Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1301331ybi; Tue, 16 Jul 2019 12:46:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqw0oIXdFO+OKifeGf9b55kfIJxNyXdipgV0zjB8pi8z1nkBEtP7lTH0p3Xe0I/zf0M16EU0 X-Received: by 2002:a17:902:900a:: with SMTP id a10mr38475449plp.281.1563306379236; Tue, 16 Jul 2019 12:46:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563306379; cv=none; d=google.com; s=arc-20160816; b=CdFZwjNQXIgQJl3mM2lOKjbJ1rn0aGQrD+QVcJi3T7S5ZRIJZto3x8CkRC2QwsOnuk 7RNcWbV40p4NAbdplLSTkHcuVwgrEzawJPngYYXqfv8fkCBSzCwmOKvCnau+UFLxCSFs mmnXtKKXPUexrX4E/lOCYHeK5k3bBYtbnbfSNMNs9So4R1X16vbjrKt2LOaWhseKPPK4 RIFS4L48EhcauWLvMG0k1vE+cxNwoN661X4PfOhgObNJLk+mwjl1o+NTzQXRWt0B55LW B+lnQIJVeDEaAvBdO7N1C5geeHJvwX53BDyX7WBAzSfkn6x8TTrC/cYXUqnWTwMCvRGL eJbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=3AgUbM0e5/92Cpo+sVKZd+RAcuqfF3u7zDN3lIzhJzQ=; b=QHB92TNh6npriRefUcRc5Zhsm5XuE6ugtBdKWwpkWvWWu1haAQXbC92ONUed7Hks88 pG+0wsVtTDa8/sGYqrSOJOos2tkjkkDMr4WbQBqZr/xeynwBi70gZeXthMVaSSRvmwtU 1wYnOotXi3H0Xt8y3m3lVWx3E25wBWiCS+AomZ+pznyV+e/7/C/LhgvOqJTJDqVVqTz2 QJswGJfoDEhdfKjiMIlNMkK1ZjVT4Awi4Vw5HBWRbXM4eJnWHX85bYwcPzsMuoqYOi8H FySe0RdkKnwCgeNSMB+XTheyt6HhgDFRTdbdXBpE/WfEhbkqfvzp+a8NsXX1r2TLBleO fjdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Dbvb6XCq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id cb5si19406590plb.172.2019.07.16.12.46.01; Tue, 16 Jul 2019 12:46:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Dbvb6XCq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728893AbfGPTpi (ORCPT + 99 others); Tue, 16 Jul 2019 15:45:38 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:46715 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726214AbfGPTph (ORCPT ); Tue, 16 Jul 2019 15:45:37 -0400 Received: by mail-pf1-f196.google.com with SMTP id c73so9594229pfb.13 for ; Tue, 16 Jul 2019 12:45:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3AgUbM0e5/92Cpo+sVKZd+RAcuqfF3u7zDN3lIzhJzQ=; b=Dbvb6XCqTipqnHRs6g4Di/rpUpD0ZwaKrdunT90pIH/J/v/8eHGkSWCWBIVL9M8pUH 1HNlccZCrpxwvgw2uwBMO8yuz8B8ZKg4n1tKHnthtWL/OUmZ/t54+mhbn2I/UPjb/u2o ajj/c72so+iOxoDOVMq97sa/RldaeLd5MFpezcmglVVXI0g8G5KbuDB48TQItpfdvQRa d5JOB1mqnpUigRMITdFSWKLudZL0AJJEbLjrVsnfWfnlshTraD4BNQN61G95MeO3mGz3 +gHAfTxJyAZ9UW4v/pdPO9OzYftmqIRpjJH3Y2v1AF/pfVdiO1JPjLwPLZxBuj9AVAQ5 uQRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3AgUbM0e5/92Cpo+sVKZd+RAcuqfF3u7zDN3lIzhJzQ=; b=fd7jyL4c1vKJYXhviUL6Spwe22DSQUIKbYM04HmdhKzGR1y29yx3hsbgKslxpj/5d5 9XWgVzVVLChzsapYV8JUZgP5MtX9iOydOdGgw+WFn0OxRj/RHLuAn1itkRx6Y8OcBJMw l6/H1+Wkscmnbi2SFmGnO+wvqaY5kocCFGsFFn5cR8qTtS2BeCZcjae0QfjZI1K84Wi+ VXK0hTboqLzzqegpZiZHkKPJcO5SPHPhy3NVq7tGmbMSG9y4uV1PBmfU7CQmz0FJpG3n coKGIzZ96uht7fr8Usi6x3qe1JO1ARMpq2uczmrS4rSsPnhnpPnEHvqUJzzOTWJBIcN0 wKXg== X-Gm-Message-State: APjAAAVgrECy7QwnauJkz7F7H5Lu11CVB6vvb7QLeqlQ8SSmSIWDhAwH 1IXaSdz4NYOhrqiiivNsFi6tcRsnr37cVN8DSr7YKQ== X-Received: by 2002:a17:90a:bf02:: with SMTP id c2mr39169049pjs.73.1563306336472; Tue, 16 Jul 2019 12:45:36 -0700 (PDT) MIME-Version: 1.0 References: <20190716145716.6b081bdc@gandalf.local.home> In-Reply-To: <20190716145716.6b081bdc@gandalf.local.home> From: Nick Desaulniers Date: Tue, 16 Jul 2019 12:45:25 -0700 Message-ID: Subject: Re: BUG: KASAN: global-out-of-bounds in ata_exec_internal_sg+0x50f/0xc70 To: Steven Rostedt Cc: Jeffrin Thalakkottoor , Andy Shevchenko , Alexander Shishkin , tobin@kernel.org, lkml , Kees Cook , Dmitry Vyukov , Alexander Potapenko Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 16, 2019 at 11:57 AM Steven Rostedt wrote: > > On Tue, 16 Jul 2019 11:28:29 -0700 > Nick Desaulniers wrote: > > > The cited code looks like a check comparing that the pointer distance > > is greater than the size of bytes being passed in. I'd wager > > someone's calling memmove with overlapping memory regions when they > > really wanted memcpy. Maybe a better question, is why was memmove > > ever used; if there was some invariant that the memory regions > > overlapped, why is that invariant no longer holding. > > I'm confused by the above statement as memmove() allows overlapping of > src and dest, where as memcpy() does not. Yes you're right; I confused the two. From the snippet in the original email, it looks like the body of a fortified memcpy was provided, and a memmove declaration was below it. So replace my assumption of a bad call to memmove with a bad call to memcpy (which should then make more sense, hopefully). -- Thanks, ~Nick Desaulniers