diff mbox series

mptcp: Use struct_group() to avoid cross-field memset()

Message ID 20220121073935.1154263-1-keescook@chromium.org (mailing list archive)
State Accepted
Commit 63ec72bd58487935a2e40d2cdffe5c9498f1275e
Delegated to: Netdev Maintainers
Headers show
Series mptcp: Use struct_group() to avoid cross-field memset() | expand

Checks

Context Check Description
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 5 this patch: 5
netdev/cc_maintainers success CCed 6 of 6 maintainers
netdev/build_clang success Errors and warnings before: 24 this patch: 24
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 10 this patch: 10
netdev/checkpatch warning CHECK: Alignment should match open parenthesis
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/tree_selection success Guessing tree name failed - patch did not apply

Commit Message

Kees Cook Jan. 21, 2022, 7:39 a.m. UTC
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.

Use struct_group() to capture the fields to be reset, so that memset()
can be appropriately bounds-checked by the compiler.

Cc: Mat Martineau <mathew.j.martineau@linux.intel.com>
Cc: Matthieu Baerts <matthieu.baerts@tessares.net>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org
Cc: mptcp@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 net/mptcp/protocol.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Mat Martineau Jan. 21, 2022, 8:44 p.m. UTC | #1
On Thu, 20 Jan 2022, Kees Cook wrote:

> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), memmove(), and memset(), avoid
> intentionally writing across neighboring fields.
>
> Use struct_group() to capture the fields to be reset, so that memset()
> can be appropriately bounds-checked by the compiler.
>
> Cc: Mat Martineau <mathew.j.martineau@linux.intel.com>
> Cc: Matthieu Baerts <matthieu.baerts@tessares.net>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: netdev@vger.kernel.org
> Cc: mptcp@lists.linux.dev
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> net/mptcp/protocol.h | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>

Thanks Kees, looks good to me. I checked around for other MPTCP structs 
that would need similar attention and didn't see any.

Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>


> diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
> index 0e6b42c76ea0..85317ce38e3f 100644
> --- a/net/mptcp/protocol.h
> +++ b/net/mptcp/protocol.h
> @@ -408,7 +408,7 @@ DECLARE_PER_CPU(struct mptcp_delegated_action, mptcp_delegated_actions);
> struct mptcp_subflow_context {
> 	struct	list_head node;/* conn_list of subflows */
>
> -	char	reset_start[0];
> +	struct_group(reset,
>
> 	unsigned long avg_pacing_rate; /* protected by msk socket lock */
> 	u64	local_key;
> @@ -458,7 +458,7 @@ struct mptcp_subflow_context {
>
> 	long	delegated_status;
>
> -	char	reset_end[0];
> +	);
>
> 	struct	list_head delegated_node;   /* link into delegated_action, protected by local BH */
>
> @@ -494,7 +494,7 @@ mptcp_subflow_tcp_sock(const struct mptcp_subflow_context *subflow)
> static inline void
> mptcp_subflow_ctx_reset(struct mptcp_subflow_context *subflow)
> {
> -	memset(subflow->reset_start, 0, subflow->reset_end - subflow->reset_start);
> +	memset(&subflow->reset, 0, sizeof(subflow->reset));
> 	subflow->request_mptcp = 1;
> }
>
> -- 
> 2.30.2
>
>

--
Mat Martineau
Intel
patchwork-bot+netdevbpf@kernel.org Jan. 22, 2022, 3:40 a.m. UTC | #2
Hello:

This patch was applied to netdev/net.git (master)
by Jakub Kicinski <kuba@kernel.org>:

On Thu, 20 Jan 2022 23:39:35 -0800 you wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), memmove(), and memset(), avoid
> intentionally writing across neighboring fields.
> 
> Use struct_group() to capture the fields to be reset, so that memset()
> can be appropriately bounds-checked by the compiler.
> 
> [...]

Here is the summary with links:
  - mptcp: Use struct_group() to avoid cross-field memset()
    https://git.kernel.org/netdev/net/c/63ec72bd5848

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index 0e6b42c76ea0..85317ce38e3f 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -408,7 +408,7 @@  DECLARE_PER_CPU(struct mptcp_delegated_action, mptcp_delegated_actions);
 struct mptcp_subflow_context {
 	struct	list_head node;/* conn_list of subflows */
 
-	char	reset_start[0];
+	struct_group(reset,
 
 	unsigned long avg_pacing_rate; /* protected by msk socket lock */
 	u64	local_key;
@@ -458,7 +458,7 @@  struct mptcp_subflow_context {
 
 	long	delegated_status;
 
-	char	reset_end[0];
+	);
 
 	struct	list_head delegated_node;   /* link into delegated_action, protected by local BH */
 
@@ -494,7 +494,7 @@  mptcp_subflow_tcp_sock(const struct mptcp_subflow_context *subflow)
 static inline void
 mptcp_subflow_ctx_reset(struct mptcp_subflow_context *subflow)
 {
-	memset(subflow->reset_start, 0, subflow->reset_end - subflow->reset_start);
+	memset(&subflow->reset, 0, sizeof(subflow->reset));
 	subflow->request_mptcp = 1;
 }