cred: crextend(): Harden, simplify
ClosedPublic
Actions

Authored by olce on Oct 4 2024, 8:07 AM.

Details

Reviewers

mhorne
mjg
emaste

Commits

rGa10de3d1167a: cred: crextend(): Harden, simplify
rG847dff4bc6e0: cred: crextend(): Harden, simplify
rGea26c0e79752: cred: crextend(): Harden, simplify

Summary

Harden by adding more assertions, and a plain panic in case of an
unrepresentable size for the groups array (this can never happen after
the change of the 'kern.ngroups' computation to impose some not too high
maximum value a few commits ago). Fix an impact in kern_setgroups().

Simplify by removing the iterative process whose purpose is actually to
determine the closest power of two that is greater than the wanted
number of bytes. Using the proper target quantity (number of bytes)
incidentally helps with eliminating divisions (and the reliance on
sizeof(gid_t) being a power of two).

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

olce created this revision.Oct 4 2024, 8:07 AM

Herald added a subscriber: imp. · View Herald TranscriptOct 4 2024, 8:07 AM

olce requested review of this revision.Oct 4 2024, 8:07 AM

Harbormaster completed remote builds in B59726: Diff 144213.Oct 4 2024, 8:07 AM

olce added a subscriber: bapt.Oct 4 2024, 8:17 AM

olce added a parent revision: D46914: crsetgroups(): Improve and factor out groups normalization.Oct 4 2024, 8:30 AM

olce added a child revision: D46916: cred: 'struct ucred': Move 'cr_ngroups' out of the bcopied area.

mhorne accepted this revision.Tue, Oct 29, 3:01 PM

mhorne added inline comments.

sys/kern/kern_prot.c
2368	formally it should be `size_t`.

This revision is now accepted and ready to land.Tue, Oct 29, 3:01 PM

olce marked an inline comment as done.Wed, Oct 30, 10:49 AM

olce added inline comments.

sys/kern/kern_prot.c
2368	Oh, you're right. The `int` comes from an initial version where the variable still held a number of groups as the original code, and I forgot to change the type when I switched to a number of bytes. Which makes me notice that an overflow check is missing (as in the original code), I'll add one after the `nbytes` computation, coupled with another change in D46913.

Switch nbytes to size_t, check for overflow with a plain panic (following D46913 latest change).

This revision now requires review to proceed.Wed, Oct 30, 5:56 PM

Harbormaster completed remote builds in B60264: Diff 145680.Wed, Oct 30, 5:57 PM

Amend the comment in crcopy(), and add one in sys/cred.h to request to move the cr_ngroups field out of the copied area the next time a change of struct ucred's ABI is necessary.

Harbormaster completed remote builds in B60265: Diff 145681.Wed, Oct 30, 6:10 PM

olce mentioned this in D46916: cred: 'struct ucred': Move 'cr_ngroups' out of the bcopied area.Wed, Oct 30, 6:11 PM

This revision was not accepted when it landed; it landed in state Needs Review.Sat, Nov 2, 8:40 PM

Closed by commit rGea26c0e79752: cred: crextend(): Harden, simplify (authored by olce). · Explain Why

This revision was automatically updated to reflect the committed changes.

olce added a commit: rGea26c0e79752: cred: crextend(): Harden, simplify.

olce added a commit: rG847dff4bc6e0: cred: crextend(): Harden, simplify.Fri, Nov 15, 10:49 AM

olce added a commit: rGa10de3d1167a: cred: crextend(): Harden, simplify.Fri, Nov 15, 1:02 PM