Re: [PATCH 48/64] drbd: Use struct_group() to zero algs

[PATCH 00/64] Introduce strict memcpy() bounds checking · Kees Cook <hidden> · 2021-07-27
[PATCH 02/64] mac80211: Use flex-array for radiotap header bitmap · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 02/64] mac80211: Use flex-array for radiotap header bitmap · Dan Carpenter <hidden> · 2021-07-28
Re: [PATCH 02/64] mac80211: Use flex-array for radiotap header bitmap · David Sterba <hidden> · 2021-07-28
Re: [PATCH 02/64] mac80211: Use flex-array for radiotap header bitmap · Kees Cook <hidden> · 2021-07-28
Re: [PATCH 02/64] mac80211: Use flex-array for radiotap header bitmap · David Sterba <hidden> · 2021-07-29
Re: [PATCH 02/64] mac80211: Use flex-array for radiotap header bitmap · Kees Cook <hidden> · 2021-07-30
Re: [PATCH 02/64] mac80211: Use flex-array for radiotap header bitmap · Kees Cook <hidden> · 2021-07-28
Re: [PATCH 02/64] mac80211: Use flex-array for radiotap header bitmap · Kees Cook <hidden> · 2021-07-28
Re: [PATCH 02/64] mac80211: Use flex-array for radiotap header bitmap · Kees Cook <hidden> · 2021-07-28
Re: [PATCH 02/64] mac80211: Use flex-array for radiotap header bitmap · Dan Carpenter <hidden> · 2021-07-29
[PATCH 08/64] staging: rtl8192u: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 08/64] staging: rtl8192u: Use struct_group() for memcpy() region · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-07-28
[PATCH 14/64] libertas_tf: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
[PATCH 11/64] net/mlx5e: Avoid field-overflowing memcpy() · Kees Cook <hidden> · 2021-07-27
[PATCH 18/64] cxgb3: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
[PATCH 27/64] HID: cp2112: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
[PATCH 15/64] ipw2x00: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 15/64] ipw2x00: Use struct_group() for memcpy() region · Stanislav Yakovlev <stas.yakovlev@gmail.com> · 2021-07-28
[PATCH 30/64] fortify: Move remaining fortify helpers into fortify-string.h · Kees Cook <hidden> · 2021-07-27
[PATCH 29/64] lib/string: Move helper functions out of string.c · Kees Cook <hidden> · 2021-07-27
[PATCH 26/64] net/mlx5e: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
[PATCH 10/64] lib80211: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 10/64] lib80211: Use struct_group() for memcpy() region · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-07-28
Re: [PATCH 10/64] lib80211: Use struct_group() for memcpy() region · Johannes Berg <johannes@sipsolutions.net> · 2021-08-13
Re: [PATCH 10/64] lib80211: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-13
Re: [PATCH 10/64] lib80211: Use struct_group() for memcpy() region · Johannes Berg <johannes@sipsolutions.net> · 2021-08-13
[PATCH 07/64] staging: rtl8192e: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 07/64] staging: rtl8192e: Use struct_group() for memcpy() region · Larry Finger <hidden> · 2021-07-27
Re: [PATCH 07/64] staging: rtl8192e: Use struct_group() for memcpy() region · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-07-28
[PATCH 22/64] bnx2x: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
[PATCH 12/64] mwl8k: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
[PATCH 13/64] libertas: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
[PATCH 32/64] fortify: Add compile-time FORTIFY_SOURCE tests · Kees Cook <hidden> · 2021-07-27
[PATCH 31/64] fortify: Explicitly disable Clang support · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 31/64] fortify: Explicitly disable Clang support · Nathan Chancellor <nathan@kernel.org> · 2021-07-27
Re: [PATCH 31/64] fortify: Explicitly disable Clang support · Kees Cook <hidden> · 2021-07-27
[PATCH 28/64] compiler_types.h: Remove __compiletime_object_size() · Kees Cook <hidden> · 2021-07-27
[PATCH 25/64] drm/mga/mga_ioc32: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 25/64] drm/mga/mga_ioc32: Use struct_group() for memcpy() region · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-07-28
