Re: [PATCH 4.15,4.14] path.h: Include compiler types to avoid missed struct attributes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Feb 23, 2018 at 09:27:13AM -0800, Kees Cook wrote:
> On Thu, Feb 22, 2018 at 11:08 PM, Greg Kroah-Hartman
> <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> > On Thu, Feb 22, 2018 at 03:34:29PM -0800, Kees Cook wrote:
> >> commit 28128c61e08eaeced9cc8ec0e6b5d677b5b94690 upstream.
> >>
> >> The header files for some structures could get included in such a way
> >> that struct attributes (specifically __randomize_layout from path.h) would
> >> be parsed as variable names instead of attributes. This could lead to
> >> some instances of a structure being unrandomized, causing nasty GPFs, etc.
> >>
> >> This patch makes sure the compiler_types.h header is included in path.h.
> >>
> >> Reported-by: Patrick McLean <chutzpah@xxxxxxxxxx>
> >> Root-caused-by: Maciej S. Szmigiero <mail@xxxxxxxxxxxxxxxxxxxxx>
> >> Suggested-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> >> Tested-by: Maciej S. Szmigiero <mail@xxxxxxxxxxxxxxxxxxxxx>
> >> Fixes: 3859a271a003 ("randstruct: Mark various structs for randomization")
> >> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> >> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> >> [kees: Adjusted to just path.h for -stable, as this is a smaller change]
> >> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> >> ---
> >> This is a much more narrow fix for the issue. I adjusted the commit subject
> >> and body, but still reference the "full" upstream commit. Is this the best
> >> way to handle this?
> >
> > What's wrong with just taking the original upstream commit here?  It's
> > only 2 lines, in kconfig.h instead of path.h.  What is the reason this
> > has to be in path.h for 4.14.y and 4.15.y?
> 
> I was (rightly) worried about unexpected build changes. If you'd
> rather stick to upstream, we can do it. It'll just need at least one
> fix so far:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f9da844d87796ac31b04e81ee95e155e9043132
> 
> Do you want me to just send those two?

I can just take the git commits as-is, right?  If not, a backport is
always welcome :)

thanks,

greg k-h
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]