commit 28128c61e08eaeced9cc8ec0e6b5d677b5b94690 upstream.
The header files for some structures could get included in such a way that struct attributes (specifically __randomize_layout from path.h) would be parsed as variable names instead of attributes. This could lead to some instances of a structure being unrandomized, causing nasty GPFs, etc.
This patch makes sure the compiler_types.h header is included in path.h.
Reported-by: Patrick McLean chutzpah@gentoo.org Root-caused-by: Maciej S. Szmigiero mail@maciej.szmigiero.name Suggested-by: Linus Torvalds torvalds@linux-foundation.org Tested-by: Maciej S. Szmigiero mail@maciej.szmigiero.name Fixes: 3859a271a003 ("randstruct: Mark various structs for randomization") Signed-off-by: Kees Cook keescook@chromium.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org [kees: Adjusted to just path.h for -stable, as this is a smaller change] Signed-off-by: Kees Cook keescook@chromium.org --- This is a much more narrow fix for the issue. I adjusted the commit subject and body, but still reference the "full" upstream commit. Is this the best way to handle this? --- include/linux/path.h | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/include/linux/path.h b/include/linux/path.h index 81e65a5be7ce..74a59d190a3c 100644 --- a/include/linux/path.h +++ b/include/linux/path.h @@ -2,6 +2,8 @@ #ifndef _LINUX_PATH_H #define _LINUX_PATH_H
+#include <linux/compiler_types.h> + struct dentry; struct vfsmount;
On Thu, Feb 22, 2018 at 03:34:29PM -0800, Kees Cook wrote:
commit 28128c61e08eaeced9cc8ec0e6b5d677b5b94690 upstream.
The header files for some structures could get included in such a way that struct attributes (specifically __randomize_layout from path.h) would be parsed as variable names instead of attributes. This could lead to some instances of a structure being unrandomized, causing nasty GPFs, etc.
This patch makes sure the compiler_types.h header is included in path.h.
Reported-by: Patrick McLean chutzpah@gentoo.org Root-caused-by: Maciej S. Szmigiero mail@maciej.szmigiero.name Suggested-by: Linus Torvalds torvalds@linux-foundation.org Tested-by: Maciej S. Szmigiero mail@maciej.szmigiero.name Fixes: 3859a271a003 ("randstruct: Mark various structs for randomization") Signed-off-by: Kees Cook keescook@chromium.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org [kees: Adjusted to just path.h for -stable, as this is a smaller change] Signed-off-by: Kees Cook keescook@chromium.org
This is a much more narrow fix for the issue. I adjusted the commit subject and body, but still reference the "full" upstream commit. Is this the best way to handle this?
What's wrong with just taking the original upstream commit here? It's only 2 lines, in kconfig.h instead of path.h. What is the reason this has to be in path.h for 4.14.y and 4.15.y?
thanks,
greg k-h
On Thu, Feb 22, 2018 at 11:08 PM, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
On Thu, Feb 22, 2018 at 03:34:29PM -0800, Kees Cook wrote:
commit 28128c61e08eaeced9cc8ec0e6b5d677b5b94690 upstream.
The header files for some structures could get included in such a way that struct attributes (specifically __randomize_layout from path.h) would be parsed as variable names instead of attributes. This could lead to some instances of a structure being unrandomized, causing nasty GPFs, etc.
This patch makes sure the compiler_types.h header is included in path.h.
Reported-by: Patrick McLean chutzpah@gentoo.org Root-caused-by: Maciej S. Szmigiero mail@maciej.szmigiero.name Suggested-by: Linus Torvalds torvalds@linux-foundation.org Tested-by: Maciej S. Szmigiero mail@maciej.szmigiero.name Fixes: 3859a271a003 ("randstruct: Mark various structs for randomization") Signed-off-by: Kees Cook keescook@chromium.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org [kees: Adjusted to just path.h for -stable, as this is a smaller change] Signed-off-by: Kees Cook keescook@chromium.org
This is a much more narrow fix for the issue. I adjusted the commit subject and body, but still reference the "full" upstream commit. Is this the best way to handle this?
What's wrong with just taking the original upstream commit here? It's only 2 lines, in kconfig.h instead of path.h. What is the reason this has to be in path.h for 4.14.y and 4.15.y?
I was (rightly) worried about unexpected build changes. If you'd rather stick to upstream, we can do it. It'll just need at least one fix so far:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
Do you want me to just send those two?
-Kees
On Fri, Feb 23, 2018 at 09:27:13AM -0800, Kees Cook wrote:
On Thu, Feb 22, 2018 at 11:08 PM, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
On Thu, Feb 22, 2018 at 03:34:29PM -0800, Kees Cook wrote:
commit 28128c61e08eaeced9cc8ec0e6b5d677b5b94690 upstream.
The header files for some structures could get included in such a way that struct attributes (specifically __randomize_layout from path.h) would be parsed as variable names instead of attributes. This could lead to some instances of a structure being unrandomized, causing nasty GPFs, etc.
This patch makes sure the compiler_types.h header is included in path.h.
Reported-by: Patrick McLean chutzpah@gentoo.org Root-caused-by: Maciej S. Szmigiero mail@maciej.szmigiero.name Suggested-by: Linus Torvalds torvalds@linux-foundation.org Tested-by: Maciej S. Szmigiero mail@maciej.szmigiero.name Fixes: 3859a271a003 ("randstruct: Mark various structs for randomization") Signed-off-by: Kees Cook keescook@chromium.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org [kees: Adjusted to just path.h for -stable, as this is a smaller change] Signed-off-by: Kees Cook keescook@chromium.org
This is a much more narrow fix for the issue. I adjusted the commit subject and body, but still reference the "full" upstream commit. Is this the best way to handle this?
What's wrong with just taking the original upstream commit here? It's only 2 lines, in kconfig.h instead of path.h. What is the reason this has to be in path.h for 4.14.y and 4.15.y?
I was (rightly) worried about unexpected build changes. If you'd rather stick to upstream, we can do it. It'll just need at least one fix so far:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
Do you want me to just send those two?
I can just take the git commits as-is, right? If not, a backport is always welcome :)
thanks,
greg k-h
On Fri, Feb 23, 2018 at 11:37 AM, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
I can just take the git commits as-is, right? If not, a backport is always welcome :)
As it turns out, yes, the renaming of compiler_types.h was backported too.
In this case, please queue for 4.14 and 4.15, these patches:
28128c61e08eaeced9cc8ec0e6b5d677b5b94690 0f9da844d87796ac31b04e81ee95e155e9043132
Thanks!
-Kees
On Fri, Feb 23, 2018 at 12:27:52PM -0800, Kees Cook wrote:
On Fri, Feb 23, 2018 at 11:37 AM, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
I can just take the git commits as-is, right? If not, a backport is always welcome :)
As it turns out, yes, the renaming of compiler_types.h was backported too.
In this case, please queue for 4.14 and 4.15, these patches:
28128c61e08eaeced9cc8ec0e6b5d677b5b94690 0f9da844d87796ac31b04e81ee95e155e9043132
Now applied, thanks.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg Kroah-Hartman -
Kees Cook