Re: [PATCH 25/64] drm/mga/mga_ioc32: Use struct_group() for memcpy() region · Daniel Vetter <hidden> · 2021-07-29
Re: [PATCH 25/64] drm/mga/mga_ioc32: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-31
[PATCH 06/64] bnxt_en: Use struct_group_attr() for memcpy() region · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 06/64] bnxt_en: Use struct_group_attr() for memcpy() region · Michael Chan <michael.chan@broadcom.com> · 2021-07-28
Re: [PATCH 06/64] bnxt_en: Use struct_group_attr() for memcpy() region · "Gustavo A. R. Silva" <gustavoars@kernel.org> · 2021-07-28
[PATCH 09/64] staging: rtl8723bs: Avoid field-overflowing memcpy() · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 09/64] staging: rtl8723bs: Avoid field-overflowing memcpy() · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-07-28
[PATCH 05/64] skbuff: Switch structure bounds to struct_group() · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 05/64] skbuff: Switch structure bounds to struct_group() · "Gustavo A. R. Silva" <gustavoars@kernel.org> · 2021-07-28
[PATCH 03/64] rpmsg: glink: Replace strncpy() with strscpy_pad() · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 03/64] rpmsg: glink: Replace strncpy() with strscpy_pad() · "Gustavo A. R. Silva" <gustavoars@kernel.org> · 2021-07-28
[PATCH 04/64] stddef: Introduce struct_group() helper macro · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 04/64] stddef: Introduce struct_group() helper macro · "Gustavo A. R. Silva" <gustavoars@kernel.org> · 2021-07-28
Re: [PATCH 04/64] stddef: Introduce struct_group() helper macro · Rasmus Villemoes <linux@rasmusvillemoes.dk> · 2021-07-28
Re: [PATCH 04/64] stddef: Introduce struct_group() helper macro · Kees Cook <hidden> · 2021-07-28
Re: [PATCH 04/64] stddef: Introduce struct_group() helper macro · Williams, Dan J <hidden> · 2021-07-30
Re: [PATCH 04/64] stddef: Introduce struct_group() helper macro · Kees Cook <hidden> · 2021-07-31
[PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · "Gustavo A. R. Silva" <gustavoars@kernel.org> · 2021-07-28
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · Kees Cook <hidden> · 2021-07-28
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · David Sterba <hidden> · 2021-07-28
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · Dan Carpenter <hidden> · 2021-07-28
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · Bart Van Assche <bvanassche@acm.org> · 2021-07-28
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · David Sterba <hidden> · 2021-07-28
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-07-29
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · Dan Carpenter <hidden> · 2021-07-29
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · Kees Cook <hidden> · 2021-07-30
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · David Sterba <hidden> · 2021-07-30
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · Dan Carpenter <hidden> · 2021-07-30
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · Kees Cook <hidden> · 2021-07-30
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · Nick Desaulniers <hidden> · 2021-07-30
Re: [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region · Kees Cook <hidden> · 2021-07-30
[PATCH 64/64] fortify: Add run-time WARN for cross-field memcpy() · Kees Cook <hidden> · 2021-07-27
[PATCH 47/64] btrfs: Use memset_after() to clear end of struct · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 47/64] btrfs: Use memset_after() to clear end of struct · David Sterba <hidden> · 2021-07-28
Re: [PATCH 47/64] btrfs: Use memset_after() to clear end of struct · Kees Cook <hidden> · 2021-07-28
Re: [PATCH 47/64] btrfs: Use memset_after() to clear end of struct · David Sterba <hidden> · 2021-07-29
Re: [PATCH 47/64] btrfs: Use memset_after() to clear end of struct · Kees Cook <hidden> · 2021-07-31
Re: [PATCH 47/64] btrfs: Use memset_after() to clear end of struct · David Sterba <hidden> · 2021-08-09
[PATCH 40/64] net: 802: Use memset_after() to clear struct fields · Kees Cook <hidden> · 2021-07-27
[PATCH 16/64] thermal: intel: int340x_thermal: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
[PATCH 55/64] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Kees Cook <hidden> · 2021-07-27
[PATCH 17/64] iommu/amd: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
[PATCH 42/64] net: qede: Use memset_after() for counters · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 42/64] net: qede: Use memset_after() for counters · Kees Cook <hidden> · 2021-07-31
[PATCH 63/64] iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write · Kees Cook <hidden> · 2021-07-27
[PATCH 41/64] net: dccp: Use memset_after() for TP zeroing · Kees Cook <hidden> · 2021-07-27
[PATCH 43/64] ath11k: Use memset_after() for clearing queue descriptors · Kees Cook <hidden> · 2021-07-27
[PATCH 38/64] xfrm: Use memset_after() to clear padding · Kees Cook <hidden> · 2021-07-27
[PATCH 44/64] iw_cxgb4: Use memset_after() for cpl_t5_pass_accept_rpl · Kees Cook <hidden> · 2021-07-27
[PATCH 53/64] HID: roccat: Use struct_group() to zero kone_mouse_event · Kees Cook <hidden> · 2021-07-27
[PATCH 39/64] mac80211: Use memset_after() to clear tx status · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 39/64] mac80211: Use memset_after() to clear tx status · Kees Cook <hidden> · 2021-07-31
Re: [PATCH 39/64] mac80211: Use memset_after() to clear tx status · Johannes Berg <johannes@sipsolutions.net> · 2021-08-13
Re: [PATCH 39/64] mac80211: Use memset_after() to clear tx status · Kees Cook <hidden> · 2021-08-13
Re: [PATCH 39/64] mac80211: Use memset_after() to clear tx status · Johannes Berg <johannes@sipsolutions.net> · 2021-08-13
Re: [PATCH 39/64] mac80211: Use memset_after() to clear tx status · Johannes Berg <johannes@sipsolutions.net> · 2021-08-13
[PATCH 19/64] ip: Use struct_group() for memcpy() regions · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 19/64] ip: Use struct_group() for memcpy() regions · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-07-28
Re: [PATCH 19/64] ip: Use struct_group() for memcpy() regions · Gustavo A. R. Silva <hidden> · 2021-07-28
Re: [PATCH 19/64] ip: Use struct_group() for memcpy() regions · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-07-28
Re: [PATCH 19/64] ip: Use struct_group() for memcpy() regions · Gustavo A. R. Silva <hidden> · 2021-07-28
Re: [PATCH 19/64] ip: Use struct_group() for memcpy() regions · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-07-28
Re: [PATCH 19/64] ip: Use struct_group() for memcpy() regions · Gustavo A. R. Silva <hidden> · 2021-07-28
Re: [PATCH 19/64] ip: Use struct_group() for memcpy() regions · Kees Cook <hidden> · 2021-07-28
Re: [PATCH 19/64] ip: Use struct_group() for memcpy() regions · Bart Van Assche <bvanassche@acm.org> · 2021-07-29
[PATCH 54/64] ipv6: Use struct_group() to zero rt6_info · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 54/64] ipv6: Use struct_group() to zero rt6_info · Jakub Kicinski <kuba@kernel.org> · 2021-07-29
Re: [PATCH 54/64] ipv6: Use struct_group() to zero rt6_info · Kees Cook <hidden> · 2021-07-31
[PATCH 50/64] KVM: x86: Use struct_group() to zero decode cache · Kees Cook <hidden> · 2021-07-27
[PATCH 56/64] ethtool: stats: Use struct_group() to clear all stats at once · Kees Cook <hidden> · 2021-07-27
[PATCH 61/64] Makefile: Enable -Warray-bounds · Kees Cook <hidden> · 2021-07-27
[PATCH 57/64] netfilter: conntrack: Use struct_group() to zero struct nf_conn · Kees Cook <hidden> · 2021-07-27
[PATCH 36/64] scsi: ibmvscsi: Avoid multi-field memset() overflow by aiming at srp · Kees Cook <hidden> · 2021-07-27
[PATCH 51/64] tracing: Use struct_group() to zero struct trace_iterator · Kees Cook <hidden> · 2021-07-27
