Re: [PATCH] powerpc/signal32: Use struct_group() to zero spe regs

Fri, 19 Nov 2021 08:35:26 -0800 



Le 19/11/2021 à 17:28, Kees Cook a écrit :

On Fri, Nov 19, 2021 at 08:46:27AM +0000, LEROY Christophe wrote:



Le 18/11/2021 à 21:36, Kees Cook a écrit :

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memset(), avoid intentionally writing across
neighboring fields.

Add a struct_group() for the spe registers so that memset() can correctly reason
about the size:

     In function 'fortify_memset_chk',
         inlined from 'restore_user_regs.part.0' at 
arch/powerpc/kernel/signal_32.c:539:3:
     >> include/linux/fortify-string.h:195:4: error: call to 
'__write_overflow_field' declared with attribute warning: detected write beyond size 
of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
       195 |    __write_overflow_field();
           |    ^~~~~~~~~~~~~~~~~~~~~~~~

Reported-by: kernel test robot <l...@intel.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>


Reviewed-by: Christophe Leroy <christophe.le...@csgroup.eu>

However, is it really worth adding that grouping ? Wouldn't it be
cleaner to handle evr[] and acc separately ? Now that we are using
unsafe variants of get/put user performance wouldn't be impacted.


I'm fine with whatever is desired here. I reworked an earlier version of
this patch based on mpe's feedback, so I can certain rework it again. :)



Well, with oddities like the below, it may not be straight forward. If 
the objective is to enable FORTIFY_SOURCE, maybe that's good enough.


Let see if Michael has any opinion.






I have some doubts about things like:

        unsafe_copy_to_user(&frame->mc_vregs, current->thread.evr,
                                    ELF_NEVRREG * sizeof(u32), failed);

Because as far as I can see, ELF_NEVRREG is 34 but mc_vregs is a table
of 33 u32 and is at the end of the structure:

        struct mcontext {
                elf_gregset_t   mc_gregs;
                elf_fpregset_t  mc_fregs;
                unsigned long   mc_pad[2];
                elf_vrregset_t  mc_vregs __attribute__((__aligned__(16)));
        };

        typedef elf_vrreg_t elf_vrregset_t[ELF_NVRREG];

        # define ELF_NEVRREG    34      /* includes acc (as 2) */
        # define ELF_NVRREG     33      /* includes vscr */


I don't know these internals very well -- do you want me to change this
specifically somehow? With the BUILD_BUG_ON()s added, there's no binary
change here -- I wanted to make sure nothing was different in the
output.




Neither do I. I was just scared by what I saw while reviewing your 
patch. A cleanup is probably required but it can be another patch.


Christophe






















					Reply via email to