diff mbox series

[v2,42/63] net: dccp: Use memset_startat() for TP zeroing

Message ID	20210818060533.3569517-43-keescook@chromium.org (mailing list archive)
State	Not Applicable
Delegated to:	Netdev Maintainers
Headers	show Return-Path: <netdev-owner@kernel.org> From: Kees Cook <keescook@chromium.org> To: linux-kernel@vger.kernel.org Cc: Kees Cook <keescook@chromium.org>, "David S. Miller" <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org>, dccp@vger.kernel.org, netdev@vger.kernel.org, "Gustavo A. R. Silva" <gustavoars@kernel.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Andrew Morton <akpm@linux-foundation.org>, linux-wireless@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-staging@lists.linux.dev, linux-block@vger.kernel.org, linux-kbuild@vger.kernel.org, clang-built-linux@googlegroups.com, Rasmus Villemoes <linux@rasmusvillemoes.dk>, linux-hardening@vger.kernel.org Subject: [PATCH v2 42/63] net: dccp: Use memset_startat() for TP zeroing Date: Tue, 17 Aug 2021 23:05:12 -0700 Message-Id: <20210818060533.3569517-43-keescook@chromium.org> In-Reply-To: <20210818060533.3569517-1-keescook@chromium.org> References: <20210818060533.3569517-1-keescook@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Introduce strict memcpy() bounds checking \| expand [v2,00/63] Introduce strict memcpy() bounds checking [v2,01/63] ipw2x00: Avoid field-overflowing memcpy() [v2,02/63] net/mlx5e: Avoid field-overflowing memcpy() [v2,03/63] rpmsg: glink: Replace strncpy() with strscpy_pad() [v2,04/63] pcmcia: ray_cs: Split memcpy() to avoid bounds check warning [v2,05/63] stddef: Introduce struct_group() helper macro [v2,06/63] cxl/core: Replace unions with struct_group() [v2,07/63] skbuff: Switch structure bounds to struct_group() [v2,08/63] bnxt_en: Use struct_group_attr() for memcpy() region [v2,09/63] mwl8k: Use struct_group() for memcpy() region [v2,10/63] libertas: Use struct_group() for memcpy() region [v2,11/63] libertas_tf: Use struct_group() for memcpy() region [v2,12/63] thermal: intel: int340x_thermal: Use struct_group() for memcpy() region [v2,13/63] iommu/amd: Use struct_group() for memcpy() region [v2,14/63] cxgb3: Use struct_group() for memcpy() region [v2,15/63] intersil: Use struct_group() for memcpy() region [v2,16/63] cxgb4: Use struct_group() for memcpy() region [v2,17/63] bnx2x: Use struct_group() for memcpy() region [v2,18/63] drm/amd/pm: Use struct_group() for memcpy() region [v2,19/63] staging: wlan-ng: Use struct_group() for memcpy() region [v2,20/63] drm/mga/mga_ioc32: Use struct_group() for memcpy() region [v2,21/63] net/mlx5e: Use struct_group() for memcpy() region [v2,22/63] HID: cp2112: Use struct_group() for memcpy() region [v2,23/63] media: omap3isp: Use struct_group() for memcpy() region [v2,24/63] sata_fsl: Use struct_group() for memcpy() region [v2,25/63] compiler_types.h: Remove __compiletime_object_size() [v2,26/63] lib/string: Move helper functions out of string.c [v2,27/63] fortify: Move remaining fortify helpers into fortify-string.h [v2,28/63] fortify: Explicitly disable Clang support [v2,29/63] fortify: Fix dropped strcpy() compile-time write overflow check [v2,30/63] fortify: Prepare to improve strnlen() and strlen() warnings [v2,31/63] fortify: Allow strlen() and strnlen() to pass compile-time known lengths [v2,32/63] fortify: Add compile-time FORTIFY_SOURCE tests [v2,33/63] lib: Introduce CONFIG_TEST_MEMCPY [v2,34/63] fortify: Detect struct member overflows in memcpy() at compile-time [v2,35/63] fortify: Detect struct member overflows in memmove() at compile-time [v2,36/63] scsi: ibmvscsi: Avoid multi-field memset() overflow by aiming at srp [v2,37/63] string.h: Introduce memset_after() for wiping trailing members/padding [v2,38/63] xfrm: Use memset_after() to clear padding [v2,39/63] ipv6: Use memset_after() to zero rt6_info [v2,40/63] netfilter: conntrack: Use memset_startat() to zero struct nf_conn [v2,41/63] net: 802: Use memset_startat() to clear struct fields [v2,42/63] net: dccp: Use memset_startat() for TP zeroing [v2,43/63] net: qede: Use memset_startat() for counters [v2,44/63] mac80211: Use memset_after() to clear tx status [v2,45/63] ath11k: Use memset_startat() for clearing queue descriptors [v2,46/63] iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl [v2,47/63] intel_th: msu: Use memset_startat() for clearing hw header [v2,48/63] IB/mthca: Use memset_startat() for clearing mpt_entry [v2,49/63] btrfs: Use memset_startat() to clear end of struct [v2,50/63] tracing: Use memset_startat() to zero struct trace_iterator [v2,51/63] drbd: Use struct_group() to zero algs [v2,52/63] cm4000_cs: Use struct_group() to zero struct cm4000_dev region [v2,53/63] KVM: x86: Use struct_group() to zero decode cache [v2,54/63] dm integrity: Use struct_group() to zero struct journal_sector [v2,55/63] HID: roccat: Use struct_group() to zero kone_mouse_event [v2,56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr [v2,57/63] powerpc/signal32: Use struct_group() to zero spe regs [v2,58/63] ethtool: stats: Use struct_group() to clear all stats at once [v2,59/63] can: flexcan: Use struct_group() to zero struct flexcan_regs regions [v2,60/63] net/af_iucv: Use struct_group() to zero struct iucv_sock region [v2,61/63] powerpc: Split memset() to avoid multi-field overflow [v2,62/63] fortify: Detect struct member overflows in memset() at compile-time [v2,63/63] fortify: Work around Clang inlining bugs