[PATCH 23/64] drm/amd/pm: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 23/64] drm/amd/pm: Use struct_group() for memcpy() region · Alex Deucher <hidden> · 2021-07-30
[PATCH 58/64] powerpc: Split memset() to avoid multi-field overflow · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 58/64] powerpc: Split memset() to avoid multi-field overflow · Michael Ellerman <mpe@ellerman.id.au> · 2021-08-05
[PATCH 33/64] lib: Introduce CONFIG_TEST_MEMCPY · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 33/64] lib: Introduce CONFIG_TEST_MEMCPY · Bart Van Assche <bvanassche@acm.org> · 2021-07-27
Re: [PATCH 33/64] lib: Introduce CONFIG_TEST_MEMCPY · Randy Dunlap <hidden> · 2021-07-27
Re: [PATCH 33/64] lib: Introduce CONFIG_TEST_MEMCPY · Kees Cook <hidden> · 2021-07-28
[PATCH 52/64] dm integrity: Use struct_group() to zero struct journal_sector · Kees Cook <hidden> · 2021-07-27
[PATCH 34/64] fortify: Detect struct member overflows in memcpy() at compile-time · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 34/64] fortify: Detect struct member overflows in memcpy() at compile-time · Nick Desaulniers <hidden> · 2021-07-27
Re: [PATCH 34/64] fortify: Detect struct member overflows in memcpy() at compile-time · Kees Cook <hidden> · 2021-07-28
Re: [PATCH 34/64] fortify: Detect struct member overflows in memcpy() at compile-time · Rasmus Villemoes <linux@rasmusvillemoes.dk> · 2021-07-28
Re: [PATCH 34/64] fortify: Detect struct member overflows in memcpy() at compile-time · Kees Cook <hidden> · 2021-07-30
[PATCH 24/64] staging: wlan-ng: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 24/64] staging: wlan-ng: Use struct_group() for memcpy() region · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-07-28
[PATCH 46/64] IB/mthca: Use memset_after() for clearing mpt_entry · Kees Cook <hidden> · 2021-07-27
[PATCH 49/64] cm4000_cs: Use struct_group() to zero struct cm4000_dev region · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 49/64] cm4000_cs: Use struct_group() to zero struct cm4000_dev region · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-07-28
[PATCH 60/64] fortify: Work around Clang inlining bugs · Kees Cook <hidden> · 2021-07-27
[PATCH 21/64] cxgb4: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
[PATCH 45/64] intel_th: msu: Use memset_after() for clearing hw header · Kees Cook <hidden> · 2021-07-27
[PATCH 62/64] netlink: Avoid false-positive memcpy() warning · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 62/64] netlink: Avoid false-positive memcpy() warning · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-07-28
Re: [PATCH 62/64] netlink: Avoid false-positive memcpy() warning · Rasmus Villemoes <linux@rasmusvillemoes.dk> · 2021-07-28
Re: [PATCH 62/64] netlink: Avoid false-positive memcpy() warning · Kees Cook <hidden> · 2021-07-30
Re: [PATCH 62/64] netlink: Avoid false-positive memcpy() warning · Kees Cook <hidden> · 2021-07-30
[PATCH 20/64] intersil: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-07-27
[PATCH 35/64] fortify: Detect struct member overflows in memmove() at compile-time · Kees Cook <hidden> · 2021-07-27
[PATCH 37/64] string.h: Introduce memset_after() for wiping trailing members/padding · Kees Cook <hidden> · 2021-07-27
[PATCH 48/64] drbd: Use struct_group() to zero algs · Kees Cook <hidden> · 2021-07-27
Re: [PATCH 48/64] drbd: Use struct_group() to zero algs · Bart Van Assche <bvanassche@acm.org> · 2021-07-28
Re: [PATCH 48/64] drbd: Use struct_group() to zero algs · Kees Cook <hidden> · 2021-07-30
Re: [PATCH 48/64] drbd: Use struct_group() to zero algs · Bart Van Assche <bvanassche@acm.org> · 2021-07-30
Re: [PATCH 48/64] drbd: Use struct_group() to zero algs · Lars Ellenberg <lars.ellenberg@linbit.com> · 2021-07-30
Re: [PATCH 48/64] drbd: Use struct_group() to zero algs · Nick Desaulniers <hidden> · 2021-07-30
[PATCH 59/64] fortify: Detect struct member overflows in memset() at compile-time · Kees Cook <hidden> · 2021-07-27

