Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752742AbdGEVwt (ORCPT ); Wed, 5 Jul 2017 17:52:49 -0400 Received: from mail-it0-f46.google.com ([209.85.214.46]:36692 "EHLO mail-it0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752593AbdGEVwp (ORCPT ); Wed, 5 Jul 2017 17:52:45 -0400 MIME-Version: 1.0 In-Reply-To: References: <20170705050500.GA72383@beast> From: Kees Cook Date: Wed, 5 Jul 2017 14:52:34 -0700 X-Google-Sender-Auth: QqvJ3EpqDF7IaHQe6jZ5DpWbkQ8 Message-ID: Subject: Re: [GIT PULL] gcc-plugins updates for v4.13-rc1 To: Arnd Bergmann Cc: Linus Torvalds , Ard Biesheuvel , Linux Kernel Mailing List , Jean Delvare Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 813 Lines: 30 On Wed, Jul 5, 2017 at 2:48 PM, Arnd Bergmann wrote: > On Wed, Jul 5, 2017 at 11:35 PM, Linus Torvalds > wrote: > >> So the issue I think would be good to fix is perhaps best explained by >> pseudo-code >> >> int testfn(struct somestruct __user *p) >> { >> struct somestruct a; >> >> initialize_struct(&a); >> if (copy_to_user(p, &a, sizeof(a))) >> return -EFAULT; >> return 0; >> } >> >> which is obviously made-up code, but is not actually entirely unrealistic. > > This particular example should be handled by > scripts/gcc-plugins/structleak_plugin.c, right? Only if struct somestruct _contains_ a __user pointer. I would love to see this logic expanded, of course. :) -Kees -- Kees Cook Pixel Security