diff mbox series

[v2,14/63] cxgb3: Use struct_group() for memcpy() region

Message ID	20210818060533.3569517-15-keescook@chromium.org (mailing list archive)
State	Not Applicable
Delegated to:	Netdev Maintainers
Headers	show Return-Path: <netdev-owner@kernel.org> From: Kees Cook <keescook@chromium.org> To: linux-kernel@vger.kernel.org Cc: Kees Cook <keescook@chromium.org>, Raju Rangoju <rajur@chelsio.com>, "David S. Miller" <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org>, netdev@vger.kernel.org, "Gustavo A. R. Silva" <gustavoars@kernel.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Andrew Morton <akpm@linux-foundation.org>, linux-wireless@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-staging@lists.linux.dev, linux-block@vger.kernel.org, linux-kbuild@vger.kernel.org, clang-built-linux@googlegroups.com, Rasmus Villemoes <linux@rasmusvillemoes.dk>, linux-hardening@vger.kernel.org Subject: [PATCH v2 14/63] cxgb3: Use struct_group() for memcpy() region Date: Tue, 17 Aug 2021 23:04:44 -0700 Message-Id: <20210818060533.3569517-15-keescook@chromium.org> In-Reply-To: <20210818060533.3569517-1-keescook@chromium.org> References: <20210818060533.3569517-1-keescook@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Introduce strict memcpy() bounds checking \| expand [v2,00/63] Introduce strict memcpy() bounds checking [v2,01/63] ipw2x00: Avoid field-overflowing memcpy() [v2,02/63] net/mlx5e: Avoid field-overflowing memcpy() [v2,03/63] rpmsg: glink: Replace strncpy() with strscpy_pad() [v2,04/63] pcmcia: ray_cs: Split memcpy() to avoid bounds check warning [v2,05/63] stddef: Introduce struct_group() helper macro [v2,06/63] cxl/core: Replace unions with struct_group() [v2,07/63] skbuff: Switch structure bounds to struct_group() [v2,08/63] bnxt_en: Use struct_group_attr() for memcpy() region [v2,09/63] mwl8k: Use struct_group() for memcpy() region [v2,10/63] libertas: Use struct_group() for memcpy() region [v2,11/63] libertas_tf: Use struct_group() for memcpy() region [v2,12/63] thermal: intel: int340x_thermal: Use struct_group() for memcpy() region [v2,13/63] iommu/amd: Use struct_group() for memcpy() region [v2,14/63] cxgb3: Use struct_group() for memcpy() region [v2,15/63] intersil: Use struct_group() for memcpy() region [v2,16/63] cxgb4: Use struct_group() for memcpy() region [v2,17/63] bnx2x: Use struct_group() for memcpy() region [v2,18/63] drm/amd/pm: Use struct_group() for memcpy() region [v2,19/63] staging: wlan-ng: Use struct_group() for memcpy() region [v2,20/63] drm/mga/mga_ioc32: Use struct_group() for memcpy() region [v2,21/63] net/mlx5e: Use struct_group() for memcpy() region [v2,22/63] HID: cp2112: Use struct_group() for memcpy() region [v2,23/63] media: omap3isp: Use struct_group() for memcpy() region [v2,24/63] sata_fsl: Use struct_group() for memcpy() region [v2,25/63] compiler_types.h: Remove __compiletime_object_size() [v2,26/63] lib/string: Move helper functions out of string.c [v2,27/63] fortify: Move remaining fortify helpers into fortify-string.h [v2,28/63] fortify: Explicitly disable Clang support [v2,29/63] fortify: Fix dropped strcpy() compile-time write overflow check [v2,30/63] fortify: Prepare to improve strnlen() and strlen() warnings [v2,31/63] fortify: Allow strlen() and strnlen() to pass compile-time known lengths [v2,32/63] fortify: Add compile-time FORTIFY_SOURCE tests [v2,33/63] lib: Introduce CONFIG_TEST_MEMCPY [v2,34/63] fortify: Detect struct member overflows in memcpy() at compile-time [v2,35/63] fortify: Detect struct member overflows in memmove() at compile-time [v2,36/63] scsi: ibmvscsi: Avoid multi-field memset() overflow by aiming at srp [v2,37/63] string.h: Introduce memset_after() for wiping trailing members/padding [v2,38/63] xfrm: Use memset_after() to clear padding [v2,39/63] ipv6: Use memset_after() to zero rt6_info [v2,40/63] netfilter: conntrack: Use memset_startat() to zero struct nf_conn [v2,41/63] net: 802: Use memset_startat() to clear struct fields [v2,42/63] net: dccp: Use memset_startat() for TP zeroing [v2,43/63] net: qede: Use memset_startat() for counters [v2,44/63] mac80211: Use memset_after() to clear tx status [v2,45/63] ath11k: Use memset_startat() for clearing queue descriptors [v2,46/63] iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl [v2,47/63] intel_th: msu: Use memset_startat() for clearing hw header [v2,48/63] IB/mthca: Use memset_startat() for clearing mpt_entry [v2,49/63] btrfs: Use memset_startat() to clear end of struct [v2,50/63] tracing: Use memset_startat() to zero struct trace_iterator [v2,51/63] drbd: Use struct_group() to zero algs [v2,52/63] cm4000_cs: Use struct_group() to zero struct cm4000_dev region [v2,53/63] KVM: x86: Use struct_group() to zero decode cache [v2,54/63] dm integrity: Use struct_group() to zero struct journal_sector [v2,55/63] HID: roccat: Use struct_group() to zero kone_mouse_event [v2,56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr [v2,57/63] powerpc/signal32: Use struct_group() to zero spe regs [v2,58/63] ethtool: stats: Use struct_group() to clear all stats at once [v2,59/63] can: flexcan: Use struct_group() to zero struct flexcan_regs regions [v2,60/63] net/af_iucv: Use struct_group() to zero struct iucv_sock region [v2,61/63] powerpc: Split memset() to avoid multi-field overflow [v2,62/63] fortify: Detect struct member overflows in memset() at compile-time [v2,63/63] fortify: Work around Clang inlining bugs

