Re: [PATCH 47/64] btrfs: Use memset_after() to clear end of struct

28 Jul 2021

On Wed, Jul 28, 2021 at 11:42:15AM +0200, David Sterba wrote:
...
On Tue, Jul 27, 2021 at 01:58:38PM -0700, Kees Cook wrote:
...
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memset(), avoid intentionally writing across
neighboring fields.
Use memset_after() so memset() doesn't get confused about writing
beyond the destination member that is intended to be the starting point
of zeroing through the end of the struct.
Signed-off-by: Kees Cook keescook@chromium.org
fs/btrfs/root-tree.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c
index 702dc5441f03..ec9e78f65fca 100644
--- a/fs/btrfs/root-tree.c
+++ b/fs/btrfs/root-tree.c
@@ -39,10 +39,7 @@ static void btrfs_read_root_item(struct extent_buffer *eb, int slot,
   	need_reset = 1;
   }
   if (need_reset) {

memset(&item->generation_v2, 0,


	sizeof(*item) - offsetof(struct btrfs_root_item,


			generation_v2));




Please add
   	/* Clear all members from generation_v2 onwards */
...

memset_after(item, 0, level);



Perhaps there should be another helper memset_starting()? That would
make these cases a bit more self-documenting.
+		memset_starting(item, 0, generation_v2);
...
...
generate_random_guid(item->uuid);

Acked-by: David Sterba dsterba@suse.com
What do you think?
-Kees
-- 
Kees Cook

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Re: [PATCH 47/64] btrfs: Use memset_after() to clear end of struct

Signed-off-by: Kees Cook keescook@chromium.org