Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 22 May 2017 14:38:03 +1000
From: Andrew Donnellan <>
To: Daniel Axtens <>,,
Cc: Daniel Micay <>, Kees Cook <>
Subject: Re: [PATCH 2/2] powerpc: Make feature-fixup tests fortify-safe

On 22/05/17 11:32, Daniel Axtens wrote:
> Testing the fortified string functions[1] would cause a kernel
> panic on boot in test_feature_fixups() due to a buffer overflow
> in memcmp.
> This boils down to things like this:
>   extern unsigned int ftr_fixup_test1;
>   extern unsigned int ftr_fixup_test1_orig;
>   check(memcmp(&ftr_fixup_test1, &ftr_fixup_test1_orig, size) == 0);
> We know that these are asm labels so it is safe to read up to
> 'size' bytes at those addresses.
> However, because we have passed the address of a single unsigned
> int to memcmp, the compiler believes the underlying object is in
> fact a single unsigned int. So if size > sizeof(unsigned int),
> there will be a panic at runtime.
> We can fix this by changing the types: instead of calling the asm
> labels unsigned ints, call them unsigned int[]s. Therefore the
> size isn't incorrectly determined at compile time and we get a
> regular unsafe memcmp and no panic.
> [1]
> Suggested-by: Michael Ellerman <>
> Cc: Kees Cook <>
> Cc: Daniel Micay <>
> Signed-off-by: Daniel Axtens <>

With this patch on top of Kees' fortify branch, my Tuleta boots 
powernv_defconfig baremetal with no obvious regressions.

Tested-by: Andrew Donnellan <>

Patch looks sane enough too.

Reviewed-by: Andrew Donnellan <>

Andrew Donnellan              OzLabs, ADL Canberra  IBM Australia Limited

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.