Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp3893091pxb; Mon, 30 Aug 2021 13:14:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwJItND2VYJMRkecxoWQC0G9iOw5TgFJcDoJwQbuvhW+lq2aqdpiGHvyuzyLH0YrrcP+NKq X-Received: by 2002:a05:6402:2286:: with SMTP id cw6mr17300597edb.8.1630354487932; Mon, 30 Aug 2021 13:14:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630354487; cv=none; d=google.com; s=arc-20160816; b=PAfx1wbQMlD1xeZaUStYk0QEfzaEYMnvA/U/oP5+h/a3Dnc4SJNFuoZzE1UDPqdnbv LQ/N+uwXCvhLSxaxvrLRaopViS/DUCOgN3oYplt5nKAYVels2fPZEL10f3TlxfeVCh0J ZCl3ZcPVW1seq2crPOuDVD6vJ5wypL0C8+gu9KTAfua1wGVzhhMcFGfCR2FOrpEtAfo3 OzXYO64e1M8hI8r4bQm6iHaxjy56O77BLqB63F5FDkPUR/pDU7+lJuHalw9de51+XU+R ajjwu2tQYKOKiNyDct7miyIYtCD8Lxg6U83XcJWSLDCrPw1ChVGYwT9YuodxOaSzyGbt CT+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=NyqR6zuX2UnSlgO+2J5doXVmpsPXm+DS8g/36ybZddY=; b=NNs/eiSUw4faemQC5sjfZrdTIH12bZWUpEoFas52nFkhZQGvOu4PnMGT7nNuseO2oW tbMORWTTLciHURfZowFT2Sxeu7qXPlbhVTKMS4pEqP2nnitRNPkD9tVHw5eHXgAYl+la Cqfn6lzoxHhJZGF9S3Q4R4Q26sx03laROqpdWgAFTS2Efl5wXECGzjf7epvif+4/6vu3 8TSt6Qkw6CnxItK0DbhE90qCwbR14MtnLwUaODptWYbOPdaAbdZzhpTilkVJfD1i1J+R xjesIPECxbOQWb3ooHLxHDrCzpCPsP0Kcs+F6B6ARQaa5QU/0oKmsK+uwJySWpX7MwfV 9rng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=SQIeHtMB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f12si5703407edx.586.2021.08.30.13.14.25; Mon, 30 Aug 2021 13:14:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=SQIeHtMB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234907AbhH3UN0 (ORCPT + 99 others); Mon, 30 Aug 2021 16:13:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231499AbhH3UNZ (ORCPT ); Mon, 30 Aug 2021 16:13:25 -0400 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 69106C061575 for ; Mon, 30 Aug 2021 13:12:31 -0700 (PDT) Received: by mail-pj1-x102b.google.com with SMTP id j1so10269528pjv.3 for ; Mon, 30 Aug 2021 13:12:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=NyqR6zuX2UnSlgO+2J5doXVmpsPXm+DS8g/36ybZddY=; b=SQIeHtMBmXoWaJa+oEtkE7Z1Wr1+Gk4thLQ2B11dg25gCON/sRMIUQ2ljp7IqrY8Os VDOxbk7Omq2Pkz+86BFH/5NQSq7osGz1aCoVXyKXmHyt8R9/VCV80GPZM2udmS+cBlv2 ekjmo0brEeHjMdioxs/LOQzXP+9CsqieIfHzM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=NyqR6zuX2UnSlgO+2J5doXVmpsPXm+DS8g/36ybZddY=; b=SKB3dvFYlhYVd0HZgm6maUsyokjZng0G2N1seGYs0hzaNBJO8iu/JzJw7KPDaAehxr vlMsPQryDO8cx3Emi6UCaSID63tfuNfXFysLiNaeXtPBoz9JELYdhX0we79eV+D1WicZ bBUUQyrUKsry9hrdYA4UlxxexC0cl6Hs74XjJLpmLtQIZAFoqcJrlUspFCsM99kiZW3w 4qczCY3s55ulzMSUpvNf+5iTmcuXax+qWCSEiNaSz16oJyF5HFRr+1lcnZ+3I4k73m0/ f9wyAb4dpKzdXIzcw/VXAGeFyS7nlyHqYerOAhdqYrrp0vlTA+4Y9JrcqVwnnwVr+s83 t5KQ== X-Gm-Message-State: AOAM532iGxN+5VRTH9FyCpw1zWgwi45fRGrFke2wDMEH98B6DMmmmqH2 OxWb+bvNGUrnkoMfOG35CRV2xQ== X-Received: by 2002:a17:90a:1990:: with SMTP id 16mr940236pji.11.1630354350873; Mon, 30 Aug 2021 13:12:30 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id c16sm15534732pfb.196.2021.08.30.13.12.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Aug 2021 13:12:30 -0700 (PDT) Date: Mon, 30 Aug 2021 13:12:28 -0700 From: Kees Cook To: Nathan Chancellor Cc: linux-kernel@vger.kernel.org, Arnd Bergmann , "Gustavo A. R. Silva" , Rasmus Villemoes , Keith Packard , Dan Williams , Daniel Vetter , clang-built-linux@googlegroups.com, linux-hardening@vger.kernel.org, llvm@lists.linux.dev Subject: Re: [PATCH v3 0/5] Enable -Warray-bounds and -Wzero-length-bounds Message-ID: <202108301259.1FC43498@keescook> References: <20210827163015.3141722-1-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 30, 2021 at 11:44:54AM -0700, Nathan Chancellor wrote: > On Fri, Aug 27, 2021 at 09:30:10AM -0700, Kees Cook wrote: > > v3: > > - fix typo in treewide conversion (u8 should have been __u8) > > - improve changelog for DECLARE_FLEX_ARRAY patch > > - add acks/reviews > > v2: https://lore.kernel.org/lkml/20210826050458.1540622-1-keescook@chromium.org/ > > v1: https://lore.kernel.org/lkml/20210818081118.1667663-1-keescook@chromium.org/ > > > > Hi, > > > > In support of the improved buffer overflow detection for memcpy(), > > this enables -Warray-bounds and -Wzero-length-bounds globally. Mostly > > it involves some struct member tricks with the new DECLARE_FLEX_ARRAY() > > macro. Everything else is just replacing stacked 0-element arrays > > with actual unions in two related treewide patches. There is one set of > > special cases that were fixed separately[1] and are needed as well. > > > > I'm expecting to carry this series with the memcpy() series in my > > "overflow" tree. Reviews appreciated! :) > > Hi Kees, > > I ran this series through my local build tests and uncovered two > warnings in the same file that appear to be unhandled as of > next-20210830. This is from ARCH=powerpc pseries_defconfig with > clang-14, I did not try earlier versions of clang. Thanks for double-checking! > > arch/powerpc/kernel/signal_32.c:780:2: error: array index 3 is past the end of the array (which contains 1 element) [-Werror,-Warray-bounds] > unsafe_put_sigset_t(&frame->uc.uc_sigmask, oldset, failed); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > [...] > arch/powerpc/kernel/signal_32.c:1044:3: error: array index 2 is past the end of the array (which contains 1 element) [-Werror,-Warray-bounds] > unsafe_put_sigset_t(&old_ctx->uc_sigmask, ¤t->blocked, failed); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This smells like some kind of casting issue. uc_sigmask has only a single unsigned long element but unsafe_put_compat_sigset() seems to be doing stuff with [3], etc. Is it expecting u8? I will keep looking... -- Kees Cook