While reviewing one of the patches sent to the linux-hardening list this afternoon, I spotted a bug I introduced in the same code two years ago (on March 5 2024, to be precise).
Over nearly a decade contributing to the Linux kernel, I’ve discovered and fixed many years-old bugs, and it’s always a special feeling. This time is no different. Here to fix what I break! 🙌🏼
“struct nx842_crypto_header is declared with the __packed attribute,
however the fields grouped with struct_group_tagged() were not packed.
This caused the grouped header portion of the structure to lose the
packed layout guarantees of the containing structure.
Fix this by replacing struct_group_tagged() with __struct_group(…,
…, __packed, …) so the grouped fields are packed, and the original
layout is preserved, restoring the intended packed layout of the
structure.
Before changes:
struct nx842_crypto_header {
union {
struct {
__be16 magic; /* 0 2 */
__be16 ignore; /* 2 2 */
u8 groups; /* 4 1 */
}; /* 0 6 */
struct nx842_crypto_header_hdr hdr; /* 0 6 */
}; /* 0 6 */
struct nx842_crypto_header_group group[]; /* 6 0 */
/* size: 6, cachelines: 1, members: 2 */
/* last cacheline: 6 bytes */
} __attribute__((__packed__));
After changes:
struct nx842_crypto_header {
union {
struct {
__be16 magic; /* 0 2 */
__be16 ignore; /* 2 2 */
u8 groups; /* 4 1 */
} __attribute__((__packed__)); /* 0 5 */
struct nx842_crypto_header_hdr hdr; /* 0 5 */
}; /* 0 5 */
struct nx842_crypto_header_group group[]; /* 5 0 */
/* size: 5, cachelines: 1, members: 2 */
/* last cacheline: 5 bytes */
} __attribute__((__packed__));
"This should be applied to multiple stable trees, soon.
