From: Kees Cook <keescook@chromium.org>
To: Alexander Lobakin <aleksander.lobakin@intel.com>
Cc: Joel Fernandes <joel@joelfernandes.org>,
Jakub Kicinski <kuba@kernel.org>,
stable@vger.kernel.org,
Masahiro Yamada <yamada.masahiro@socionext.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] kheaders: Use array declaration instead of char
Date: Fri, 3 Mar 2023 12:36:09 -0800 [thread overview]
Message-ID: <64025a3a.170a0220.dba96.3fcf@mx.google.com> (raw)
In-Reply-To: <89e3ecb6-0e1a-3d86-cb05-cbb034c68dc4@intel.com>
On Fri, Mar 03, 2023 at 04:19:51PM +0100, Alexander Lobakin wrote:
> From: Kees Cook <keescook@chromium.org>
> Date: Thu, 2 Mar 2023 14:49:50 -0800
>
> > Under CONFIG_FORTIFY_SOURCE, memcpy() will check the size of destination
> > and source buffers. Defining kernel_headers_data as "char" would trip
> > this check. Since these addresses are treated as byte arrays, define
> > them as arrays (as done everywhere else).
>
> Yet another array-as-one-char, I wonder how many are still here...
Yeah, good point. They do tend to stand out; we could find them:
$ git grep 'extern char [^\*\[\( ]*;'
arch/alpha/boot/bootp.c:extern char _end;
arch/alpha/boot/bootpz.c:extern char _end;
arch/alpha/boot/main.c: extern char _end;
arch/arm/mach-rockchip/core.h:extern char rockchip_secondary_trampoline;
arch/arm/mach-rockchip/core.h:extern char rockchip_secondary_trampoline_end;
arch/arm/mach-zynq/common.h:extern char zynq_secondary_trampoline;
arch/arm/mach-zynq/common.h:extern char zynq_secondary_trampoline_jump;
arch/arm/mach-zynq/common.h:extern char zynq_secondary_trampoline_end;
arch/hexagon/include/uapi/asm/setup.h:extern char external_cmdline_buffer;
arch/ia64/include/asm/smp.h:extern char no_int_routing;
arch/ia64/kernel/process.c: extern char ia64_ret_from_clone;
arch/mips/dec/prom/memory.c: extern char genexcept_early;
arch/mips/kernel/traps.c: extern char except_vec3_generic;
arch/mips/kernel/traps.c: extern char except_vec4;
arch/mips/kernel/traps.c: extern char except_vec3_r4000;
arch/mips/mm/c-octeon.c: extern char except_vec2_octeon;
arch/parisc/boot/compressed/misc.c:extern char output_len;
arch/parisc/boot/compressed/misc.c:extern char _startcode_end;
arch/powerpc/include/asm/smp.h:extern char __secondary_hold;
arch/s390/include/asm/kvm_host.h:extern char sie_exit;
arch/sh/boards/mach-ap325rxa/setup.c:extern char ap325rxa_sdram_enter_start;
arch/sh/boards/mach-ap325rxa/setup.c:extern char ap325rxa_sdram_enter_end;
arch/sh/boards/mach-ap325rxa/setup.c:extern char ap325rxa_sdram_leave_start;
arch/sh/boards/mach-ap325rxa/setup.c:extern char ap325rxa_sdram_leave_end;
arch/sh/boards/mach-ecovec24/setup.c:extern char ecovec24_sdram_enter_start;
arch/sh/boards/mach-ecovec24/setup.c:extern char ecovec24_sdram_enter_end;
arch/sh/boards/mach-ecovec24/setup.c:extern char ecovec24_sdram_leave_start;
arch/sh/boards/mach-ecovec24/setup.c:extern char ecovec24_sdram_leave_end;
arch/sh/boards/mach-kfr2r09/setup.c:extern char kfr2r09_sdram_enter_start;
