Re: [PATCH] ipc: Fail build if IPC structures change layout

2017-05-22 Thread Andrew Morton 
On Fri, 19 May 2017 16:44:00 -0700 Kees Cook  wrote:

> Since struct layout can be seen at build-time, turn runtime report
> into a build failure so it can be fixed more quickly.

I've just dropped the patch which this fixes, due to runtime issues. 
Manfred, please include this in the resend?

Re: [PATCH] ipc: Fail build if IPC structures change layout

2017-05-22 Thread Andrew Morton 
On Fri, 19 May 2017 16:44:00 -0700 Kees Cook  wrote:

> Since struct layout can be seen at build-time, turn runtime report
> into a build failure so it can be fixed more quickly.

I've just dropped the patch which this fixes, due to runtime issues. 
Manfred, please include this in the resend?

[PATCH] ipc: Fail build if IPC structures change layout

2017-05-19 Thread Kees Cook 
Since struct layout can be seen at build-time, turn runtime report
into a build failure so it can be fixed more quickly.

Cc: Manfred Spraul 
Signed-off-by: Kees Cook 
---
Should be applied on top of the -mm tree's IPC changes
---
 ipc/msg.c | 5 +
 ipc/sem.c | 5 +
 ipc/shm.c | 5 +
 3 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/ipc/msg.c b/ipc/msg.c
index e9785c4d2e0d..0ed7dae7d4e8 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -118,10 +118,7 @@ static int newque(struct ipc_namespace *ns, struct 
ipc_params *params)
key_t key = params->key;
int msgflg = params->flg;
 
-   if (offsetof(struct msg_queue, q_perm) != 0) {
-   pr_err("Invalid struct sem_perm, failing msgget().\n");
-   return -ENOMEM;
-   }
+   BUILD_BUG_ON(offsetof(struct msg_queue, q_perm) != 0);
 
msq = container_of(ipc_rcu_alloc(sizeof(*msq)), struct msg_queue,
q_perm);
diff --git a/ipc/sem.c b/ipc/sem.c
index 18241c16d07c..2109fad750b5 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -469,10 +469,7 @@ static int newary(struct ipc_namespace *ns, struct 
ipc_params *params)
if (ns->used_sems + nsems > ns->sc_semmns)
return -ENOSPC;
 
-   if (offsetof(struct sem_array, sem_perm) != 0) {
-   pr_err("Invalid struct sem_perm, failing semget().\n");
-   return -ENOMEM;
-   }
+   BUILD_BUG_ON(offsetof(struct sem_array, sem_perm) != 0);
 
size = sizeof(*sma) + nsems * sizeof(sma->sems[0]);
sma = container_of(ipc_rcu_alloc(size), struct sem_array, sem_perm);
diff --git a/ipc/shm.c b/ipc/shm.c
index cec6df186050..2eb85bd5b855 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -543,10 +543,7 @@ static int newseg(struct ipc_namespace *ns, struct 
ipc_params *params)
ns->shm_tot + numpages > ns->shm_ctlall)
return -ENOSPC;
 
-   if (offsetof(struct shmid_kernel, shm_perm) != 0) {
-   pr_err("Invalid struct sem_perm, failing msgget().\n");
-   return -ENOMEM;
-   }
+   BUILD_BUG_ON(offsetof(struct shmid_kernel, shm_perm) != 0);
 
shp = container_of(ipc_rcu_alloc(sizeof(*shp)), struct shmid_kernel,
shm_perm);
-- 
2.7.4


-- 
Kees Cook
Pixel Security

[PATCH] ipc: Fail build if IPC structures change layout

2017-05-19 Thread Kees Cook 
Since struct layout can be seen at build-time, turn runtime report
into a build failure so it can be fixed more quickly.

Cc: Manfred Spraul 
Signed-off-by: Kees Cook 
---
Should be applied on top of the -mm tree's IPC changes
---
 ipc/msg.c | 5 +
 ipc/sem.c | 5 +
 ipc/shm.c | 5 +
 3 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/ipc/msg.c b/ipc/msg.c
index e9785c4d2e0d..0ed7dae7d4e8 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -118,10 +118,7 @@ static int newque(struct ipc_namespace *ns, struct 
ipc_params *params)
key_t key = params->key;
int msgflg = params->flg;
 
-   if (offsetof(struct msg_queue, q_perm) != 0) {
-   pr_err("Invalid struct sem_perm, failing msgget().\n");
-   return -ENOMEM;
-   }
+   BUILD_BUG_ON(offsetof(struct msg_queue, q_perm) != 0);
 
msq = container_of(ipc_rcu_alloc(sizeof(*msq)), struct msg_queue,
q_perm);
diff --git a/ipc/sem.c b/ipc/sem.c
index 18241c16d07c..2109fad750b5 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -469,10 +469,7 @@ static int newary(struct ipc_namespace *ns, struct 
ipc_params *params)
if (ns->used_sems + nsems > ns->sc_semmns)
return -ENOSPC;
 
-   if (offsetof(struct sem_array, sem_perm) != 0) {
-   pr_err("Invalid struct sem_perm, failing semget().\n");
-   return -ENOMEM;
-   }
+   BUILD_BUG_ON(offsetof(struct sem_array, sem_perm) != 0);
 
size = sizeof(*sma) + nsems * sizeof(sma->sems[0]);
sma = container_of(ipc_rcu_alloc(size), struct sem_array, sem_perm);
diff --git a/ipc/shm.c b/ipc/shm.c
index cec6df186050..2eb85bd5b855 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -543,10 +543,7 @@ static int newseg(struct ipc_namespace *ns, struct 
ipc_params *params)
ns->shm_tot + numpages > ns->shm_ctlall)
return -ENOSPC;
 
-   if (offsetof(struct shmid_kernel, shm_perm) != 0) {
-   pr_err("Invalid struct sem_perm, failing msgget().\n");
-   return -ENOMEM;
-   }
+   BUILD_BUG_ON(offsetof(struct shmid_kernel, shm_perm) != 0);
 
shp = container_of(ipc_rcu_alloc(sizeof(*shp)), struct shmid_kernel,
shm_perm);
-- 
2.7.4


-- 
Kees Cook
Pixel Security