From patchwork Wed Aug 18 06:04:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12443305 X-Patchwork-Delegate: jikos@jikos.cz Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59C6AC4320A for ; Wed, 18 Aug 2021 06:24:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4663D60FA0 for ; Wed, 18 Aug 2021 06:24:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239849AbhHRGZV (ORCPT ); Wed, 18 Aug 2021 02:25:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48362 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238902AbhHRGYv (ORCPT ); Wed, 18 Aug 2021 02:24:51 -0400 Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FE8EC0612A8 for ; Tue, 17 Aug 2021 23:24:16 -0700 (PDT) Received: by mail-pf1-x429.google.com with SMTP id t13so1096803pfl.6 for ; Tue, 17 Aug 2021 23:24:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=k/wMqZhYPv/ednyUtGVLuOyBDdwE/DxTOa1GSHOTwQw=; b=h1vqsKCq3LguZasBrpDaxLMbE54XIdT056wn+53xSVHzW2Ewxb/OwMHrme5OgTt4Jz Rn6+Nw/UlSdQJuXyyuSYWqcsqPV0JLgcmYGV56fwQSHpm2I+9h+ZIKfx2co1C0VimpZf 7dKUtyu84DuqlRQ87BuDsdzr8aHRxeo0v95wg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=k/wMqZhYPv/ednyUtGVLuOyBDdwE/DxTOa1GSHOTwQw=; b=Qf45QXVWWEikn1qD1L0qTik1BIZ3Lp66nMyDHNcaTGz4HYTCwCTiIQVJEGHtgzORKL GnYhi6JD55/r0h82cTsFjkZUi+0CpoVV7TF4KMJfY14+leic0S4YEsCk+igPhrs7+Z1n vRH/0JR8wglc1vbTXmoZCbmD+EtICmEgjG3WuMQIyJqOX3Ueqb0Xqn+RY+6uzUEcQ15t e7bzcW6HV8wM+qoM4FPHdPv7/xhQi9mkIZoauKcJkNLR0LrgEiVeiE6av9noKm1lTToK LE7MXXoZSKbtiFmWwVboUanNzcvMX90X78BQL9wNAu8hDCtCnY54CySNRrvVpI7xQ9Lf eOuQ== X-Gm-Message-State: AOAM530gO4Tzj0muju8VNZa8j3W11Xpq+CEcbMcGS20gz4y1S+Nhnj1j /DAw5NPtsDiJuTKVNaz3MPsBJA== X-Google-Smtp-Source: ABdhPJwamERI+b3fB1OT2OBb/Oo32Bs69oRVEvsPMoSjLvciwc2SdyfJNwL8U1PKVMBNffysj5z0og== X-Received: by 2002:a62:1a03:0:b029:3e0:30aa:5172 with SMTP id a3-20020a621a030000b02903e030aa5172mr7615458pfa.69.1629267856113; Tue, 17 Aug 2021 23:24:16 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id p17sm3873060pjg.54.2021.08.17.23.24.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Aug 2021 23:24:14 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Jiri Kosina , Benjamin Tissoires , linux-input@vger.kernel.org, "Gustavo A. R. Silva" , Greg Kroah-Hartman , Andrew Morton , linux-wireless@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-staging@lists.linux.dev, linux-block@vger.kernel.org, linux-kbuild@vger.kernel.org, clang-built-linux@googlegroups.com, Rasmus Villemoes , linux-hardening@vger.kernel.org Subject: [PATCH v2 22/63] HID: cp2112: Use struct_group() for memcpy() region Date: Tue, 17 Aug 2021 23:04:52 -0700 Message-Id: <20210818060533.3569517-23-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818060533.3569517-1-keescook@chromium.org> References: <20210818060533.3569517-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2247; h=from:subject; bh=/f7Uu4v/C7D/CabqYQdkLwI9T63RoTYSlGbQfk4by30=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHKMi/T6L3PaIJG69XO7seVV8nfPKvnO/RnRfY1YP eqF5TIqJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYRyjIgAKCRCJcvTf3G3AJiqND/ 4o9z0rLLj4NSz3P+N5dEODqZN+0JFe68SJEpcnI/yqBAJ991CZgBW3P4hegMy7LP416vg4a8VXWuZf PdkwM1HtKI3bOIJmJ/oXuHc0Cd8E1/i9IdhWeZkwnk4ATdl52t6KiufRupzJ474wQ6gIOIfDj0KQ0R kyIFkhVeoA2Kr7NRe3qo9ChOoz9iHtgIp5yRu2OL9iopUm7HJMVli+T8Rkjfs1WdXgucAW17dFCaQf jscROMyLQGnCUMePS1yvQgUiFCFi1PlQtlLu+P7JTZudtLxFONjQCqvINDVVTB7e+TdY6/uBtgZzeK irTF7jSjV82n7MLfw4dCwSr5O2rrLJUaRZRfu6EiE2apChq5mvhSkWogW11l43Du1tv0vSY8wCE7XA sqKXkssO6OXrNOfPC9zrrUYQOnTwssqdo4orsoUV57XBYhxldJWv/VtIL/gNK2X1AMSQ2l2j8jVWtm /ZmkiVPYHo1cAbq84GdiW7UhznMM4bt9KCq8jxr7jM/YO6AI8nO2vNY/g02E3s1LVpfe2iqQHiaXcU HzwXGWuEQSSIRd009WPzQD3vPRqgiHua6vhSwtjUVgJ7mB06uFmWn0gFEj2FoGkgl1YLXKQ9crqUgL wCJdGavuSKwTapzMz2igVrV/qHEivZbe8115YGPQPbagYEoCWw+9D4gRcRag== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-input@vger.kernel.org In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally writing across neighboring fields. Use struct_group() in struct cp2112_string_report around members report, length, type, and string, so they can be referenced together. This will allow memcpy() and sizeof() to more easily reason about sizes, improve readability, and avoid future warnings about writing beyond the end of report. "pahole" shows no size nor member offset changes to struct cp2112_string_report. "objdump -d" shows no meaningful object code changes (i.e. only source line number induced differences.) Cc: Jiri Kosina Cc: Benjamin Tissoires Cc: linux-input@vger.kernel.org Signed-off-by: Kees Cook --- drivers/hid/hid-cp2112.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/hid/hid-cp2112.c b/drivers/hid/hid-cp2112.c index 477baa30889c..ece147d1a278 100644 --- a/drivers/hid/hid-cp2112.c +++ b/drivers/hid/hid-cp2112.c @@ -129,10 +129,12 @@ struct cp2112_xfer_status_report { struct cp2112_string_report { u8 dummy; /* force .string to be aligned */ - u8 report; /* CP2112_*_STRING */ - u8 length; /* length in bytes of everyting after .report */ - u8 type; /* USB_DT_STRING */ - wchar_t string[30]; /* UTF16_LITTLE_ENDIAN string */ + struct_group_attr(contents, __packed, + u8 report; /* CP2112_*_STRING */ + u8 length; /* length in bytes of everything after .report */ + u8 type; /* USB_DT_STRING */ + wchar_t string[30]; /* UTF16_LITTLE_ENDIAN string */ + ); } __packed; /* Number of times to request transfer status before giving up waiting for a @@ -986,8 +988,8 @@ static ssize_t pstr_show(struct device *kdev, u8 length; int ret; - ret = cp2112_hid_get(hdev, attr->report, &report.report, - sizeof(report) - 1, HID_FEATURE_REPORT); + ret = cp2112_hid_get(hdev, attr->report, (u8 *)&report.contents, + sizeof(report.contents), HID_FEATURE_REPORT); if (ret < 3) { hid_err(hdev, "error reading %s string: %d\n", kattr->attr.name, ret); From patchwork Wed Aug 18 06:05:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12443303 X-Patchwork-Delegate: jikos@jikos.cz Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED472C43216 for ; Wed, 18 Aug 2021 06:24:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 39680610D2 for ; Wed, 18 Aug 2021 06:24:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238263AbhHRGY5 (ORCPT ); Wed, 18 Aug 2021 02:24:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48360 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238655AbhHRGYt (ORCPT ); Wed, 18 Aug 2021 02:24:49 -0400 Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 03A90C0617AD for ; Tue, 17 Aug 2021 23:24:15 -0700 (PDT) Received: by mail-pf1-x432.google.com with SMTP id y190so1099552pfg.7 for ; Tue, 17 Aug 2021 23:24:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=hNEXxevdADdpiZT9yDPKRLqHYKrfWBF19uxfyZWmCGo=; b=EGdWOE7bxdowrmsIKSgjZSgmQoiGO+6J6ji89xZ0Q2fptOidpphd5g7qqYXeSAgP8F HH8T/J8n5DYlHXumOIgXQUvZBImHN7ALjddHiJ17ignvtzPpjV4Byoe7oWxlyDXQgWZD c2+aZ7dLhbaQbRZXx81PpkPBbEKgxoLZ5UKNk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=hNEXxevdADdpiZT9yDPKRLqHYKrfWBF19uxfyZWmCGo=; b=hIHITUIlbWCRZICKbObc/nw1f0SNzK6jpjhTxGg6AwrQ0BgqY8emEkgJY6CLwcGMWp hGj8T1PjisPIRgG8CWpq4ceNFpHrWLC1feWXUgGUzTqE7Zhno5yeK8XZ+emqZigwViMr 6vKQjxHpRh0Ck9CSw6lgA/XkU1vEb75Ts5w41VuwJlR5LwQxHWQonbilPkdxjGATa0Zi TLuiJtII3yEIdLSHSNaaLjk6M7dQ/T7ol9uyYzdKnCZWiLiZ/wtV/wvG7GXXSjgCr24I ++NwAnpTBTa6dltP9qYccuFRwxq8SHbuFmdR/5AOS9svXTrg9L72w52Uq4dDB3KB2ULY YSqw== X-Gm-Message-State: AOAM532TAkAoFs1XzvuCiI3XOpTDtAiftxfocAEw0r71pT1P8c8AIWSe DeTXvLHWQ9xGOpovbFiypz76mQ== X-Google-Smtp-Source: ABdhPJzEZLL4+vuxKf2KA80vRRNe/aKYgSEeAOIcbSklQP4uG9CeHnUETuB9bUeNsXUisBI4mxHrBA== X-Received: by 2002:a65:6658:: with SMTP id z24mr7321502pgv.266.1629267854650; Tue, 17 Aug 2021 23:24:14 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id v9sm5393520pga.82.2021.08.17.23.24.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Aug 2021 23:24:12 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Stefan Achatz , Jiri Kosina , Benjamin Tissoires , linux-input@vger.kernel.org, "Gustavo A. R. Silva" , Greg Kroah-Hartman , Andrew Morton , linux-wireless@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-staging@lists.linux.dev, linux-block@vger.kernel.org, linux-kbuild@vger.kernel.org, clang-built-linux@googlegroups.com, Rasmus Villemoes , linux-hardening@vger.kernel.org Subject: [PATCH v2 55/63] HID: roccat: Use struct_group() to zero kone_mouse_event Date: Tue, 17 Aug 2021 23:05:25 -0700 Message-Id: <20210818060533.3569517-56-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818060533.3569517-1-keescook@chromium.org> References: <20210818060533.3569517-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1908; h=from:subject; bh=1pufhTOQ+Ev1TBqsKxncMFoRA1ZRswld+5UcgY3UHPc=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHKMqezgIdICqUvusV3uxfFgc/NzjoDMPzoTPLXKQ ysx/Q+WJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYRyjKgAKCRCJcvTf3G3AJvMhD/ 4/FvXFOoXTIkumS1QqMpAFhaJGCKF+0RDx/z48DGYo98kCwWG6ybzb+3Sly47Z+VgrSp0nI5xp/nwa 7vzRFjBAI8F/fZVbUlI8Z/Fya+aZbPEeiEK947R3H8Wbap6uVAex0YjyWhhrJ5ZvwN2gBayJJ1WAXz +0fz1YMH8bcbhmSMSRON2ZGR1UjjBuaTH+o0ighQljGy5YLUHHZ+P4xNS0whZ8d+THVIEhrrdzHdRV xQ+rSGFdrgJR7xYVHqTNDyySccjRR12fCgsnFgzx2wmvqD6usQbAtioyZ5ZCTcNXNfyyvHgd++uCyK e638UGzfpOzM5vUWRjmLl1KeEBbobuCg3sgk1AQzR2mUpn6cvbWbZbOyGlGZtTdTn7wCe/qfq120Ud zfBKERaOR0vpEYpiRESonq/qBjud3tRwJ0H/FhwsbPbp2lo15qfYimJ41SEC1abj3Da1Xu61TlMqEd S5Rzg+maFwNcx3sFBdUId31vsspRp/LAtiMPvI3MalLGcTxm9Gdf8i9hEI2yM8v6QUVUqBl/F6N1uW 0dr4/U6A89Pj+zJUWKnGqTw3EZAQEgK5Lbi/njYrrq3JeohlG7jtmoxQDLp3fMw23TORKszxjv3y76 kDqBN4o2faONCRYDcPk3N/ArWnW2NiFPXTb3nBBeYGgetTCuosxxzdiUWWLg== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-input@vger.kernel.org In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memset(), avoid intentionally writing across neighboring fields. Add struct_group() to mark region of struct kone_mouse_event that should be initialized to zero. Cc: Stefan Achatz Cc: Jiri Kosina Cc: Benjamin Tissoires Cc: linux-input@vger.kernel.org Signed-off-by: Kees Cook --- drivers/hid/hid-roccat-kone.c | 2 +- drivers/hid/hid-roccat-kone.h | 12 +++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/hid/hid-roccat-kone.c b/drivers/hid/hid-roccat-kone.c index 1ca64481145e..ea17abc7ad52 100644 --- a/drivers/hid/hid-roccat-kone.c +++ b/drivers/hid/hid-roccat-kone.c @@ -857,7 +857,7 @@ static int kone_raw_event(struct hid_device *hdev, struct hid_report *report, memcpy(&kone->last_mouse_event, event, sizeof(struct kone_mouse_event)); else - memset(&event->tilt, 0, 5); + memset(&event->wipe, 0, sizeof(event->wipe)); kone_keep_values_up_to_date(kone, event); diff --git a/drivers/hid/hid-roccat-kone.h b/drivers/hid/hid-roccat-kone.h index 4a1a9cb76b08..65c800e3addc 100644 --- a/drivers/hid/hid-roccat-kone.h +++ b/drivers/hid/hid-roccat-kone.h @@ -152,11 +152,13 @@ struct kone_mouse_event { uint16_t x; uint16_t y; uint8_t wheel; /* up = 1, down = -1 */ - uint8_t tilt; /* right = 1, left = -1 */ - uint8_t unknown; - uint8_t event; - uint8_t value; /* press = 0, release = 1 */ - uint8_t macro_key; /* 0 to 8 */ + struct_group(wipe, + uint8_t tilt; /* right = 1, left = -1 */ + uint8_t unknown; + uint8_t event; + uint8_t value; /* press = 0, release = 1 */ + uint8_t macro_key; /* 0 to 8 */ + ); } __attribute__ ((__packed__)); enum kone_mouse_events {