arch/sh/boards/mach-kfr2r09/setup.c:extern char kfr2r09_sdram_enter_end;
arch/sh/boards/mach-kfr2r09/setup.c:extern char kfr2r09_sdram_leave_start;
arch/sh/boards/mach-kfr2r09/setup.c:extern char kfr2r09_sdram_leave_end;
arch/sh/boards/mach-migor/setup.c:extern char migor_sdram_enter_start;
arch/sh/boards/mach-migor/setup.c:extern char migor_sdram_enter_end;
arch/sh/boards/mach-migor/setup.c:extern char migor_sdram_leave_start;
arch/sh/boards/mach-migor/setup.c:extern char migor_sdram_leave_end;
arch/sh/boards/mach-se/7724/setup.c:extern char ms7724se_sdram_enter_start;
arch/sh/boards/mach-se/7724/setup.c:extern char ms7724se_sdram_enter_end;
arch/sh/boards/mach-se/7724/setup.c:extern char ms7724se_sdram_leave_start;
arch/sh/boards/mach-se/7724/setup.c:extern char ms7724se_sdram_leave_end;
arch/sh/kernel/cpu/shmobile/pm.c:extern char sh_mobile_sleep_enter_start;
arch/sh/kernel/cpu/shmobile/pm.c:extern char sh_mobile_sleep_enter_end;
arch/sh/kernel/cpu/shmobile/pm.c:extern char sh_mobile_sleep_resume_start;
arch/sh/kernel/cpu/shmobile/pm.c:extern char sh_mobile_sleep_resume_end;
arch/x86/entry/vsyscall/vsyscall_64.c: extern char __vsyscall_page;
arch/x86/include/asm/vvar.h:extern char __vvar_page;
kernel/configs.c:extern char kernel_config_data;
kernel/configs.c:extern char kernel_config_data_end;
net/bpfilter/bpfilter_kern.c:extern char bpfilter_umh_start;
net/bpfilter/bpfilter_kern.c:extern char bpfilter_umh_end;
samples/bpf/task_fd_query_user.c: extern char __executable_start;
tools/testing/selftests/kvm/lib/aarch64/processor.c: extern char vectors;
tools/testing/selftests/x86/test_syscall_vdso.c:extern char int80;
Of those, it looks like only a handful might trip FORTIFY:
$ for i in $(git grep 'extern char [^\*\[\( ]*;' | grep -v boot/ | awk -F' ' '{print $NF}' | cut -d';' -f1); do git grep -E '(strcpy|memcpy|memset).*'"$i",; done
arch/arm/mach-rockchip/platsmp.c: memcpy_toio(sram_base_addr, &rockchip_secondary_trampoline, trampoline_sz);
arch/arm/mach-zynq/platsmp.c: memcpy_toio(zero, &zynq_secondary_trampoline,
arch/mips/dec/prom/memory.c: memcpy((void *)(CKSEG0 + 0x80), &genexcept_early, 0x80);
arch/sh/kernel/cpu/shmobile/pm.c: memcpy(vp, &sh_mobile_sleep_enter_start, n);
arch/sh/kernel/cpu/shmobile/pm.c: memcpy(vp, &sh_mobile_sleep_resume_start, n);
arch/arm64/mm/trans_pgd.c: memcpy(hyp_stub, &trans_pgd_stub_vectors, ARM64_VECTOR_TABLE_LEN);
--
Kees Cook
next prev parent reply other threads:[~2023-03-03 20:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-02 22:49 [PATCH] kheaders: Use array declaration instead of char Kees Cook
2023-03-03 3:08 ` Joel Fernandes
2023-03-03 15:19 ` Alexander Lobakin
2023-03-03 20:36 ` Kees Cook [this message]
2023-03-06 10:39 ` Alexander Lobakin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=64025a3a.170a0220.dba96.3fcf@mx.google.com \
--to=keescook@chromium.org \
--cc=aleksander.lobakin@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=joel@joelfernandes.org \
--cc=kuba@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.