From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S971600AbdDTSEf (ORCPT ); Thu, 20 Apr 2017 14:04:35 -0400 Received: from us-smtp-delivery-194.mimecast.com ([216.205.24.194]:24724 "EHLO us-smtp-delivery-194.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S971584AbdDTSEb (ORCPT ); Thu, 20 Apr 2017 14:04:31 -0400 From: Trond Myklebust To: "keescook@chromium.org" , "linux-kernel@vger.kernel.org" CC: "anna.schumaker@netapp.com" , Trond Myklebust , "neilb@suse.com" , "linux-nfs@vger.kernel.org" Subject: Re: [PATCH v2] NFS: Avoid cross-structure casting Thread-Topic: [PATCH v2] NFS: Avoid cross-structure casting Thread-Index: AQHSriFonsAiUOHVt0SLe7LFc3APg6HCIX2AgAyDUQA= Date: Thu, 20 Apr 2017 18:04:23 +0000 Message-ID: <1492711460.82584.0.camel@primarydata.com> References: <20170405152914.GA57260@beast> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [68.49.162.121] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;MWHPR11MB1360;7:YUt55OXhrCOD3FnFLQtWW2hMT86o8+xVgvtfYMQol++ITq03K6WG9oTJx/4Ao/+ZbPw4RJsTVMeKR0eE+LjTxrKkwTXJHkdG1dQRe6laW44rC4rvBljxV2kWaL9Y/Gs4AVe4a9M8x1+BKit+9VWrJNsRI09x3SEou8dSCPiwTyRejuSIZSaEI4r6R0A1u0SjVcR2UPcfy7ciyMDjc16KIgAoJ0P/2cEJ+7XX7qPB9mfv4N12PqyZLruwRN6n1+d2A8anl4i+0Sf+8uZrjeaiPDYjS92S5YVbgsnAVWP9dOCBNZdKus4KiTpOr6C/fky5LtfTEAplY5+Fog/P5bFZ5w==;20:Pgr/7kYI+clfQ/L2HeNuD6e0dsF4IGk/Msytj5BPPurUQpKyiN+zaalLzHHDGD0EuI42Xn6DTn3zms4V1uUan0GMfJ3Rc89DqGvlLQ6cw3IKhls7RTD9ny0oAasv64k1mtLIz+1VnglMkT7G7OtiOVur60xqCC3tjHlVYzIjd+0= x-forefront-antispam-report: SFV:SKI;SCL:-1SFV:NSPM;SFS:(10019020)(6009001)(39410400002)(39400400002)(39450400003)(39840400002)(377454003)(24454002)(377424004)(229853002)(53546009)(6246003)(53936002)(3280700002)(3660700001)(25786009)(2906002)(38730400002)(66066001)(6506006)(2900100001)(99286003)(33646002)(77096006)(7736002)(2950100002)(6512007)(305945005)(54906002)(4326008)(5660300001)(2501003)(8676002)(50986999)(189998001)(54356999)(36756003)(81166006)(86362001)(103116003)(122556002)(8936002)(76176999)(6116002)(3846002)(102836003)(6486002);DIR:OUT;SFP:1102;SCL:1;SRVR:MWHPR11MB1360;H:MWHPR11MB1359.namprd11.prod.outlook.com;FPR:;SPF:None;MLV:sfv;LANG:en; x-ms-office365-filtering-correlation-id: 3f60aa2c-8b45-45d2-693b-08d48817ad23 x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(2017030254075)(201703131423075);SRVR:MWHPR11MB1360; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(192374486261705); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(6041248)(20161123564025)(20161123560025)(20161123562025)(20161123555025)(2016111802025)(201703131423075)(201702281528075)(201703061421075)(6043046)(6072148);SRVR:MWHPR11MB1360;BCL:0;PCL:0;RULEID:;SRVR:MWHPR11MB1360; x-forefront-prvs: 02830F0362 spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-ID: MIME-Version: 1.0 X-OriginatorOrg: primarydata.com X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2017 18:04:23.5556 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 03193ed6-8726-4bb3-a832-18ab0d28adb7 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1360 X-MC-Unique: R9p64PubPPSgeJEUBp5geg-1 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by mail.home.local id v3KI4g8n017006 On Wed, 2017-04-12 at 11:59 -0700, Kees Cook wrote: > On Wed, Apr 5, 2017 at 8:29 AM, Kees Cook > wrote: > > When the call to nfs_devname() fails, the error path attempts to > > retain > > the error via the mnt variable, but this requires a cast across > > very > > different types (char * to struct vfsmount *), which the upcoming > > structure layout randomization plugin flags as being potentially > > dangerous in the face of randomization. This is a false positive, > > but > > what this code actually wants to do is retain the error value, so > > this > > patch explicitly sets it, instead of using what seems to be an > > unexpected cast. > > > > Signed-off-by: Kees Cook > > If I can get an Acked-by on this, I could push it via the gcc-plugin > tree. > > Thanks! > > -Kees > > > --- > > v2: duh, use ERR_CAST. thanks neilb! > > --- > >  fs/nfs/namespace.c | 5 +++-- > >  1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/fs/nfs/namespace.c b/fs/nfs/namespace.c > > index 786f17580582..8ca5d147124d 100644 > > --- a/fs/nfs/namespace.c > > +++ b/fs/nfs/namespace.c > > @@ -259,9 +259,10 @@ struct vfsmount *nfs_do_submount(struct dentry > > *dentry, struct nfs_fh *fh, > >         if (page == NULL) > >                 goto out; > >         devname = nfs_devname(dentry, page, PAGE_SIZE); > > -       mnt = (struct vfsmount *)devname; > > -       if (IS_ERR(devname)) > > +       if (IS_ERR(devname)) { > > +               mnt = ERR_CAST(devname); > >                 goto free_page; > > +       } > >         mnt = nfs_do_clone_mount(NFS_SB(dentry->d_sb), devname, > > &mountdata); > >  free_page: > >         free_page((unsigned long)page); > > -- > > 2.7.4 > > > > > > -- > > Kees Cook > > Pixel Security > Acked-by: Trond Myklebust -- Trond Myklebust Linux NFS client maintainer, PrimaryData trond.myklebust@primarydata.com