diff mbox series

[17/64] iommu/amd: Use struct_group() for memcpy() region

Message ID	20210727205855.411487-18-keescook@chromium.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-block-owner@kernel.org> From: Kees Cook <keescook@chromium.org> To: linux-hardening@vger.kernel.org Cc: Kees Cook <keescook@chromium.org>, "Gustavo A. R. Silva" <gustavoars@kernel.org>, Keith Packard <keithpac@amazon.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Andrew Morton <akpm@linux-foundation.org>, linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-staging@lists.linux.dev, linux-block@vger.kernel.org, linux-kbuild@vger.kernel.org, clang-built-linux@googlegroups.com Subject: [PATCH 17/64] iommu/amd: Use struct_group() for memcpy() region Date: Tue, 27 Jul 2021 13:58:08 -0700 Message-Id: <20210727205855.411487-18-keescook@chromium.org> In-Reply-To: <20210727205855.411487-1-keescook@chromium.org> References: <20210727205855.411487-1-keescook@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Introduce strict memcpy() bounds checking \| expand [00/64] Introduce strict memcpy() bounds checking [01/64] media: omap3isp: Extract struct group for memcpy() region [02/64] mac80211: Use flex-array for radiotap header bitmap [03/64] rpmsg: glink: Replace strncpy() with strscpy_pad() [04/64] stddef: Introduce struct_group() helper macro [05/64] skbuff: Switch structure bounds to struct_group() [06/64] bnxt_en: Use struct_group_attr() for memcpy() region [07/64] staging: rtl8192e: Use struct_group() for memcpy() region [08/64] staging: rtl8192u: Use struct_group() for memcpy() region [09/64] staging: rtl8723bs: Avoid field-overflowing memcpy() [10/64] lib80211: Use struct_group() for memcpy() region [11/64] net/mlx5e: Avoid field-overflowing memcpy() [12/64] mwl8k: Use struct_group() for memcpy() region [13/64] libertas: Use struct_group() for memcpy() region [14/64] libertas_tf: Use struct_group() for memcpy() region [15/64] ipw2x00: Use struct_group() for memcpy() region [16/64] thermal: intel: int340x_thermal: Use struct_group() for memcpy() region [17/64] iommu/amd: Use struct_group() for memcpy() region [18/64] cxgb3: Use struct_group() for memcpy() region [19/64] ip: Use struct_group() for memcpy() regions [20/64] intersil: Use struct_group() for memcpy() region [21/64] cxgb4: Use struct_group() for memcpy() region [22/64] bnx2x: Use struct_group() for memcpy() region [23/64] drm/amd/pm: Use struct_group() for memcpy() region [24/64] staging: wlan-ng: Use struct_group() for memcpy() region [25/64] drm/mga/mga_ioc32: Use struct_group() for memcpy() region [26/64] net/mlx5e: Use struct_group() for memcpy() region [27/64] HID: cp2112: Use struct_group() for memcpy() region [28/64] compiler_types.h: Remove __compiletime_object_size() [29/64] lib/string: Move helper functions out of string.c [30/64] fortify: Move remaining fortify helpers into fortify-string.h [31/64] fortify: Explicitly disable Clang support [32/64] fortify: Add compile-time FORTIFY_SOURCE tests [33/64] lib: Introduce CONFIG_TEST_MEMCPY [34/64] fortify: Detect struct member overflows in memcpy() at compile-time [35/64] fortify: Detect struct member overflows in memmove() at compile-time [36/64] scsi: ibmvscsi: Avoid multi-field memset() overflow by aiming at srp [37/64] string.h: Introduce memset_after() for wiping trailing members/padding [38/64] xfrm: Use memset_after() to clear padding [39/64] mac80211: Use memset_after() to clear tx status [40/64] net: 802: Use memset_after() to clear struct fields [41/64] net: dccp: Use memset_after() for TP zeroing [42/64] net: qede: Use memset_after() for counters [43/64] ath11k: Use memset_after() for clearing queue descriptors [44/64] iw_cxgb4: Use memset_after() for cpl_t5_pass_accept_rpl [45/64] intel_th: msu: Use memset_after() for clearing hw header [46/64] IB/mthca: Use memset_after() for clearing mpt_entry [47/64] btrfs: Use memset_after() to clear end of struct [48/64] drbd: Use struct_group() to zero algs [49/64] cm4000_cs: Use struct_group() to zero struct cm4000_dev region [50/64] KVM: x86: Use struct_group() to zero decode cache [51/64] tracing: Use struct_group() to zero struct trace_iterator [52/64] dm integrity: Use struct_group() to zero struct journal_sector [53/64] HID: roccat: Use struct_group() to zero kone_mouse_event [54/64] ipv6: Use struct_group() to zero rt6_info [55/64] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr [56/64] ethtool: stats: Use struct_group() to clear all stats at once [57/64] netfilter: conntrack: Use struct_group() to zero struct nf_conn [58/64] powerpc: Split memset() to avoid multi-field overflow [59/64] fortify: Detect struct member overflows in memset() at compile-time [60/64] fortify: Work around Clang inlining bugs [61/64] Makefile: Enable -Warray-bounds [62/64] netlink: Avoid false-positive memcpy() warning [63/64] iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write [64/64] fortify: Add run-time WARN for cross-field memcpy()

Commit Message

Kees Cook July 27, 2021, 8:58 p.m. UTC

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.

Use struct_group() in struct ivhd_entry around members ext and hidh, so
they can be referenced together. This will allow memcpy() and sizeof()
to more easily reason about sizes, improve readability, and avoid future
warnings about writing beyond the end of ext.

"pahole" shows no size nor member offset changes to struct ivhd_entry.
"objdump -d" shows no object code changes.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/iommu/amd/init.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff mbox series

Patch

diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c
index 46280e6e1535..2df84737417b 100644
--- a/drivers/iommu/amd/init.c
+++ b/drivers/iommu/amd/init.c
@@ -121,8 +121,10 @@  struct ivhd_entry {
 	u8 type;
 	u16 devid;
 	u8 flags;
-	u32 ext;
-	u32 hidh;
+	struct_group(ext_hid,
+		u32 ext;
+		u32 hidh;
+	);
 	u64 cid;
 	u8 uidf;
 	u8 uidl;
@@ -1378,7 +1380,8 @@  static int __init init_iommu_from_acpi(struct amd_iommu *iommu,
 				break;
 			}
 
-			memcpy(hid, (u8 *)(&e->ext), ACPIHID_HID_LEN - 1);
+			BUILD_BUG_ON(sizeof(e->ext_hid) != ACPIHID_HID_LEN - 1);
+			memcpy(hid, &e->ext_hid, ACPIHID_HID_LEN - 1);
 			hid[ACPIHID_HID_LEN - 1] = '\0';
 
 			if (!(*hid)) {