To work around a misbehavior of the compiler's ability to see into
composite flexible array structs (as detailed in the coming memcpy()
hardening series[1]), split the memcpy() of the header and the payload
so no false positive run-time overflow warning will be generated.
[1] https://lore.kernel.org/linux-hardening/[email protected]
Cc: Ido Schimmel <[email protected]>
Cc: Petr Machata <[email protected]>
Cc: "David S. Miller" <[email protected]>
Cc: Eric Dumazet <[email protected]>
Cc: Jakub Kicinski <[email protected]>
Cc: Paolo Abeni <[email protected]>
Cc: [email protected]
Signed-off-by: Kees Cook <[email protected]>
---
drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
index 636db9a87457..9dfe7148199f 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
@@ -737,8 +737,9 @@ mlxsw_afa_cookie_create(struct mlxsw_afa *mlxsw_afa,
if (!cookie)
return ERR_PTR(-ENOMEM);
refcount_set(&cookie->ref_count, 1);
- memcpy(&cookie->fa_cookie, fa_cookie,
- sizeof(*fa_cookie) + fa_cookie->cookie_len);
+ cookie->fa_cookie = *fa_cookie;
+ memcpy(cookie->fa_cookie.cookie, fa_cookie->cookie,
+ fa_cookie->cookie_len);
err = rhashtable_insert_fast(&mlxsw_afa->cookie_ht, &cookie->ht_node,
mlxsw_afa_cookie_ht_params);
--
2.34.1
On Mon, Sep 26, 2022 at 05:40:33PM -0700, Kees Cook wrote:
> To work around a misbehavior of the compiler's ability to see into
> composite flexible array structs (as detailed in the coming memcpy()
> hardening series[1]), split the memcpy() of the header and the payload
> so no false positive run-time overflow warning will be generated.
>
> [1] https://lore.kernel.org/linux-hardening/[email protected]
>
> Cc: Ido Schimmel <[email protected]>
> Cc: Petr Machata <[email protected]>
> Cc: "David S. Miller" <[email protected]>
> Cc: Eric Dumazet <[email protected]>
> Cc: Jakub Kicinski <[email protected]>
> Cc: Paolo Abeni <[email protected]>
> Cc: [email protected]
> Signed-off-by: Kees Cook <[email protected]>
Reviewed-by: Gustavo A. R. Silva <[email protected]>
Thanks!
--
Gustavo
> ---
> drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
> index 636db9a87457..9dfe7148199f 100644
> --- a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
> +++ b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
> @@ -737,8 +737,9 @@ mlxsw_afa_cookie_create(struct mlxsw_afa *mlxsw_afa,
> if (!cookie)
> return ERR_PTR(-ENOMEM);
> refcount_set(&cookie->ref_count, 1);
> - memcpy(&cookie->fa_cookie, fa_cookie,
> - sizeof(*fa_cookie) + fa_cookie->cookie_len);
> + cookie->fa_cookie = *fa_cookie;
> + memcpy(cookie->fa_cookie.cookie, fa_cookie->cookie,
> + fa_cookie->cookie_len);
>
> err = rhashtable_insert_fast(&mlxsw_afa->cookie_ht, &cookie->ht_node,
> mlxsw_afa_cookie_ht_params);
> --
> 2.34.1
>
Kees Cook <[email protected]> writes:
> To work around a misbehavior of the compiler's ability to see into
> composite flexible array structs (as detailed in the coming memcpy()
> hardening series[1]), split the memcpy() of the header and the payload
> so no false positive run-time overflow warning will be generated.
>
> [1] https://lore.kernel.org/linux-hardening/[email protected]
>
> Cc: Ido Schimmel <[email protected]>
> Cc: Petr Machata <[email protected]>
> Cc: "David S. Miller" <[email protected]>
> Cc: Eric Dumazet <[email protected]>
> Cc: Jakub Kicinski <[email protected]>
> Cc: Paolo Abeni <[email protected]>
> Cc: [email protected]
> Signed-off-by: Kees Cook <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Hello:
This patch was applied to netdev/net-next.git (master)
by Jakub Kicinski <[email protected]>:
On Mon, 26 Sep 2022 17:40:33 -0700 you wrote:
> To work around a misbehavior of the compiler's ability to see into
> composite flexible array structs (as detailed in the coming memcpy()
> hardening series[1]), split the memcpy() of the header and the payload
> so no false positive run-time overflow warning will be generated.
>
> [1] https://lore.kernel.org/linux-hardening/[email protected]
>
> [...]
Here is the summary with links:
- mlxsw: core_acl_flex_actions: Split memcpy() of struct flow_action_cookie flexible array
https://git.kernel.org/netdev/net-next/c/d89318bbdf2b
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html