Checks

Context	Check	Description
netdev/cover_letter	success	Link
netdev/fixes_present	success	Link
netdev/patch_count	fail	Series longer than 15 patches
netdev/tree_selection	success	Guessed tree name to be net-next
netdev/subject_prefix	success	Link
netdev/cc_maintainers	warning	2 maintainers not CCed: ndesaulniers@google.com nathan@kernel.org
netdev/source_inline	success	Was 0 now: 0
netdev/verify_signedoff	success	Link
netdev/module_param	success	Was 0 now: 0
netdev/build_32bit	success	Errors and warnings before: 8 this patch: 8
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/verify_fixes	success	Link
netdev/checkpatch	warning	CHECK: Alignment should match open parenthesis WARNING: Comparisons should place the constant on the right side of the test
netdev/build_allmodconfig_warn	success	Errors and warnings before: 8 this patch: 8
netdev/header_inline	success	Link

Commit Message

Kees Cook Aug. 18, 2021, 6:04 a.m. UTC

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.

Use struct_group() in struct rss_hdr around members imm_data and intr_gen,
so they can be referenced together. This will allow memcpy() and sizeof()
to more easily reason about sizes, improve readability, and avoid future
warnings about writing beyond the end of imm_data.

"pahole" shows no size nor member offset changes to struct rss_hdr.
"objdump -d" shows no object code changes.

Cc: Raju Rangoju <rajur@chelsio.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/net/ethernet/chelsio/cxgb3/sge.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff mbox series

Patch

diff --git a/drivers/net/ethernet/chelsio/cxgb3/sge.c b/drivers/net/ethernet/chelsio/cxgb3/sge.c
index cb5c79c43bc9..1ab1bd86a3a6 100644
--- a/drivers/net/ethernet/chelsio/cxgb3/sge.c
+++ b/drivers/net/ethernet/chelsio/cxgb3/sge.c
@@ -126,8 +126,10 @@  struct rsp_desc {		/* response queue descriptor */
 	struct rss_header rss_hdr;
 	__be32 flags;
 	__be32 len_cq;
-	u8 imm_data[47];
-	u8 intr_gen;
+	struct_group(immediate,
+		u8 imm_data[47];
+		u8 intr_gen;
+	);
 };
 
 /*
@@ -929,7 +931,8 @@  static inline struct sk_buff *get_imm_packet(const struct rsp_desc *resp)
 
 	if (skb) {
 		__skb_put(skb, IMMED_PKT_SIZE);
-		skb_copy_to_linear_data(skb, resp->imm_data, IMMED_PKT_SIZE);
+		BUILD_BUG_ON(IMMED_PKT_SIZE != sizeof(resp->immediate));
+		skb_copy_to_linear_data(skb, &resp->immediate, IMMED_PKT_SIZE);
 	}
 	return skb;
 }