Checks

Context	Check	Description
netdev/cover_letter	success	Link
netdev/fixes_present	success	Link
netdev/patch_count	fail	Series longer than 15 patches
netdev/tree_selection	success	Guessed tree name to be net-next
netdev/subject_prefix	success	Link
netdev/cc_maintainers	warning	2 maintainers not CCed: ndesaulniers@google.com nathan@kernel.org
netdev/source_inline	success	Was 0 now: 0
netdev/verify_signedoff	success	Link
netdev/module_param	success	Was 0 now: 0
netdev/build_32bit	success	Errors and warnings before: 6 this patch: 6
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/verify_fixes	success	Link
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 10 lines checked
netdev/build_allmodconfig_warn	success	Errors and warnings before: 6 this patch: 6
netdev/header_inline	success	Link

Commit Message

Kees Cook Aug. 18, 2021, 6:05 a.m. UTC

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memset(), avoid intentionally writing across
neighboring fields.

Use memset_startat() so memset() doesn't get confused about writing
beyond the destination member that is intended to be the starting point
of zeroing through the end of the struct.

Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: dccp@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 net/dccp/trace.h | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff mbox series

Patch

diff --git a/net/dccp/trace.h b/net/dccp/trace.h
index 5062421beee9..5a43b3508c7f 100644
--- a/net/dccp/trace.h
+++ b/net/dccp/trace.h
@@ -60,9 +60,7 @@  TRACE_EVENT(dccp_probe,
 			__entry->tx_t_ipi = hc->tx_t_ipi;
 		} else {
 			__entry->tx_s = 0;
-			memset(&__entry->tx_rtt, 0, (void *)&__entry->tx_t_ipi -
-			       (void *)&__entry->tx_rtt +
-			       sizeof(__entry->tx_t_ipi));
+			memset_startat(__entry, 0, tx_rtt);
 		}
 	),