mptcp: Use struct_group() to avoid cross-field memset()

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.

Use struct_group() to capture the fields to be reset, so that memset()
can be appropriately bounds-checked by the compiler.

Cc: Matthieu Baerts <matthieu.baerts@tessares.net>
Cc: mptcp@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Link: https://lore.kernel.org/r/20220121073935.1154263-1-keescook@chromium.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index 0e6b42c..85317ce 100644 (file)
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -408,7 +408,7 @@ DECLARE_PER_CPU(struct mptcp_delegated_action, mptcp_delegated_actions);
 struct mptcp_subflow_context {
        struct  list_head node;/* conn_list of subflows */
 
-       char    reset_start[0];
+       struct_group(reset,
 
        unsigned long avg_pacing_rate; /* protected by msk socket lock */
        u64     local_key;
@@ -458,7 +458,7 @@ struct mptcp_subflow_context {
 
        long    delegated_status;
 
-       char    reset_end[0];
+       );
 
        struct  list_head delegated_node;   /* link into delegated_action, protected by local BH */
 
@@ -494,7 +494,7 @@ mptcp_subflow_tcp_sock(const struct mptcp_subflow_context *subflow)
 static inline void
 mptcp_subflow_ctx_reset(struct mptcp_subflow_context *subflow)
 {
-       memset(subflow->reset_start, 0, subflow->reset_end - subflow->reset_start);
+       memset(&subflow->reset, 0, sizeof(subflow->reset));
        subflow->request_mptcp = 1;
 }