Re: [PATCH v2 2/2] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
From: Gustavo A. R. Silva
Date: Tue Jan 09 2024 - 09:37:44 EST
On 1/9/24 07:22, Dan Carpenter wrote:
On Tue, Jan 09, 2024 at 06:31:41AM -0600, Gustavo A. R. Silva wrote:
You're arguing that fortify caused a problem.
Yes.
Before: Code working correctly
After: Kernel Panic
At first, I started to question if I was going mad, but then I looked
through the email thread and Harshit tested it and proved that the
kernel does actually panic depending on the .config.
I mean realistically we should backport this patch to old kernels,
right? And if we had to assign a Fixes tag to this it would need to be
the commit which adds Fortify to the kernel. Prior to that commit the
code was fine.
Again, I'm not saying that Fortify is bad overall. Probably in DnD it
would be Chaotic Good where it's overall good but sometimes a pain.
You know what, I think the discrepancy here lies in the fact that, before,
fortify didn't complain about writes across multiple members in the same
struct, as long as we remained between the boundaries of the struct. This
was done via __builtin_object_size(p, 0).
In recent times, that has changed, and now fortify has been tightened to warn
about writes beyond the boundaries of a single object. This is now done via
__builtin_dynamic_object_size(p, 1)/__builtin_object_size(p, 1).
And, if this patch is to be backported, _technically_, the Fixes tag should
probably be assigned to that change from __bos(p, 0) to __bos(p, 1):
commit f68f2ff91512 ("fortify: Detect struct member overflows in memcpy() at compile-time")
In any case, fortify should now emit this sort of warning, and that adds
an extra layer of hardening to the kernel.
Thanks
--
Gustavo