[PATCH v2 37/63] string.h: Introduce memset_after() for wiping trailing... | linux-staging

[PATCH v2 00/63] Introduce strict memcpy() bounds checking · Kees Cook <hidden> · 2021-08-18
[PATCH v2 01/63] ipw2x00: Avoid field-overflowing memcpy() · Kees Cook <hidden> · 2021-08-18
[PATCH v2 02/63] net/mlx5e: Avoid field-overflowing memcpy() · Kees Cook <hidden> · 2021-08-18
[PATCH v2 04/63] pcmcia: ray_cs: Split memcpy() to avoid bounds check warning · Kees Cook <hidden> · 2021-08-18
[PATCH v2 03/63] rpmsg: glink: Replace strncpy() with strscpy_pad() · Kees Cook <hidden> · 2021-08-18
[PATCH v2 05/63] stddef: Introduce struct_group() helper macro · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 05/63] stddef: Introduce struct_group() helper macro · Dan Williams <hidden> · 2021-08-18
[PATCH v2 07/63] skbuff: Switch structure bounds to struct_group() · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 07/63] skbuff: Switch structure bounds to struct_group() · "Jason A. Donenfeld" <Jason@zx2c4.com> · 2021-09-01
[PATCH v2 08/63] bnxt_en: Use struct_group_attr() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 06/63] cxl/core: Replace unions with struct_group() · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 06/63] cxl/core: Replace unions with struct_group() · Dan Williams <hidden> · 2021-08-18
[PATCH v2 09/63] mwl8k: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 10/63] libertas: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 13/63] iommu/amd: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 13/63] iommu/amd: Use struct_group() for memcpy() region · Joerg Roedel <joro@8bytes.org> · 2021-08-18
[PATCH v2 14/63] cxgb3: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 12/63] thermal: intel: int340x_thermal: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 12/63] thermal: intel: int340x_thermal: Use struct_group() for memcpy() region · "Rafael J. Wysocki" <rafael@kernel.org> · 2021-11-23
Re: [PATCH v2 12/63] thermal: intel: int340x_thermal: Use struct_group() for memcpy() region · Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> · 2021-11-23
Re: [PATCH v2 12/63] thermal: intel: int340x_thermal: Use struct_group() for memcpy() region · "Rafael J. Wysocki" <rafael@kernel.org> · 2021-11-24
[PATCH v2 11/63] libertas_tf: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 29/63] fortify: Fix dropped strcpy() compile-time write overflow check · Kees Cook <hidden> · 2021-08-18
[PATCH v2 23/63] media: omap3isp: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 34/63] fortify: Detect struct member overflows in memcpy() at compile-time · Kees Cook <hidden> · 2021-08-18
[PATCH v2 30/63] fortify: Prepare to improve strnlen() and strlen() warnings · Kees Cook <hidden> · 2021-08-18
[PATCH v2 31/63] fortify: Allow strlen() and strnlen() to pass compile-time known lengths · Kees Cook <hidden> · 2021-08-18
[PATCH v2 28/63] fortify: Explicitly disable Clang support · Kees Cook <hidden> · 2021-08-18
[PATCH v2 36/63] scsi: ibmvscsi: Avoid multi-field memset() overflow by aiming at srp · Kees Cook <hidden> · 2021-08-18
[PATCH v2 24/63] sata_fsl: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 35/63] fortify: Detect struct member overflows in memmove() at compile-time · Kees Cook <hidden> · 2021-08-18
[PATCH v2 37/63] string.h: Introduce memset_after() for wiping trailing members/padding · Kees Cook <hidden> · 2021-08-18
[PATCH v2 42/63] net: dccp: Use memset_startat() for TP zeroing · Kees Cook <hidden> · 2021-08-18
[PATCH v2 59/63] can: flexcan: Use struct_group() to zero struct flexcan_regs regions · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 59/63] can: flexcan: Use struct_group() to zero struct flexcan_regs regions · Marc Kleine-Budde <mkl@pengutronix.de> · 2021-08-18
