Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp67804pxj; Wed, 23 Jun 2021 15:55:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwG0/02cn8pT1o9Qpf13SqGlLnoBbVdyPBMTQXb8PDp5glhthGFeyPMcOzgpuzJBVVSggGa X-Received: by 2002:a17:906:6c92:: with SMTP id s18mr2217550ejr.246.1624488924099; Wed, 23 Jun 2021 15:55:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624488924; cv=none; d=google.com; s=arc-20160816; b=jNUfmqycoRmzLs+IIhAFXyE2Zhag79rErDfjVp6NRMeIg4GNd/DHrhfnCUHgV05+eF 82vzEE1a6Ek77DdQDAIwbuTIzx61VsrmPNxH08lDoxMjwGiBfPPIpX7flTEl5XUdFRUb Q3k/qcKG4DGXK973SOQd2ps0XczlIw2qkQexVimlkqr87V+tOXeu4l2kdj08eHd3w+2n Ttabi8gmU3UjXTLbg2BBEaBu5Y5c/f/owzDP2d3o8xmDKod+25+FXGf1kjnhVrfWCvDX HQvBpxB84cE+GN2Rlw9DNHJxMMtq6wt0MXdDR4Hrbp8wrtQEpmnhm1H7B0jNawbeOIMv Y+fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=PhW/5nWJvry34gWtMWlmqOr4aezNJfCGGSSwW1Z44S4=; b=mabQEHHEMPXEj8MuRvR5zxdoYxnirW6myKqXifQLGLeBZ9UD4HI6rjDazdB16XxuyI 19i8HaEIlJLdFH++50tERnbnc2Co8WVxgSbYbf0KsKSc6eLbTwqB8I/x25XIEBQhbot0 11GSycelnngr/K3/F6kZGUx9UWLDD9OVu9RE5xH53HVWynFvARXAoL3p4ELO2Jp/gim9 8autxWZVRyqxpCUkJ/X/YX1xVeKYOJ0OD1R8G67bpDBFHIdRKLX1kBOiNPLXqKiVGmN6 UXKrhJJJNirif9VIK7qVq7exhnCxi7bwl/Y95W329tFe0qIKNtfwf33FruB4/1/JZ72m UAWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Y7dexCHK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hz10si870962ejc.378.2021.06.23.15.55.00; Wed, 23 Jun 2021 15:55:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Y7dexCHK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229759AbhFWW4B (ORCPT + 99 others); Wed, 23 Jun 2021 18:56:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229755AbhFWW4A (ORCPT ); Wed, 23 Jun 2021 18:56:00 -0400 Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 455C5C061756 for ; Wed, 23 Jun 2021 15:53:41 -0700 (PDT) Received: by mail-pg1-x52c.google.com with SMTP id e33so3050521pgm.3 for ; Wed, 23 Jun 2021 15:53:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=PhW/5nWJvry34gWtMWlmqOr4aezNJfCGGSSwW1Z44S4=; b=Y7dexCHKupR8VvExygST6Sg82BTOYcmprRQLLuqPd75nZzlyfrWQ+VQd0nxsE9zU+N vCnTJw9wcJDApxd+2hBcksBmXAmNfb8iJGVe4INj6W+SZvfkFTwERl2tEXkRghzQFcAD 2EsK2VLjaeZJJ/gx7GASNoXImTxNqKVW1z9pc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=PhW/5nWJvry34gWtMWlmqOr4aezNJfCGGSSwW1Z44S4=; b=H/jMcOyOIAcxVPAQgEusRv5wFTlSSy4f+R88FZ/GJP9H6PAfEn0lEurcPBJAMFaB49 lrC4hrZM3U4we6Ituf2jYu4IqVm2tGkiOllVsQBw1+XTLj4Kd+YW3rlUQ06lMkA6OR+k HBD0nN2qLrBjVQistV6B7ccob6GWFKoPIs7BfSSLSFto1y+qvJGqZZRXYGR+WCkHP8pB RswTbGrvqP3/oLHJER0RRalDUfYN6+HeCpSSBXfKORXRErNceVt1YM8Kl3z81iowJNQM UZoNuj+XSLT4UpeN/1JjJML2kr8wLSIyRuKoPz58ZY3CN0mQQByxtNtMqpQN3Y59EDks Ugig== X-Gm-Message-State: AOAM530oL7E41/iFQj8RCJGfmN2RtLg8e7x1nInbfV3jEEC8bhiC0AyU q43AYh6av6F1Un6smyxjpnOBB7hev6shSA== X-Received: by 2002:a63:755:: with SMTP id 82mr1681659pgh.209.1624488820844; Wed, 23 Jun 2021 15:53:40 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id u13sm148169pga.64.2021.06.23.15.53.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Jun 2021 15:53:39 -0700 (PDT) Date: Wed, 23 Jun 2021 15:53:38 -0700 From: Kees Cook To: Laurent Pinchart Cc: Mauro Carvalho Chehab , Arnd Bergmann , "Gustavo A. R. Silva" , Sakari Ailus , linux-kernel@vger.kernel.org, linux-media@vger.kernel.org Subject: Re: [PATCH] media: omap3isp: Extract struct group for memcpy() region Message-ID: <202106231547.1212335D@keescook> References: <20210616185938.1225218-1-keescook@chromium.org> <202106162119.859E9A80B@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 24, 2021 at 01:12:11AM +0300, Laurent Pinchart wrote: > Hi Kees, > > On Wed, Jun 16, 2021 at 09:22:23PM -0700, Kees Cook wrote: > > On Wed, Jun 16, 2021 at 10:43:03PM +0300, Laurent Pinchart wrote: > > > On Wed, Jun 16, 2021 at 11:59:38AM -0700, Kees Cook wrote: > > > > Avoid writing past the end of a structure member by wrapping the target > > > > region in a common named structure. This additionally fixes a > > > > misalignment of the copy (since the size of "buf" changes between 64-bit > > > > and 32-bit). > > > > > > Could you have been mislead by the data64 name ? The difference between > > > omap3isp_stat_data_time and omap3isp_stat_data_time32 is the size of the > > > ts field, using 32-bit timestamps with legacy userspace, and 64-bit > > > timestamps with more recent userspace. In both cases we're dealing with > > > a 32-bit platform, as the omap3isp is not used in any 64-bit ARM SoC. > > > The size of void __user *buf is thus 4 bytes in all cases, as is __u32 > > > buf. > > > > Ah, yes, that's true. I was hitting this on arm64 builds > > (CONFIG_COMPILE_TEST) where __user *buf is 64-bit. So, the "additionally > > fixes" bit above is misleading in the sense that nothing was ever built > > in the real world like that. > > > > The patch still fixes the compile-time warnings, though. > > I What's the compile-time warning ? I tried compiling the driver for > ARM64 and didn't notice any. Sorry, I didn't include the background well enough in the commit log, but it's part of a tightening of memcpy() under FORTIFY_SOURCE and also -Warray-bounds enablement. Here's what I've been saying on other patches (this one was different because it seemed to be just broken code): In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally writing across neighboring fields. Anyway, I can carry this until the full series is posted, but I'm still working through a few more fixes before I send the whole thing. This patch was one of a handful that didn't have any series dependencies. -Kees -- Kees Cook