Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp9421223rwr; Thu, 11 May 2023 14:57:16 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5OMf8bA2rF8LpAWKRTModPf/FuMAdVxgct1zoU7N3ykKwanFp7OZ5txtMPl5ApiNmG71fM X-Received: by 2002:a05:6a20:728d:b0:100:47a5:d754 with SMTP id o13-20020a056a20728d00b0010047a5d754mr22206431pzk.23.1683842235765; Thu, 11 May 2023 14:57:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683842235; cv=none; d=google.com; s=arc-20160816; b=YoHDHFM8Dp2Tei2i3y4qWhpOSxEtavixGOaMknIrnFKIXrnp95RRGpqKb1X+lB4C5T v1eW5KwwSysfcFicJDfcnkPVJ9S9OxJ8IoiVS3UGTxTfesPfhCcHUNIXYM5KUgUQjFtd 8513qAFGm+othedsXt4sMeYVagfMUwR2UvQKh2eDGT5TLdfFe2c9Z0m2wzVoaPjMVZzE ebmSi6e1V0y1cE/e/phBALfP3s9ZLzTsecLiynptATijtV8Kf+lW5k8TNFN7peifAb4c V7s3FDMmpOCFIY7m9NaySyQHM8+1Rl7debgR/Dwg29EJDhIiz+/9dZhiJZkJyG6oc+fz gU3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :organization:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:dkim-signature; bh=hjvm1zm7cWLOP+uGf76IIMlTIPMFKlV+xXfMnXyGB8Q=; b=wkoNyGOZmdOiBDlmhix9Z2cP+kY3BKB8QSnrzQNLBv6eUwIuiAiUlq1VDiBn+CGlPT uD5HSRo1xliW4Y9yXnkD0u/MewGHrNMTUJqd7GoGlVtkS4Y3HLqjXXCxQ3GJ66NidZM8 RSvtkVvbwoMaVGL+fuYtfBkjoSLNSIDlxn4xAdVGjxgtBupqL2rwqEw/83cT2ueIQfLS e6Sj1kfh/gq/D3kuKtD9h104Ju3Fa4BY1sBp2SehzikUXAPUgOx4Rt3sqQz1eapMvNdr GUmI1G7BWcxeyGmJ4nRdLgRYYDnZUNCL9LBNo8FfpG9441dmTWft9dcQPs0XoPGG7qtR 09QQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=Cjhg1vG0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g187-20020a6252c4000000b006434e20d01asi8798910pfb.199.2023.05.11.14.57.03; Thu, 11 May 2023 14:57:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=Cjhg1vG0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239412AbjEKVsr (ORCPT + 99 others); Thu, 11 May 2023 17:48:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47414 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238966AbjEKVso (ORCPT ); Thu, 11 May 2023 17:48:44 -0400 Received: from smtp-relay-canonical-0.canonical.com (smtp-relay-canonical-0.canonical.com [185.125.188.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D2F454690; Thu, 11 May 2023 14:48:42 -0700 (PDT) Received: from [10.230.83.65] (unknown [72.28.92.215]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id 3722440026; Thu, 11 May 2023 21:48:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1683841719; bh=hjvm1zm7cWLOP+uGf76IIMlTIPMFKlV+xXfMnXyGB8Q=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=Cjhg1vG0eHurLwCGA5RC85fFZHhbtKuQVMy4+k9XxNBIQ2RfNELgpNkVU2786iQeU EWeNhfVzikltesWaOsNXR8iVjzsuKOtRFjAqbHv2S5gyQt+bta974N+Z9gtor4AfPD dVSTc/GDABBZ5f2Fo9wphW+bkvJ475qR9CcgmYj/u7rOUWmZURzTCskLqVCdRj7uXw 3BnhIR0AsBqBsLyPIIz83GmU5vJqRz5gMZJYa9J/d3fYIOfpkv0IuavddN5LKNur7U +UheZL1FcyvGu6wfqcPKwdo1H4d2MuuTrzqDpzKEE4XP129oPMZeXOxU1oPUJ9DZEP 9q4Y5MdEPP25g== Message-ID: <7085879d-4d21-b90a-c08d-60450d1c7d38@canonical.com> Date: Thu, 11 May 2023 14:48:29 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: [PATCH] apparmor: aa_buffer: Convert 1-element array to flexible array Content-Language: en-US To: Kees Cook Cc: "Gustavo A . R . Silva" , Paul Moore , James Morris , "Serge E. Hallyn" , apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org References: <20230511213441.never.401-kees@kernel.org> From: John Johansen Organization: Canonical In-Reply-To: <20230511213441.never.401-kees@kernel.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/11/23 14:34, Kees Cook wrote: > In the ongoing effort to convert all fake flexible arrays to proper > flexible arrays, replace aa_buffer's 1-element "buffer" member with a > flexible array. > > Cc: John Johansen > Cc: Gustavo A. R. Silva > Cc: Paul Moore > Cc: James Morris > Cc: "Serge E. Hallyn" > Cc: apparmor@lists.ubuntu.com > Cc: linux-security-module@vger.kernel.org > Signed-off-by: Kees Cook Acked-by: John Johansen I have pulled this into my tree. > --- > One thing I notice here is that it may be rare for "buffer" to ever change > for a given kernel. Could this just be made PATH_MAX * 2 directly and > remove the module parameter, etc, etc? possibly. Currently the only use case I know of is for some stress testing where we drop the buffer size down really small to try and break things. This isn't part of the regular regression runs and could be handle with a config/compile time to a buffer size constant. > --- > security/apparmor/lsm.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index d6cc4812ca53..35eb41bb9e3a 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -46,7 +46,7 @@ int apparmor_initialized; > > union aa_buffer { > struct list_head list; > - char buffer[1]; > + DECLARE_FLEX_ARRAY(char, buffer); > }; > > #define RESERVE_COUNT 2 > @@ -1647,7 +1647,7 @@ char *aa_get_buffer(bool in_atomic) > list_del(&aa_buf->list); > buffer_count--; > spin_unlock(&aa_buffers_lock); > - return &aa_buf->buffer[0]; > + return aa_buf->buffer; > } > if (in_atomic) { > /* > @@ -1670,7 +1670,7 @@ char *aa_get_buffer(bool in_atomic) > pr_warn_once("AppArmor: Failed to allocate a memory buffer.\n"); > return NULL; > } > - return &aa_buf->buffer[0]; > + return aa_buf->buffer; > } > > void aa_put_buffer(char *buf) > @@ -1747,7 +1747,7 @@ static int __init alloc_buffers(void) > destroy_buffers(); > return -ENOMEM; > } > - aa_put_buffer(&aa_buf->buffer[0]); > + aa_put_buffer(aa_buf->buffer); > } > return 0; > }