Message ID | 20210727205855.411487-7-keescook@chromium.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Introduce strict memcpy() bounds checking | expand |
On Tue, Jul 27, 2021 at 2:01 PM Kees Cook <keescook@chromium.org> wrote: > > In preparation for FORTIFY_SOURCE performing compile-time and run-time > field bounds checking for memcpy(), memmove(), and memset(), avoid > intentionally writing across neighboring fields. > > Use struct_group() around members queue_id, min_bw, max_bw, tsa, pri_lvl, > and bw_weight so they can be referenced together. This will allow memcpy() > and sizeof() to more easily reason about sizes, improve readability, > and avoid future warnings about writing beyond the end of queue_id. > > "pahole" shows no size nor member offset changes to struct bnxt_cos2bw_cfg. > "objdump -d" shows no meaningful object code changes (i.e. only source > line number induced differences and optimizations). > > Signed-off-by: Kees Cook <keescook@chromium.org> Thanks. Reviewed-by: Michael Chan <michael.chan@broadcom.com>
On Tue, Jul 27, 2021 at 01:57:57PM -0700, Kees Cook wrote: > In preparation for FORTIFY_SOURCE performing compile-time and run-time > field bounds checking for memcpy(), memmove(), and memset(), avoid > intentionally writing across neighboring fields. > > Use struct_group() around members queue_id, min_bw, max_bw, tsa, pri_lvl, > and bw_weight so they can be referenced together. This will allow memcpy() > and sizeof() to more easily reason about sizes, improve readability, > and avoid future warnings about writing beyond the end of queue_id. > > "pahole" shows no size nor member offset changes to struct bnxt_cos2bw_cfg. > "objdump -d" shows no meaningful object code changes (i.e. only source > line number induced differences and optimizations). > > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks -- Gustavo > --- > drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 4 ++-- > drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h | 14 ++++++++------ > 2 files changed, 10 insertions(+), 8 deletions(-) > > diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c > index 8a68df4d9e59..95c636f89329 100644 > --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c > +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c > @@ -148,10 +148,10 @@ static int bnxt_hwrm_queue_cos2bw_qcfg(struct bnxt *bp, struct ieee_ets *ets) > } > > data = &resp->queue_id0 + offsetof(struct bnxt_cos2bw_cfg, queue_id); > - for (i = 0; i < bp->max_tc; i++, data += sizeof(cos2bw) - 4) { > + for (i = 0; i < bp->max_tc; i++, data += sizeof(cos2bw.cfg)) { > int tc; > > - memcpy(&cos2bw.queue_id, data, sizeof(cos2bw) - 4); > + memcpy(&cos2bw.cfg, data, sizeof(cos2bw.cfg)); > if (i == 0) > cos2bw.queue_id = resp->queue_id0; > > diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h > index 6eed231de565..716742522161 100644 > --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h > +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h > @@ -23,13 +23,15 @@ struct bnxt_dcb { > > struct bnxt_cos2bw_cfg { > u8 pad[3]; > - u8 queue_id; > - __le32 min_bw; > - __le32 max_bw; > + struct_group_attr(cfg, __packed, > + u8 queue_id; > + __le32 min_bw; > + __le32 max_bw; > #define BW_VALUE_UNIT_PERCENT1_100 (0x1UL << 29) > - u8 tsa; > - u8 pri_lvl; > - u8 bw_weight; > + u8 tsa; > + u8 pri_lvl; > + u8 bw_weight; > + ); > u8 unused; > }; > > -- > 2.30.2 >
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c index 8a68df4d9e59..95c636f89329 100644 --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c @@ -148,10 +148,10 @@ static int bnxt_hwrm_queue_cos2bw_qcfg(struct bnxt *bp, struct ieee_ets *ets) } data = &resp->queue_id0 + offsetof(struct bnxt_cos2bw_cfg, queue_id); - for (i = 0; i < bp->max_tc; i++, data += sizeof(cos2bw) - 4) { + for (i = 0; i < bp->max_tc; i++, data += sizeof(cos2bw.cfg)) { int tc; - memcpy(&cos2bw.queue_id, data, sizeof(cos2bw) - 4); + memcpy(&cos2bw.cfg, data, sizeof(cos2bw.cfg)); if (i == 0) cos2bw.queue_id = resp->queue_id0; diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h index 6eed231de565..716742522161 100644 --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h @@ -23,13 +23,15 @@ struct bnxt_dcb { struct bnxt_cos2bw_cfg { u8 pad[3]; - u8 queue_id; - __le32 min_bw; - __le32 max_bw; + struct_group_attr(cfg, __packed, + u8 queue_id; + __le32 min_bw; + __le32 max_bw; #define BW_VALUE_UNIT_PERCENT1_100 (0x1UL << 29) - u8 tsa; - u8 pri_lvl; - u8 bw_weight; + u8 tsa; + u8 pri_lvl; + u8 bw_weight; + ); u8 unused; };
In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally writing across neighboring fields. Use struct_group() around members queue_id, min_bw, max_bw, tsa, pri_lvl, and bw_weight so they can be referenced together. This will allow memcpy() and sizeof() to more easily reason about sizes, improve readability, and avoid future warnings about writing beyond the end of queue_id. "pahole" shows no size nor member offset changes to struct bnxt_cos2bw_cfg. "objdump -d" shows no meaningful object code changes (i.e. only source line number induced differences and optimizations). Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 4 ++-- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h | 14 ++++++++------ 2 files changed, 10 insertions(+), 8 deletions(-)