Message ID | 20221018135920.726360-9-memxor@gmail.com (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | BPF |
Headers | show |
Series | Fixes for dynptr | expand |
On Tue, Oct 18, 2022 at 6:59 AM Kumar Kartikeya Dwivedi <memxor@gmail.com> wrote: > > It may happen that destination buffer memory overlaps with memory dynptr > points to. Hence, we must use memmove to correctly copy from dynptr to > destination buffer, or source buffer to dynptr. > > This actually isn't a problem right now, as memcpy implementation falls > back to memmove on detecting overlap and warns about it, but we > shouldn't be relying on that. > > Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Acked-by: Joanne Koong <joannelkoong@gmail.com> > --- > kernel/bpf/helpers.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c > index 0a4017eb3616..2dc3f5ce8f9b 100644 > --- a/kernel/bpf/helpers.c > +++ b/kernel/bpf/helpers.c > @@ -1489,7 +1489,7 @@ BPF_CALL_5(bpf_dynptr_read, void *, dst, u32, len, const struct bpf_dynptr_kern > if (err) > return err; > > - memcpy(dst, src->data + src->offset + offset, len); > + memmove(dst, src->data + src->offset + offset, len); > > return 0; > } > @@ -1517,7 +1517,7 @@ BPF_CALL_5(bpf_dynptr_write, const struct bpf_dynptr_kern *, dst, u32, offset, v > if (err) > return err; > > - memcpy(dst->data + dst->offset + offset, src, len); > + memmove(dst->data + dst->offset + offset, src, len); > > return 0; > } > -- > 2.38.0 >
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index 0a4017eb3616..2dc3f5ce8f9b 100644 --- a/kernel/bpf/helpers.c +++ b/kernel/bpf/helpers.c @@ -1489,7 +1489,7 @@ BPF_CALL_5(bpf_dynptr_read, void *, dst, u32, len, const struct bpf_dynptr_kern if (err) return err; - memcpy(dst, src->data + src->offset + offset, len); + memmove(dst, src->data + src->offset + offset, len); return 0; } @@ -1517,7 +1517,7 @@ BPF_CALL_5(bpf_dynptr_write, const struct bpf_dynptr_kern *, dst, u32, offset, v if (err) return err; - memcpy(dst->data + dst->offset + offset, src, len); + memmove(dst->data + dst->offset + offset, src, len); return 0; }
It may happen that destination buffer memory overlaps with memory dynptr points to. Hence, we must use memmove to correctly copy from dynptr to destination buffer, or source buffer to dynptr. This actually isn't a problem right now, as memcpy implementation falls back to memmove on detecting overlap and warns about it, but we shouldn't be relying on that. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> --- kernel/bpf/helpers.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)