From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E2239158099 for ; Fri, 1 Dec 2023 10:36:21 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 086E42BC014; Fri, 1 Dec 2023 10:36:21 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DD2B62BC014 for ; Fri, 1 Dec 2023 10:36:20 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id F1771335D6D for ; Fri, 1 Dec 2023 10:36:19 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 6DABF13FA for ; Fri, 1 Dec 2023 10:36:18 +0000 (UTC) From: "Mike Pagano" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Pagano" Message-ID: <1701426913.c7a3f75078a457fe0d157a98bcdbe94b5f19b329.mpagano@gentoo> Subject: [gentoo-commits] proj/linux-patches:6.1 commit in: / X-VCS-Repository: proj/linux-patches X-VCS-Files: 0000_README 2010_Fix_randomize_layout_crash_in_struct_neigh.patch X-VCS-Directories: / X-VCS-Committer: mpagano X-VCS-Committer-Name: Mike Pagano X-VCS-Revision: c7a3f75078a457fe0d157a98bcdbe94b5f19b329 X-VCS-Branch: 6.1 Date: Fri, 1 Dec 2023 10:36:18 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 55219043-c6d5-4a54-8849-e063ba7c319e X-Archives-Hash: bd1ab08f6a3b37ec8aaf6ec82cc75472 commit: c7a3f75078a457fe0d157a98bcdbe94b5f19b329 Author: Mike Pagano gentoo org> AuthorDate: Fri Dec 1 10:35:13 2023 +0000 Commit: Mike Pagano gentoo org> CommitDate: Fri Dec 1 10:35:13 2023 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=c7a3f750 neighbour: Fix __randomize_layout crash in struct neighbour Bug: https://bugs.gentoo.org/918128 Signed-off-by: Mike Pagano gentoo.org> 0000_README | 4 ++ ...ix_randomize_layout_crash_in_struct_neigh.patch | 44 ++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/0000_README b/0000_README index 85eaeddf..8892941f 100644 --- a/0000_README +++ b/0000_README @@ -315,6 +315,10 @@ Patch: 2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch From: https://lore.kernel.org/linux-bluetooth/20190522070540.48895-1-marcel@holtmann.org/raw Desc: Bluetooth: Check key sizes only when Secure Simple Pairing is enabled. See bug #686758 +Patch: 2010_Fix_randomize_layout_crash_in_struct_neigh.patch +From: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=45b3fae4675d +Desc: neighbour: Fix __randomize_layout crash in struct neighbour + Patch: 2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch From: https://bugs.gentoo.org/710790 Desc: tmp513 requies REGMAP_I2C to build. Select it by default in Kconfig. See bug #710790. Thanks to Phil Stracchino diff --git a/2010_Fix_randomize_layout_crash_in_struct_neigh.patch b/2010_Fix_randomize_layout_crash_in_struct_neigh.patch new file mode 100644 index 00000000..8ee50b2f --- /dev/null +++ b/2010_Fix_randomize_layout_crash_in_struct_neigh.patch @@ -0,0 +1,44 @@ +From 45b3fae4675dc1d4ee2d7aefa19d85ee4f891377 Mon Sep 17 00:00:00 2001 +From: "Gustavo A. R. Silva" +Date: Sat, 25 Nov 2023 15:33:58 -0600 +Subject: neighbour: Fix __randomize_layout crash in struct neighbour + +Previously, one-element and zero-length arrays were treated as true +flexible arrays, even though they are actually "fake" flex arrays. +The __randomize_layout would leave them untouched at the end of the +struct, similarly to proper C99 flex-array members. + +However, this approach changed with commit 1ee60356c2dc ("gcc-plugins: +randstruct: Only warn about true flexible arrays"). Now, only C99 +flexible-array members will remain untouched at the end of the struct, +while one-element and zero-length arrays will be subject to randomization. + +Fix a `__randomize_layout` crash in `struct neighbour` by transforming +zero-length array `primary_key` into a proper C99 flexible-array member. + +Fixes: 1ee60356c2dc ("gcc-plugins: randstruct: Only warn about true flexible arrays") +Closes: https://lore.kernel.org/linux-hardening/20231124102458.GB1503258@e124191.cambridge.arm.com/ +Signed-off-by: Gustavo A. R. Silva +Reviewed-by: Kees Cook +Tested-by: Joey Gouly +Link: https://lore.kernel.org/r/ZWJoRsJGnCPdJ3+2@work +Signed-off-by: Paolo Abeni +--- + include/net/neighbour.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/net/neighbour.h b/include/net/neighbour.h +index 07022bb0d44d4b..0d28172193fa63 100644 +--- a/include/net/neighbour.h ++++ b/include/net/neighbour.h +@@ -162,7 +162,7 @@ struct neighbour { + struct rcu_head rcu; + struct net_device *dev; + netdevice_tracker dev_tracker; +- u8 primary_key[0]; ++ u8 primary_key[]; + } __randomize_layout; + + struct neigh_ops { +-- +cgit