From: Alejandro Colomar <alx@kernel.org>
To: David Howells <dhowells@redhat.com>,
Eric Biederman <ebiederm@xmission.com>,
Kees Cook <keescook@chromium.org>,
linux-mm@kvack.org, Rolf Eike Beer <eb@emlix.com>
Cc: Arnd Bergmann <arnd@arndb.de>,
Thomas Gleixner <tglx@linutronix.de>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Dave Jones <davej@redhat.com>
Subject: 'struct dynamic': struct tag leak in UAPI headers
Date: Tue, 29 Aug 2023 14:08:45 +0200 [thread overview]
Message-ID: <926f8e5c-40bd-dae0-2492-f6e6dbd6c96e@kernel.org> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 2838 bytes --]
Hi!
I was reading elf(7), and while checking the actual type definitions
on my system, I found out a kernel struct tag that probably shouldn't
be there.
Here's the definition of 'Elf64_Dyn' in my <linux/elf.h>.
$ grepc Elf64_Dyn /usr/include/linux/elf.h
/usr/include/linux/elf.h:151:
typedef struct {
Elf64_Sxword d_tag; /* entry tag value */
union {
Elf64_Xword d_val;
Elf64_Addr d_ptr;
} d_un;
} Elf64_Dyn;
And here's the one for 'Elf32_Dyn'. Notice that here there's a
struct tag. I expect that such a tag would be prefixed by ElfN_,
but it isn't.
$ grepc Elf32_Dyn /usr/include/linux/elf.h
/usr/include/linux/elf.h:143:
typedef struct dynamic {
Elf32_Sword d_tag;
union {
Elf32_Sword d_val;
Elf32_Addr d_ptr;
} d_un;
} Elf32_Dyn;
It seems we should blame an automated script :)
$ git blame -- ./include/uapi/linux/elf.h | grep 'struct dynamic';
23a7aea5faf65 (Rolf Eike Beer 2022-10-04 12:25:40 +0200 143) typedef struct dynamic {
$ git blame 23a7aea5faf65^ -- ./include/uapi/linux/elf.h | grep 'struct dynamic';
607ca46e97a1b (David Howells 2012-10-13 10:46:48 +0100 143) typedef struct dynamic{
$ git log -1 607ca46e97a1b
commit 607ca46e97a1b6594b29647d98a32d545c24bdff
Author: David Howells <dhowells@redhat.com>
Date: Sat Oct 13 10:46:48 2012 +0100
UAPI: (Scripted) Disintegrate include/linux
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Michael Kerrisk <mtk.manpages@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Dave Jones <davej@redhat.com>
$ git show 607ca46e97a1b \
| grep -e ^diff -e 'struct dynamic' \
| grep -B1 'struct dynamic';
diff --git a/include/linux/elf.h b/include/linux/elf.h
-typedef struct dynamic{
--
diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
+typedef struct dynamic{
struct dynamic is such a generic name that I don't think it's right to
expose it in UAPI headers, as anyone might reuse that tag for their
own purposes. Should I prepare a patch?
Cheers,
Alex
P.S.: Rolf, I added you because you changed the space in the struct
definition to make it easily greppable. You may be interested in
using grepc(1), a shell script that does multiline greps of C
definitions (see this email for an example of how it works). It's
the natural evolution of hand-made greps of C definitions, based
on pcre2grep(1). It's imperfect, as any REGEX-based tool for this
probably is, but it's quite useful already. :)
<http://www.alejandro-colomar.es/src/alx/alx/grepc.git/>
--
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2023-08-29 12:08 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-29 12:08 Alejandro Colomar [this message]
2023-08-29 12:24 ` Matthew Wilcox
2023-08-29 13:27 ` Alejandro Colomar
2023-08-29 14:17 ` Matthew Wilcox
2023-08-29 14:20 ` Alejandro Colomar
2023-08-29 16:48 ` Eric W. Biederman
2023-08-29 17:46 ` Alejandro Colomar
[not found] ` <20230829185121.326228-1-alx@kernel.org>
[not found] ` <6bd4800d-5e99-48a0-a407-2213112f4fb2@kernel.org>
[not found] ` <202309220940.B2730B3B@keescook>
2023-09-22 16:44 ` Ping: [PATCH v1] elf, uapi: Remove struct tag 'dynamic' Kees Cook
2023-09-22 17:01 ` Alejandro Colomar
2023-09-22 17:03 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=926f8e5c-40bd-dae0-2492-f6e6dbd6c96e@kernel.org \
--to=alx@kernel.org \
--cc=arnd@arndb.de \
--cc=davej@redhat.com \
--cc=dhowells@redhat.com \
--cc=eb@emlix.com \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=linux-mm@kvack.org \
--cc=paulmck@linux.vnet.ibm.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox