Discussion:
[PATCH] kexec_file: Adjust type of kexec_purgatory
Kees Cook
2017-05-09 23:06:39 UTC
Permalink
Defining kexec_purgatory as a zero-length char array upsets compile
time size checking. Since this is entirely runtime sized, switch
this to void *. This silences the warning generated by the future
CONFIG_FORTIFY_SOURCE, which did not like the memcmp() of a "0 byte"
array.

Cc: Daniel Micay <***@gmail.com>
Signed-off-by: Kees Cook <***@chromium.org>
---
kernel/kexec_file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index b118735fea9d..bc86f85f1329 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -30,7 +30,7 @@
* Declare these symbols weak so that if architecture provides a purgatory,
* these will be overridden.
*/
-char __weak kexec_purgatory[0];
+void * __weak kexec_purgatory;
size_t __weak kexec_purgatory_size = 0;

static int kexec_calculate_store_digests(struct kimage *image);
--
2.7.4
--
Kees Cook
Pixel Security
Daniel Micay
2017-05-09 23:13:45 UTC
Permalink
Post by Kees Cook
Defining kexec_purgatory as a zero-length char array upsets compile
time size checking. Since this is entirely runtime sized, switch
this to void *. This silences the warning generated by the future
CONFIG_FORTIFY_SOURCE, which did not like the memcmp() of a "0 byte"
array.
---
kernel/kexec_file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index b118735fea9d..bc86f85f1329 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -30,7 +30,7 @@
* Declare these symbols weak so that if architecture provides a purgatory,
* these will be overridden.
*/
-char __weak kexec_purgatory[0];
+void * __weak kexec_purgatory;
size_t __weak kexec_purgatory_size = 0;
static int kexec_calculate_store_digests(struct kimage *image);
--
2.7.4
It seems more correct to use char `char __weak kexec_purgatory[]`,
otherwise isn't __builtin_object_size ending up as 8, which is still
wrong?
Kees Cook
2017-05-09 23:22:01 UTC
Permalink
Post by Daniel Micay
Post by Kees Cook
Defining kexec_purgatory as a zero-length char array upsets compile
time size checking. Since this is entirely runtime sized, switch
this to void *. This silences the warning generated by the future
CONFIG_FORTIFY_SOURCE, which did not like the memcmp() of a "0 byte"
array.
---
kernel/kexec_file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index b118735fea9d..bc86f85f1329 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -30,7 +30,7 @@
* Declare these symbols weak so that if architecture provides a purgatory,
* these will be overridden.
*/
-char __weak kexec_purgatory[0];
+void * __weak kexec_purgatory;
size_t __weak kexec_purgatory_size = 0;
static int kexec_calculate_store_digests(struct kimage *image);
--
2.7.4
It seems more correct to use char `char __weak kexec_purgatory[]`,
otherwise isn't __builtin_object_size ending up as 8, which is still
wrong?
I tried [], that was my instinct, too, but since this is a __weak and
not an extern, that doesn't work:

kernel/kexec_file.c:33:13: warning: array ‘kexec_purgatory’ assumed to
have one element
char __weak kexec_purgatory[];
^~~~~~~~~~~~~~~

-Kees
--
Kees Cook
Pixel Security
Eric W. Biederman
2017-05-10 00:15:43 UTC
Permalink
Post by Kees Cook
Post by Daniel Micay
Post by Kees Cook
Defining kexec_purgatory as a zero-length char array upsets compile
time size checking. Since this is entirely runtime sized, switch
this to void *. This silences the warning generated by the future
CONFIG_FORTIFY_SOURCE, which did not like the memcmp() of a "0 byte"
array.
---
kernel/kexec_file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index b118735fea9d..bc86f85f1329 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -30,7 +30,7 @@
* Declare these symbols weak so that if architecture provides a purgatory,
* these will be overridden.
*/
-char __weak kexec_purgatory[0];
+void * __weak kexec_purgatory;
size_t __weak kexec_purgatory_size = 0;
static int kexec_calculate_store_digests(struct kimage *image);
--
2.7.4
It seems more correct to use char `char __weak kexec_purgatory[]`,
otherwise isn't __builtin_object_size ending up as 8, which is still
wrong?
I tried [], that was my instinct, too, but since this is a __weak and
kernel/kexec_file.c:33:13: warning: array ‘kexec_purgatory’ assumed to
have one element
char __weak kexec_purgatory[];
^~~~~~~~~~~~~~~
Nor does "void *kexec_purgatory" as that says at the address known as
kexec_purgatory is a void pointer not a blob a bytes that can be used
for something interesting.

Better to get rid of the __weak and deal with that fallout.

Eric
Kees Cook
2017-05-10 19:54:00 UTC
Permalink
Post by Eric W. Biederman
Post by Kees Cook
kernel/kexec_file.c:33:13: warning: array ‘kexec_purgatory’ assumed to
have one element
char __weak kexec_purgatory[];
^~~~~~~~~~~~~~~
Nor does "void *kexec_purgatory" as that says at the address known as
kexec_purgatory is a void pointer not a blob a bytes that can be used
for something interesting.
Better to get rid of the __weak and deal with that fallout.
Agreed. This is actually pretty easy, since only x86 and PPC use
kexec_file, and both define purgatories. I'll send an updated patch.

Thanks!

-Kees
--
Kees Cook
Pixel Security
Loading...