Re: [PATCH] ipc/sem: Avoid indexing past end of sem_array
From: Manfred Spraul
Date: Sun May 14 2017 - 09:54:18 EST
This is a multi-part message in MIME format.
Hi Kees,
On 05/09/2017 12:23 AM, Kees Cook wrote:
This changes the struct + trailing data pattern to using a void * so that
the end of sem_array is found without possibly indexing past the end which
can upset some static analyzers. Mostly, this ends up avoiding a cast
between different non-void types, which the future randstruct GCC plugin
was warning about.
Two question:
- Would the attached patch work with the randstruct plugin as well?
If we touch the code, then I would propose that we remove sem_base
entirely.
- ipc/util.h contains
> #define ipc_rcu_to_struct(p) ((void *)(p+1))
Does this trigger a warning with randstruct as well?
If we have to touch it, then I would remove it by merging struct
kern_ipc_perm and struct ipc_rcu.
And, obviously:
Do you see any issues with the attached patch?
--
Manfred