From: Bart Van Assche <bvanassche@acm.org>
Date: 2021-07-28 21:46:02
Also in: dri-devel, linux-block, linux-hardening, linux-staging, linux-wireless, lkml, netdev

On 7/27/21 1:58 PM, Kees Cook wrote:

quoted hunk ↗ jump to hunk

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memset(), avoid intentionally writing across
neighboring fields.

Add a struct_group() for the algs so that memset() can correctly reason
about the size.

Signed-off-by: Kees Cook <redacted>
---
  drivers/block/drbd/drbd_main.c     | 3 ++-
  drivers/block/drbd/drbd_protocol.h | 6 ++++--
  drivers/block/drbd/drbd_receiver.c | 3 ++-
  3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
index 55234a558e98..b824679cfcb2 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c

@@ -729,7 +729,8 @@ int drbd_send_sync_param(struct drbd_peer_device *peer_device)
  	cmd = apv >= 89 ? P_SYNC_PARAM89 : P_SYNC_PARAM;
  
  	/* initialize verify_alg and csums_alg */
-	memset(p->verify_alg, 0, 2 * SHARED_SECRET_MAX);
+	BUILD_BUG_ON(sizeof(p->algs) != 2 * SHARED_SECRET_MAX);
+	memset(&p->algs, 0, sizeof(p->algs));
  
  	if (get_ldev(peer_device->device)) {
  		dc = rcu_dereference(peer_device->device->ldev->disk_conf);

diff --git a/drivers/block/drbd/drbd_protocol.h b/drivers/block/drbd/drbd_protocol.h
index dea59c92ecc1..a882b65ab5d2 100644
--- a/drivers/block/drbd/drbd_protocol.h
+++ b/drivers/block/drbd/drbd_protocol.h

@@ -283,8 +283,10 @@ struct p_rs_param_89 {
  
  struct p_rs_param_95 {
  	u32 resync_rate;
-	char verify_alg[SHARED_SECRET_MAX];
-	char csums_alg[SHARED_SECRET_MAX];
+	struct_group(algs,
+		char verify_alg[SHARED_SECRET_MAX];
+		char csums_alg[SHARED_SECRET_MAX];
+	);
  	u32 c_plan_ahead;
  	u32 c_delay_target;
  	u32 c_fill_target;

diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
index 1f740e42e457..6df2539e215b 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c

@@ -3921,7 +3921,8 @@ static int receive_SyncParam(struct drbd_connection *connection, struct packet_i
  
  	/* initialize verify_alg and csums_alg */
  	p = pi->data;
-	memset(p->verify_alg, 0, 2 * SHARED_SECRET_MAX);
+	BUILD_BUG_ON(sizeof(p->algs) != 2 * SHARED_SECRET_MAX);
+	memset(&p->algs, 0, sizeof(p->algs));

Using struct_group() introduces complexity. Has it been considered not 
to modify struct p_rs_param_95 and instead to use two memset() calls 
instead of one (one memset() call per member)?

Thanks,

Bart.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help