[PATCH for-next 00/25] Prepare for better FORTIFY_SOURCE
From: Kees Cook
Date: Sun Aug 22 2021 - 03:51:52 EST
Hi,
This is what I'm going to put into -next in my "overflow" tree, based on
the v2 of the most recent memcpy series[1]. It includes many of the
Ack/Reviewed patches, as well as most of the new helpers, the new
FORTIFY compile-time tests, memcpy() run-time tests, and the start of
the FORTIFY macro refactoring.
Any Acks/Reviews on the fortify changes are appreciated! :)
-Kees
[1] https://lore.kernel.org/lkml/20210818060533.3569517-1-keescook@xxxxxxxxxxxx/
Changes since v2:
- teach script/kernel-doc about struct_group()
- split memset_after() from memset_startat()
- add MAINTAINERS section for FORTIFY_SOURCE
Kees Cook (25):
scsi: ibmvscsi: Avoid multi-field memset() overflow by aiming at srp
powerpc: Split memset() to avoid multi-field overflow
stddef: Fix kerndoc for sizeof_field() and offsetofend()
stddef: Introduce struct_group() helper macro
cxl/core: Replace unions with struct_group()
bnxt_en: Use struct_group_attr() for memcpy() region
iommu/amd: Use struct_group() for memcpy() region
drm/mga/mga_ioc32: Use struct_group() for memcpy() region
HID: cp2112: Use struct_group() for memcpy() region
HID: roccat: Use struct_group() to zero kone_mouse_event
can: flexcan: Use struct_group() to zero struct flexcan_regs regions
cm4000_cs: Use struct_group() to zero struct cm4000_dev region
compiler_types.h: Remove __compiletime_object_size()
lib/string: Move helper functions out of string.c
fortify: Move remaining fortify helpers into fortify-string.h
fortify: Explicitly disable Clang support
fortify: Fix dropped strcpy() compile-time write overflow check
fortify: Prepare to improve strnlen() and strlen() warnings
fortify: Allow strlen() and strnlen() to pass compile-time known
lengths
fortify: Add compile-time FORTIFY_SOURCE tests
lib: Introduce CONFIG_TEST_MEMCPY
string.h: Introduce memset_after() for wiping trailing members/padding
xfrm: Use memset_after() to clear padding
string.h: Introduce memset_startat() for wiping trailing members and
padding
btrfs: Use memset_startat() to clear end of struct
MAINTAINERS | 9 +
arch/arm/boot/compressed/string.c | 1 +
arch/s390/lib/string.c | 3 +
arch/x86/boot/compressed/misc.h | 2 +
arch/x86/boot/compressed/pgtable_64.c | 2 +
arch/x86/lib/string_32.c | 1 +
drivers/char/pcmcia/cm4000_cs.c | 9 +-
drivers/cxl/cxl.h | 61 ++--
drivers/gpu/drm/mga/mga_ioc32.c | 27 +-
drivers/hid/hid-cp2112.c | 14 +-
drivers/hid/hid-roccat-kone.c | 2 +-
drivers/hid/hid-roccat-kone.h | 12 +-
drivers/iommu/amd/init.c | 9 +-
drivers/macintosh/smu.c | 3 +-
drivers/net/can/flexcan.c | 68 ++---
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 4 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h | 14 +-
drivers/scsi/ibmvscsi/ibmvscsi.c | 3 +-
fs/btrfs/root-tree.c | 6 +-
include/linux/compiler-gcc.h | 2 -
include/linux/compiler_types.h | 4 -
include/linux/fortify-string.h | 75 +++--
include/linux/stddef.h | 52 +++-
include/linux/string.h | 44 ++-
include/linux/thread_info.h | 2 +-
include/uapi/drm/mga_drm.h | 22 +-
include/uapi/linux/stddef.h | 21 ++
lib/.gitignore | 2 +
lib/Kconfig.debug | 11 +
lib/Makefile | 34 +++
lib/string.c | 210 +------------
lib/string_helpers.c | 195 ++++++++++++
lib/test_fortify/read_overflow-memchr.c | 5 +
lib/test_fortify/read_overflow-memchr_inv.c | 5 +
lib/test_fortify/read_overflow-memcmp.c | 5 +
lib/test_fortify/read_overflow-memscan.c | 5 +
lib/test_fortify/read_overflow2-memcmp.c | 5 +
lib/test_fortify/read_overflow2-memcpy.c | 5 +
lib/test_fortify/read_overflow2-memmove.c | 5 +
lib/test_fortify/test_fortify.h | 35 +++
lib/test_fortify/write_overflow-memcpy.c | 5 +
lib/test_fortify/write_overflow-memmove.c | 5 +
lib/test_fortify/write_overflow-memset.c | 5 +
lib/test_fortify/write_overflow-strcpy-lit.c | 5 +
lib/test_fortify/write_overflow-strcpy.c | 5 +
lib/test_fortify/write_overflow-strlcpy-src.c | 5 +
lib/test_fortify/write_overflow-strlcpy.c | 5 +
lib/test_fortify/write_overflow-strncpy-src.c | 5 +
lib/test_fortify/write_overflow-strncpy.c | 5 +
lib/test_fortify/write_overflow-strscpy.c | 5 +
lib/test_memcpy.c | 289 ++++++++++++++++++
net/xfrm/xfrm_policy.c | 4 +-
net/xfrm/xfrm_user.c | 2 +-
scripts/kernel-doc | 7 +
scripts/test_fortify.sh | 59 ++++
security/Kconfig | 3 +
56 files changed, 1028 insertions(+), 380 deletions(-)
create mode 100644 lib/test_fortify/read_overflow-memchr.c
create mode 100644 lib/test_fortify/read_overflow-memchr_inv.c
create mode 100644 lib/test_fortify/read_overflow-memcmp.c
create mode 100644 lib/test_fortify/read_overflow-memscan.c
create mode 100644 lib/test_fortify/read_overflow2-memcmp.c
create mode 100644 lib/test_fortify/read_overflow2-memcpy.c
create mode 100644 lib/test_fortify/read_overflow2-memmove.c
create mode 100644 lib/test_fortify/test_fortify.h
create mode 100644 lib/test_fortify/write_overflow-memcpy.c
create mode 100644 lib/test_fortify/write_overflow-memmove.c
create mode 100644 lib/test_fortify/write_overflow-memset.c
create mode 100644 lib/test_fortify/write_overflow-strcpy-lit.c
create mode 100644 lib/test_fortify/write_overflow-strcpy.c
create mode 100644 lib/test_fortify/write_overflow-strlcpy-src.c
create mode 100644 lib/test_fortify/write_overflow-strlcpy.c
create mode 100644 lib/test_fortify/write_overflow-strncpy-src.c
create mode 100644 lib/test_fortify/write_overflow-strncpy.c
create mode 100644 lib/test_fortify/write_overflow-strscpy.c
create mode 100644 lib/test_memcpy.c
create mode 100644 scripts/test_fortify.sh
--
2.30.2