Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp1656552iog; Thu, 16 Jun 2022 10:48:21 -0700 (PDT) X-Google-Smtp-Source: AGRyM1t6HtU22Nldx9HiI5ZjZ0LrFv32zCxNUMbS32pKaMML6Kq4EFjyVNiWu9JcPjxZwapgb8tM X-Received: by 2002:a17:90b:d09:b0:1e8:3e55:bc05 with SMTP id n9-20020a17090b0d0900b001e83e55bc05mr6228231pjz.171.1655401700875; Thu, 16 Jun 2022 10:48:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655401700; cv=none; d=google.com; s=arc-20160816; b=AyMxkBRncUz+HNnzZ3aNYwIvt8wJSU9XaJAmlF9lImBJKjE+b1QXtG+CxwNj4IFLAn w9QVDPkPMpu3ChXwupETQdM82DkWFZ8F4Qd7Iks66CNGwQszQaKWmfg8Is0K/diTB3TM D8+j2dVAhoQ4gbsJPOM3KxO9Y5SDq8Xck7cJsjdhEDjM0WBhFLmerEFSt3/2QKAU/ry0 ztfGDr4vw2nkHi6Mi7NodPXwFg2mBZfubZatzXFbF4llvy1GFA4LRiRHuRc0OWCeO6ZC kGl9QeQ5wlXNrtVFYtV8ryjLinod02gYOX5mNrpfzvRjzZzL1K+tW0Yw0FCMpAmRGYFf AO0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=RlFBQwG2uhJw1OSNWVaQvWvQEXlYy5JkFZhJsWL2AU4=; b=s1Ap72Vw0Un3iHYuZuv99NcZsxbtc0cViVnbwWfVBnfrSVSN1hL1H61p8BnF9pUUyv ivbYO51epwj2xfNglOTeHNOPl9ScTKzoVspG4XIeZMqUxQA96A2G4kNBjAsXpqNiv/8z 9Ez+8h7FqXeNAwclSBUDsako5GB4a3w68GPg5AU2c01VbZ/SIiGAiLQmeehF3f6Wrk6A 0LHdOash8IzSNHDvkLBx19mAxbwIoGR9/X2ToegoGXzvVPrRudAZIhnnvQr7iL2WWkkP RZF3b6eiFqsi/XDGXBrKyQufm79VdS6T4W2lCYsn/HSRxYdQTYJdowBqL15WU4k+7zKp K9Eg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=UvRzKL82; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pj8-20020a17090b4f4800b001ead09a6974si7167325pjb.142.2022.06.16.10.48.09; Thu, 16 Jun 2022 10:48:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=UvRzKL82; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1378085AbiFPRTi (ORCPT + 99 others); Thu, 16 Jun 2022 13:19:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32952 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1378067AbiFPRTf (ORCPT ); Thu, 16 Jun 2022 13:19:35 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E130248E6E; Thu, 16 Jun 2022 10:19:32 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 00B4C61AA0; Thu, 16 Jun 2022 17:19:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 800D0C34114; Thu, 16 Jun 2022 17:19:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1655399971; bh=dVuVhPmEkC9puN9Rze1DZ34ZIAYl9igVaP1wUSkTnZw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=UvRzKL82Afj1pQ+Lgxowkk0MRYXG+iBGz/N9ndvOmSmZRkK32/FmzJOgPfyetmDWq o/xgytYUn/+3nkWCrb5RhgDP8qZr6a9USvDoD701VgSJtNg4ldTJR6vGCfyHa7+oFf Dim3Ym/VX/LHRt7gZrV52SmaJ5ZmqLU4/vNyhqqypQDHL9bU9vTRygB5L/Pmm8MsN6 uemMupVS1yMnFkCyTNCucZt6RZawSdxdxfpF4pJGQr8kGiMcM8046i++o4LV7ohc7F YDUXJhyEyTLAaNyN1GKBvNhg15bqcX4/P4heFUSSYHuiI4Ee4dFSYcfykA+r/5fTsd zat27tGVbKOgQ== Date: Thu, 16 Jun 2022 10:19:28 -0700 From: Nathan Chancellor To: Kees Cook Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Nick Desaulniers , Tom Rix , Leon Romanovsky , Jiri Pirko , Vladimir Oltean , Simon Horman , netdev@vger.kernel.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] hinic: Replace memcpy() with direct assignment Message-ID: References: <20220616052312.292861-1-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220616052312.292861-1-keescook@chromium.org> X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 15, 2022 at 10:23:12PM -0700, Kees Cook wrote: > Under CONFIG_FORTIFY_SOURCE=y and CONFIG_UBSAN_BOUNDS=y, Clang is bugged > here for calculating the size of the destination buffer (0x10 instead of > 0x14). This copy is a fixed size (sizeof(struct fw_section_info_st)), with > the source and dest being struct fw_section_info_st, so the memcpy should > be safe, assuming the index is within bounds, which is UBSAN_BOUNDS's > responsibility to figure out. > > Avoid the whole thing and just do a direct assignment. This results in > no change to the executable code. > > Cc: "David S. Miller" > Cc: Eric Dumazet > Cc: Jakub Kicinski > Cc: Paolo Abeni > Cc: Nathan Chancellor > Cc: Nick Desaulniers > Cc: Tom Rix > Cc: Leon Romanovsky > Cc: Jiri Pirko > Cc: Vladimir Oltean > Cc: Simon Horman > Cc: netdev@vger.kernel.org > Cc: llvm@lists.linux.dev > Link: https://github.com/ClangBuiltLinux/linux/issues/1592 > Signed-off-by: Kees Cook Tested-by: Nathan Chancellor # build > --- > drivers/net/ethernet/huawei/hinic/hinic_devlink.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/drivers/net/ethernet/huawei/hinic/hinic_devlink.c b/drivers/net/ethernet/huawei/hinic/hinic_devlink.c > index 60ae8bfc5f69..1749d26f4bef 100644 > --- a/drivers/net/ethernet/huawei/hinic/hinic_devlink.c > +++ b/drivers/net/ethernet/huawei/hinic/hinic_devlink.c > @@ -43,9 +43,7 @@ static bool check_image_valid(struct hinic_devlink_priv *priv, const u8 *buf, > > for (i = 0; i < fw_image->fw_info.fw_section_cnt; i++) { > len += fw_image->fw_section_info[i].fw_section_len; > - memcpy(&host_image->image_section_info[i], > - &fw_image->fw_section_info[i], > - sizeof(struct fw_section_info_st)); > + host_image->image_section_info[i] = fw_image->fw_section_info[i]; > } > > if (len != fw_image->fw_len || > -- > 2.32.0 >