[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/4] x86/entry: Work around Clang __bdos() bug

To: linux-hardening@xxxxxxxxxxxxxxx
From: Kees Cook <keescook@xxxxxxxxxxxx>
Date: Tue, 20 Sep 2022 12:21:59 -0700
Cc: Kees Cook <keescook@xxxxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Nathan Chancellor <nathan@xxxxxxxxxx>, Nick Desaulniers <ndesaulniers@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, llvm@xxxxxxxxxxxxxxx, Siddhesh Poyarekar <siddhesh@xxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Tom Rix <trix@xxxxxxxxxx>, Miguel Ojeda <ojeda@xxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx
Delivery-date: Tue, 20 Sep 2022 19:22:20 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

After expanding bounds checking to use __builtin_dynamic_object_size(),
Clang produces a false positive when building with CONFIG_FORTIFY_SOURCE=y
and CONFIG_UBSAN_BOUNDS=y when operating on an array with a dynamic
offset. Work around this by using a direct assignment of an empty
instance. Avoids this warning:

../include/linux/fortify-string.h:309:4: warning: call to 
__write_overflow_field declared with 'warn
ing' attribute: detected write beyond size of field (1st parameter); maybe use 
struct_group()? [-Wat
tribute-warning]
                        __write_overflow_field(p_size_field, size);
                        ^

which was isolated to the memset() call in xen_load_idt().

Note that this looks very much like another bug that was worked around:
https://github.com/ClangBuiltLinux/linux/issues/1592

Cc: Juergen Gross <jgross@xxxxxxxx>
Cc: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Cc: Nathan Chancellor <nathan@xxxxxxxxxx>
Cc: Nick Desaulniers <ndesaulniers@xxxxxxxxxx>
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx
Cc: llvm@xxxxxxxxxxxxxxx
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
 arch/x86/xen/enlighten_pv.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
index 0ed2e487a693..9b1a58dda935 100644
--- a/arch/x86/xen/enlighten_pv.c
+++ b/arch/x86/xen/enlighten_pv.c
@@ -765,6 +765,7 @@ static void xen_load_idt(const struct desc_ptr *desc)
 {
        static DEFINE_SPINLOCK(lock);
        static struct trap_info traps[257];
+       static const struct trap_info zero = { };
        unsigned out;
 
        trace_xen_cpu_load_idt(desc);
@@ -774,7 +775,7 @@ static void xen_load_idt(const struct desc_ptr *desc)
        memcpy(this_cpu_ptr(&idt_desc), desc, sizeof(idt_desc));
 
        out = xen_convert_trap_info(desc, traps, false);
-       memset(&traps[out], 0, sizeof(traps[0]));
+       traps[out] = zero;
 
        xen_mc_flush();
        if (HYPERVISOR_set_trap_table(traps))
-- 
2.34.1

Follow-Ups:
- Re: [PATCH 1/4] x86/entry: Work around Clang __bdos() bug
  - From: Boris Ostrovsky

Prev by Date: Re: [PATCH] x86/vpmu: fix race-condition in vpmu_load
Next by Date: Re: [PATCH 0/9] Deprecate sysbus_get_default() and get_system_memory() et. al
Previous by thread: [linux-5.4 test] 173260: tolerable FAIL - PUSHED
Next by thread: Re: [PATCH 1/4] x86/entry: Work around Clang __bdos() bug
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.