Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1499396ybl; Tue, 3 Dec 2019 08:07:19 -0800 (PST) X-Google-Smtp-Source: APXvYqydgO7RBe7ulmI9KA7sSjXj+Gsf2yY2EXGUQAV8tUsKeEapedprfKiLxDdaEioDcHIGIW7J X-Received: by 2002:a54:4f8e:: with SMTP id g14mr4049722oiy.144.1575389239343; Tue, 03 Dec 2019 08:07:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575389239; cv=none; d=google.com; s=arc-20160816; b=akOVJif/8lAsJR7QLNkwd9EPxE7B9y3Jwc7aBXAkb6oQMtXN5m2QMFyT7qjA/RFscY e+xIoJ95/zA7Vu5o3ivMe93zOo4oOQSnI/cmmTrFgISyIDCzxAifyn1rzD6hsDvw/RDi 9yVEmGh+0CR7J1V0tcIsZ6SHyu1GLJthFn33lhzYbJ5Scq9CYQReUI0FZbgRuZYwD0il 74ZUtED0F8zXVOUVjwx6c5pjWUUtVewoyO5uW/DjqGNJwKLJuRAN5ZqCnTL0jW0UyACm wi07HiyX7VtldS4ysPxXlasrlfakrblN/bYlEaiwYN3PT+HCD5QbvaSIcKLRQLsgYOjC CJEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=L/S9YEoC00wo/Of2441RPzayHTUYnY3vnFh0QpGH2VA=; b=LVVU+AB94ejXqq+CfVhtu/aUj6T3qhnCuWsum5zcO84k+bjHE2JJZoTEFBM9JvwuZ3 F+330sK9vsZjK1EpLWjSsdpxsdGdQHASfQ8mHCamNe03C6LC4B09nkghiVGSWo2ff+KX ERVJZPU7ePNiSve4FpAKxfYWG9FR4GJbj7NbfCXFCd9oFY7TyXJuDYcVzuko+xDnBNPG d+1jlYubmlBe1T+hos9XO2Yq1gXjzLrg00HCGu9R01tCGahdcdDYvh7FJf5UrJVkXj4Z 2aTXMLvyZ/BLEuCxZq61dh3RwX8r7x/jD7wQMgjhGzG5j7XxWYFmvgLX4k6dEksd+KgM Lxig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dtYCn58+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h2si1554804oif.41.2019.12.03.08.07.01; Tue, 03 Dec 2019 08:07:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dtYCn58+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727196AbfLCQDz (ORCPT + 99 others); Tue, 3 Dec 2019 11:03:55 -0500 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:37958 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726131AbfLCQDy (ORCPT ); Tue, 3 Dec 2019 11:03:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1575389033; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=L/S9YEoC00wo/Of2441RPzayHTUYnY3vnFh0QpGH2VA=; b=dtYCn58+LwA3LmDHU2X/Nmo3uMCS2e2LbJXoYhdkLUNn+8OFMD5qQYLIB2zWsN0e/ZIh7h lgP1JeOBzKVbvFqSU1GSysX6BdNR7C8m8liMl9qVtEC0/tHQ/XAjVSMfmXnlHu7M1qxctk uiyGE0dEA25RXlNtHioQDAsdQliz3Zg= Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-40-Ps-krIttNZSF5PHW70sGqA-1; Tue, 03 Dec 2019 11:03:49 -0500 Received: by mail-qt1-f199.google.com with SMTP id u9so2751676qte.5 for ; Tue, 03 Dec 2019 08:03:49 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ilQ0+r0UBu4+GolSe7bf072ArjOFjAUnGKdJuleehSk=; b=bAU1OGrCvg011hKt4x/4AE3tFmHbbBZOWo3I6wtNqn59g6tB3cdPSjbMJhIOQqoVO1 ElFFhCGgoM7UfXj2Y/5Bq98USjqpdajXUnp8JBZFS/+Yl1c9hIzkGXbuBhHOuFk3FmK6 yIzFQ9o6bXMba9zns+K4o3vjU9jwi39qszKky5oYfwbOmXdhzJtuQgTVEGF0Z0rhq/do wcq+VD6cbocIoS0D/+4NMKOKJjyCg5reO2pV1yT9W3pLKEDQKLfIqEpVGFaoK79HMb0M WZYLpjUuq3kGGS9q8y5+br8vhOK+DcBl9xJ2lEjKNN/8Tm9ysRQ/kIfB/mvc+V18vDpv whLQ== X-Gm-Message-State: APjAAAX1MDy37mxV9T+nVBPKsDxLOaW2lKwIs0+5aUOwxISOh9v0T//w A/zciuiJkA68NZHQ4/58KhhWKP6whMtoIfGQb9bLAjiGYLFEWkDNI61QlIqRIcFSVzG1la3Z24N 2L7JJpEZrTN3OGiu9pgCFtw49 X-Received: by 2002:ac8:461a:: with SMTP id p26mr5490197qtn.317.1575389028707; Tue, 03 Dec 2019 08:03:48 -0800 (PST) X-Received: by 2002:ac8:461a:: with SMTP id p26mr5490164qtn.317.1575389028362; Tue, 03 Dec 2019 08:03:48 -0800 (PST) Received: from labbott-redhat.redhat.com (pool-96-235-39-235.pitbpa.fios.verizon.net. [96.235.39.235]) by smtp.gmail.com with ESMTPSA id i19sm1930260qki.124.2019.12.03.08.03.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2019 08:03:47 -0800 (PST) From: Laura Abbott To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" Cc: Laura Abbott , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Kees Cook Subject: [PATCH] netfilter: nf_flow_table_offload: Correct memcpy size for flow_overload_mangle Date: Tue, 3 Dec 2019 11:03:45 -0500 Message-Id: <20191203160345.24743-1-labbott@redhat.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 X-MC-Unique: Ps-krIttNZSF5PHW70sGqA-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The sizes for memcpy in flow_offload_mangle don't match the source variables, leading to overflow errors on some build configurations: In function 'memcpy', inlined from 'flow_offload_mangle' at net/netfilter/nf_flow_table_offlo= ad.c:112:2, inlined from 'flow_offload_port_dnat' at net/netfilter/nf_flow_table_of= fload.c:373:2, inlined from 'nf_flow_rule_route_ipv4' at net/netfilter/nf_flow_table_o= ffload.c:424:3: ./include/linux/string.h:376:4: error: call to '__read_overflow2' declared = with attribute error: detected read beyond size of object passed as 2nd par= ameter 376 | __read_overflow2(); | ^~~~~~~~~~~~~~~~~~ make[2]: *** [scripts/Makefile.build:266: net/netfilter/nf_flow_table_offlo= ad.o] Error 1 Fix this by using the corresponding type. Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support") Signed-off-by: Laura Abbott --- Seen on a Fedora powerpc little endian build with -O3 but it looks like it is correctly catching an error with doing a memcpy outside the source variable. --- net/netfilter/nf_flow_table_offload.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_= table_offload.c index c54c9a6cc981..526f894d0bdb 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -108,8 +108,8 @@ static void flow_offload_mangle(struct flow_action_entr= y *entry, =09entry->id =3D FLOW_ACTION_MANGLE; =09entry->mangle.htype =3D htype; =09entry->mangle.offset =3D offset; -=09memcpy(&entry->mangle.mask, mask, sizeof(u32)); -=09memcpy(&entry->mangle.val, value, sizeof(u32)); +=09memcpy(&entry->mangle.mask, mask, sizeof(u8)); +=09memcpy(&entry->mangle.val, value, sizeof(u8)); } =20 static inline struct flow_action_entry * --=20 2.21.0