You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to improve compile-time object size overflow detection (for things like CONFIG_FORTIFY_SOURCE), add the alloc_size attribute to memory allocation functions. This is complicated by the fact that kmalloc* family may have a usable size greater than the requested size (see ksize()).
Kees Cook <keescook@chromium.org> writes:
> On Fri, Feb 07, 2020 at 03:38:22PM -0500, Daniel Micay wrote:
>> There are some uses of ksize in the kernel making use of the real
>> usable size of memory allocations rather than only the requested
>> amount. It's incorrect when mixed with alloc_size markers, since if a
>> number like 14 is passed that's used as the upper bound, rather than a
>> rounded size like 16 returned by ksize. It's unlikely to trigger any
>> issues with only CONFIG_FORTIFY_SOURCE, but it becomes more likely
>> with -fsanitize=object-size or other library-based usage of
>> __builtin_object_size.
>
> I think the solution here is to use a macro that does the per-bucket
> rounding and applies them to the attributes. Keep the bucket size lists
> in sync will likely need some BUILD_BUG_ON()s or similar.
In order to improve compile-time object size overflow detection (for things like
CONFIG_FORTIFY_SOURCE
), add thealloc_size
attribute to memory allocation functions. This is complicated by the fact thatkmalloc*
family may have a usable size greater than the requested size (seeksize()
).For example, see:
anthraxx/linux-hardened@7466f84
anthraxx/linux-hardened@3299e78
anthraxx/linux-hardened@a2aa805
anthraxx/linux-hardened@41d33dc
anthraxx/linux-hardened@a413687
The text was updated successfully, but these errors were encountered: