Re: [PATCH] find: Do not read beyond variable boundaries on small sizes
From: Rasmus Villemoes
Date: Wed Dec 08 2021 - 18:23:16 EST
On 03/12/2021 11.08, Kees Cook wrote:
> It's common practice to cast small variable arguments to the find_*_bit()
> helpers to unsigned long and then use a size argument smaller than
> sizeof(unsigned long):
>
> unsigned int bits;
> ...
> out = find_first_bit((unsigned long *)&bits, 32);
Those call sites need to be fixed, they are broken on BE anyway. And
your __find_bits_deref does nothing to fix (paper over) that if, say,
the caller uses an u32 to store an 8-bit bitmap.
So NAK.
Rasmus