Re: [PATCH] ipc/sem: Avoid indexing past end of sem_array

From: Manfred Spraul
Date: Sun May 14 2017 - 09:54:18 EST

Next message: Valentin Sitdikov: "[PATCH v2 0/2] dt-bindings: mfd: Add max7360 mfd driver and DT documentation"
Previous message: Jon Mason: "[GIT PULL] NTB bug fixes for vv4.12"
In reply to: Kees Cook: "[PATCH] ipc/sem: Avoid indexing past end of sem_array"
Next in thread: Kees Cook: "Re: [PATCH] ipc/sem: Avoid indexing past end of sem_array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a multi-part message in MIME format. Hi Kees,

On 05/09/2017 12:23 AM, Kees Cook wrote:

This changes the struct + trailing data pattern to using a void * so that
the end of sem_array is found without possibly indexing past the end which
can upset some static analyzers. Mostly, this ends up avoiding a cast
between different non-void types, which the future randstruct GCC plugin
was warning about.

Two question:
- Would the attached patch work with the randstruct plugin as well?
If we touch the code, then I would propose that we remove sem_base entirely.

- ipc/util.h contains

> #define ipc_rcu_to_struct(p) ((void *)(p+1))

Does this trigger a warning with randstruct as well?
If we have to touch it, then I would remove it by merging struct kern_ipc_perm and struct ipc_rcu.

And, obviously:
Do you see any issues with the attached patch?
--
Manfred

Next message: Valentin Sitdikov: "[PATCH v2 0/2] dt-bindings: mfd: Add max7360 mfd driver and DT documentation"
Previous message: Jon Mason: "[GIT PULL] NTB bug fixes for vv4.12"
In reply to: Kees Cook: "[PATCH] ipc/sem: Avoid indexing past end of sem_array"
Next in thread: Kees Cook: "Re: [PATCH] ipc/sem: Avoid indexing past end of sem_array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]