1 From 6ebf707e10dee4d186e46e414fe6d923e60e1aae Mon Sep 17 00:00:00 2001
2 From: Sasha Levin <sashal@kernel.org>
3 Date: Sat, 25 Nov 2023 15:33:58 -0600
4 Subject: neighbour: Fix __randomize_layout crash in struct neighbour
6 From: Gustavo A. R. Silva <gustavoars@kernel.org>
8 [ Upstream commit 45b3fae4675dc1d4ee2d7aefa19d85ee4f891377 ]
10 Previously, one-element and zero-length arrays were treated as true
11 flexible arrays, even though they are actually "fake" flex arrays.
12 The __randomize_layout would leave them untouched at the end of the
13 struct, similarly to proper C99 flex-array members.
15 However, this approach changed with commit 1ee60356c2dc ("gcc-plugins:
16 randstruct: Only warn about true flexible arrays"). Now, only C99
17 flexible-array members will remain untouched at the end of the struct,
18 while one-element and zero-length arrays will be subject to randomization.
20 Fix a `__randomize_layout` crash in `struct neighbour` by transforming
21 zero-length array `primary_key` into a proper C99 flexible-array member.
23 Fixes: 1ee60356c2dc ("gcc-plugins: randstruct: Only warn about true flexible arrays")
24 Closes: https://lore.kernel.org/linux-hardening/20231124102458.GB1503258@e124191.cambridge.arm.com/
25 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
26 Reviewed-by: Kees Cook <keescook@chromium.org>
27 Tested-by: Joey Gouly <joey.gouly@arm.com>
28 Link: https://lore.kernel.org/r/ZWJoRsJGnCPdJ3+2@work
29 Signed-off-by: Paolo Abeni <pabeni@redhat.com>
30 Signed-off-by: Sasha Levin <sashal@kernel.org>
32 include/net/neighbour.h | 2 +-
33 1 file changed, 1 insertion(+), 1 deletion(-)
35 diff --git a/include/net/neighbour.h b/include/net/neighbour.h
36 index 07022bb0d44d4..0d28172193fa6 100644
37 --- a/include/net/neighbour.h
38 +++ b/include/net/neighbour.h
39 @@ -162,7 +162,7 @@ struct neighbour {
41 struct net_device *dev;
42 netdevice_tracker dev_tracker;
projects / packages / kernel.git / blob