[PATCH v2 60/63] net/af_iucv: Use struct_group() to zero struct iucv_sock region · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 60/63] net/af_iucv: Use struct_group() to zero struct iucv_sock region · Karsten Graul <hidden> · 2021-09-09
[PATCH v2 47/63] intel_th: msu: Use memset_startat() for clearing hw header · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 47/63] intel_th: msu: Use memset_startat() for clearing hw header · Alexander Shishkin <alexander.shishkin@linux.intel.com> · 2021-08-24
[PATCH v2 63/63] fortify: Work around Clang inlining bugs · Kees Cook <hidden> · 2021-08-18
[PATCH v2 61/63] powerpc: Split memset() to avoid multi-field overflow · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 61/63] powerpc: Split memset() to avoid multi-field overflow · Christophe Leroy <hidden> · 2021-08-18
Re: [PATCH v2 61/63] powerpc: Split memset() to avoid multi-field overflow · Kees Cook <hidden> · 2021-08-18
[PATCH v2 62/63] fortify: Detect struct member overflows in memset() at compile-time · Kees Cook <hidden> · 2021-08-18
[PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache · Sean Christopherson <seanjc@google.com> · 2021-08-18
Re: [PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache · Sean Christopherson <seanjc@google.com> · 2021-08-18
Re: [PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache · Kees Cook <hidden> · 2021-08-18
[PATCH v2 17/63] bnx2x: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 19/63] staging: wlan-ng: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 18/63] drm/amd/pm: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 18/63] drm/amd/pm: Use struct_group() for memcpy() region · Lazar, Lijo <hidden> · 2021-08-18
Re: [PATCH v2 18/63] drm/amd/pm: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 18/63] drm/amd/pm: Use struct_group() for memcpy() region · Lazar, Lijo <hidden> · 2021-08-19
Re: [PATCH v2 18/63] drm/amd/pm: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-19
[PATCH v2 46/63] iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl · Kees Cook <hidden> · 2021-08-18
[PATCH v2 38/63] xfrm: Use memset_after() to clear padding · Kees Cook <hidden> · 2021-08-18
[PATCH v2 39/63] ipv6: Use memset_after() to zero rt6_info · Kees Cook <hidden> · 2021-08-18
[PATCH v2 26/63] lib/string: Move helper functions out of string.c · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 26/63] lib/string: Move helper functions out of string.c · Andy Shevchenko <andriy.shevchenko@linux.intel.com> · 2021-08-18
[PATCH v2 48/63] IB/mthca: Use memset_startat() for clearing mpt_entry · Kees Cook <hidden> · 2021-08-18
[PATCH v2 51/63] drbd: Use struct_group() to zero algs · Kees Cook <hidden> · 2021-08-18
[PATCH v2 27/63] fortify: Move remaining fortify helpers into fortify-string.h · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 27/63] fortify: Move remaining fortify helpers into fortify-string.h · Francis Laniel <hidden> · 2021-08-18
[PATCH v2 25/63] compiler_types.h: Remove __compiletime_object_size() · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 25/63] compiler_types.h: Remove __compiletime_object_size() · Miguel Ojeda <hidden> · 2021-08-18
[PATCH v2 50/63] tracing: Use memset_startat() to zero struct trace_iterator · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 50/63] tracing: Use memset_startat() to zero struct trace_iterator · Steven Rostedt <rostedt@goodmis.org> · 2021-08-18
Re: [PATCH v2 50/63] tracing: Use memset_startat() to zero struct trace_iterator · Kees Cook <hidden> · 2021-08-18
