c75be56e35b2ee Kees Cook 2021-08-18 356 pr_expected_config(CONFIG_UBSAN_BOUNDS);
ae2e1aad3e48e4 Kees Cook 2020-04-06 357 }
ae2e1aad3e48e4 Kees Cook 2020-04-06 358
diff --git a/drivers/misc/lkdtm/bugs.c b/drivers/misc/lkdtm/bugs.c index 48821f4c2b21..224f42cdddf2 100644 --- a/drivers/misc/lkdtm/bugs.c +++ b/drivers/misc/lkdtm/bugs.c @@ -305,11 +305,10 @@ static void lkdtm_OVERFLOW_UNSIGNED(void) ignored = value; } -/* Intentionally using old-style flex array definition of 1 byte. */ struct array_bounds_flex_array { int one; int two; - char data[1]; + char data[]; }; struct array_bounds {