[PATCH v2 44/63] mac80211: Use memset_after() to clear tx status · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 44/63] mac80211: Use memset_after() to clear tx status · Johannes Berg <johannes@sipsolutions.net> · 2021-08-18
Re: [PATCH v2 44/63] mac80211: Use memset_after() to clear tx status · Johannes Berg <johannes@sipsolutions.net> · 2021-08-18
Re: [PATCH v2 44/63] mac80211: Use memset_after() to clear tx status · Kees Cook <hidden> · 2021-08-18
[PATCH v2 15/63] intersil: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 16/63] cxgb4: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Jason Gunthorpe <jgg@ziepe.ca> · 2021-08-19
Re: [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Kees Cook <hidden> · 2021-08-19
Re: [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Jason Gunthorpe <jgg@ziepe.ca> · 2021-08-19
Re: [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Kees Cook <hidden> · 2021-08-19
Re: [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Jason Gunthorpe <jgg@ziepe.ca> · 2021-08-20
Re: [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Kees Cook <hidden> · 2021-08-20
[PATCH v2 20/63] drm/mga/mga_ioc32: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 41/63] net: 802: Use memset_startat() to clear struct fields · Kees Cook <hidden> · 2021-08-18
[PATCH v2 43/63] net: qede: Use memset_startat() for counters · Kees Cook <hidden> · 2021-08-18
[PATCH v2 40/63] netfilter: conntrack: Use memset_startat() to zero struct nf_conn · Kees Cook <hidden> · 2021-08-18
[PATCH v2 49/63] btrfs: Use memset_startat() to clear end of struct · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 49/63] btrfs: Use memset_startat() to clear end of struct · Nikolay Borisov <hidden> · 2021-08-18
Re: [PATCH v2 49/63] btrfs: Use memset_startat() to clear end of struct · David Sterba <hidden> · 2021-08-18
[PATCH v2 54/63] dm integrity: Use struct_group() to zero struct journal_sector · Kees Cook <hidden> · 2021-08-18
[PATCH v2 52/63] cm4000_cs: Use struct_group() to zero struct cm4000_dev region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 58/63] ethtool: stats: Use struct_group() to clear all stats at once · Kees Cook <hidden> · 2021-08-18
[PATCH v2 32/63] fortify: Add compile-time FORTIFY_SOURCE tests · Kees Cook <hidden> · 2021-08-18
[PATCH v2 33/63] lib: Introduce CONFIG_TEST_MEMCPY · Kees Cook <hidden> · 2021-08-18
[PATCH v2 55/63] HID: roccat: Use struct_group() to zero kone_mouse_event · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 55/63] HID: roccat: Use struct_group() to zero kone_mouse_event · Jiri Kosina <jikos@kernel.org> · 2021-08-20
[PATCH v2 22/63] HID: cp2112: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 22/63] HID: cp2112: Use struct_group() for memcpy() region · Jiri Kosina <jikos@kernel.org> · 2021-08-20
Re: [PATCH v2 22/63] HID: cp2112: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-20
[PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs · Michael Ellerman <mpe@ellerman.id.au> · 2021-08-20
Re: [PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs · Christophe Leroy <hidden> · 2021-08-20
Re: [PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs · Michael Ellerman <mpe@ellerman.id.au> · 2021-08-20
Re: [PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs · Kees Cook <hidden> · 2021-08-20
Re: [PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs · Michael Ellerman <mpe@ellerman.id.au> · 2021-08-23
[PATCH v2 21/63] net/mlx5e: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 45/63] ath11k: Use memset_startat() for clearing queue descriptors · Kees Cook <hidden> · 2021-08-18

[PATCH v2 37/63] string.h: Introduce memset_after() for wiping trailing members/padding

From: Kees Cook <hidden>
Date: 2021-08-18 06:11:49
Also in: dri-devel, linux-block, linux-hardening, linux-kbuild, linux-wireless, lkml, netdev
Subsystem: generic string library, library code, the rest · Maintainers: Kees Cook, Andrew Morton, Linus Torvalds

A common idiom in kernel code is to wipe the contents of a structure
after a given member. This is especially useful in places where there is
trailing padding. These open-coded cases are usually difficult to read
and very sensitive to struct layout changes. Introduce a new helper,
memset_after() that takes the target struct instance, the byte to write,
and the member name after which the zeroing should start.

Additionally adds memset_startat() for wiping trailing members _starting_
at a specific member instead of after a member, which is more readable
in certain circumstances, but doesn't include any preceding padding.

Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Francis Laniel <redacted>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Daniel Axtens <redacted>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <redacted>
---
 include/linux/string.h | 29 +++++++++++++++++++++++++++++
 lib/test_memcpy.c      | 24 ++++++++++++++++++++++++
 2 files changed, 53 insertions(+)

diff --git a/include/linux/string.h b/include/linux/string.h
index cbe889e404e2..fe56a1774207 100644
--- a/include/linux/string.h
+++ b/include/linux/string.h

@@ -272,6 +272,35 @@ static __always_inline void memcpy_and_pad(void *dest, size_t dest_len,
 		memcpy(dest, src, dest_len);
 }
 
+/**
+ * memset_after - Set a value after a struct member to the end of a struct
+ *
+ * @obj: Address of target struct instance
+ * @v: Byte value to repeatedly write
+ * @member: after which struct member to start writing bytes
+ *
+ * This is good for clearing padding following the given member.
+ */
+#define memset_after(obj, v, member) do {				\
+	memset((u8 *)(obj) + offsetofend(typeof(*(obj)), member), v,	\
+	       sizeof(*(obj)) - offsetofend(typeof(*(obj)), member));	\
+} while (0)
+
+/**
+ * memset_startat - Set a value starting at a member to the end of a struct
+ *
+ * @obj: Address of target struct instance
+ * @v: Byte value to repeatedly write
+ * @member: struct member to start writing at
+ *
+ * Note that if there is padding between the prior member and the target
+ * member, memset_after() should be used to clear the prior padding.
+ */
+#define memset_startat(obj, v, member) do {				\
+	memset((u8 *)(obj) + offsetof(typeof(*(obj)), member), v,	\
+	       sizeof(*(obj)) - offsetof(typeof(*(obj)), member));	\
+} while (0)
+
 /**
  * str_has_prefix - Test if a string has a given prefix
  * @str: The string to test

diff --git a/lib/test_memcpy.c b/lib/test_memcpy.c
index be192b8e82b7..50bc99552a17 100644
--- a/lib/test_memcpy.c
+++ b/lib/test_memcpy.c

@@ -215,6 +215,20 @@ static void memset_test(struct kunit *test)
 			  0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
 			},
 	};
+	struct some_bytes after = {
+		.data = { 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x72,
+			  0x72, 0x72, 0x72, 0x72, 0x72, 0x72, 0x72, 0x72,
+			  0x72, 0x72, 0x72, 0x72, 0x72, 0x72, 0x72, 0x72,
+			  0x72, 0x72, 0x72, 0x72, 0x72, 0x72, 0x72, 0x72,
+			},
+	};
+	struct some_bytes startat = {
+		.data = { 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+			  0x79, 0x79, 0x79, 0x79, 0x79, 0x79, 0x79, 0x79,
+			  0x79, 0x79, 0x79, 0x79, 0x79, 0x79, 0x79, 0x79,
+			  0x79, 0x79, 0x79, 0x79, 0x79, 0x79, 0x79, 0x79,
+			},
+	};
 	struct some_bytes dest = { };
 	int count, value;
 	u8 *ptr;

@@ -245,6 +259,16 @@ static void memset_test(struct kunit *test)
 	ptr += 8;
 	memset(ptr++, value++, count++);
 	compare("argument side-effects", dest, three);
+
+	/* Verify memset_after() */
+	dest = control;
+	memset_after(&dest, 0x72, three);
+	compare("memset_after()", dest, after);
+
+	/* Verify memset_startat() */
+	dest = control;
+	memset_startat(&dest, 0x79, four);
+	compare("memset_startat()", dest, startat);
 #undef TEST_OP
 }

-- 
2.30.2

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help