| Message ID | 20220924040835.3364912-1-keescook@chromium.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | de4feb4e3d61026f81b15ada6f64deaf40125ffc |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | NFC: hci: Split memcpy() of struct hcp_message flexible array | expand |
On Fri, Sep 23, 2022 at 09:08:35PM -0700, Kees Cook wrote: > To work around a misbehavior of the compiler's ability to see into > composite flexible array structs (as detailed in the coming memcpy() > hardening series[1]), split the memcpy() of the header and the payload > so no false positive run-time overflow warning will be generated. This > split already existed for the "firstfrag" case, so just generalize the > logic further. > > [1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@chromium.org/ > > Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> > Cc: "David S. Miller" <davem@davemloft.net> > Cc: Eric Dumazet <edumazet@google.com> > Cc: Jakub Kicinski <kuba@kernel.org> > Cc: Paolo Abeni <pabeni@redhat.com> > Cc: netdev@vger.kernel.org > Reported-by: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks! -- Gustavo > --- > net/nfc/hci/hcp.c | 12 +++++------- > 1 file changed, 5 insertions(+), 7 deletions(-) > > diff --git a/net/nfc/hci/hcp.c b/net/nfc/hci/hcp.c > index 05c60988f59a..4902f5064098 100644 > --- a/net/nfc/hci/hcp.c > +++ b/net/nfc/hci/hcp.c > @@ -73,14 +73,12 @@ int nfc_hci_hcp_message_tx(struct nfc_hci_dev *hdev, u8 pipe, > if (firstfrag) { > firstfrag = false; > packet->message.header = HCP_HEADER(type, instruction); > - if (ptr) { > - memcpy(packet->message.data, ptr, > - data_link_len - 1); > - ptr += data_link_len - 1; > - } > } else { > - memcpy(&packet->message, ptr, data_link_len); > - ptr += data_link_len; > + packet->message.header = *ptr++; > + } > + if (ptr) { > + memcpy(packet->message.data, ptr, data_link_len - 1); > + ptr += data_link_len - 1; > } > > /* This is the last fragment, set the cb bit */ > -- > 2.34.1 >
On 24/09/2022 06:08, Kees Cook wrote: > To work around a misbehavior of the compiler's ability to see into > composite flexible array structs (as detailed in the coming memcpy() > hardening series[1]), split the memcpy() of the header and the payload > so no false positive run-time overflow warning will be generated. This > split already existed for the "firstfrag" case, so just generalize the > logic further. > > [1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@chromium.org/ > Looks correct: Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Best regards, Krzysztof
Hello: This patch was applied to netdev/net-next.git (master) by Jakub Kicinski <kuba@kernel.org>: On Fri, 23 Sep 2022 21:08:35 -0700 you wrote: > To work around a misbehavior of the compiler's ability to see into > composite flexible array structs (as detailed in the coming memcpy() > hardening series[1]), split the memcpy() of the header and the payload > so no false positive run-time overflow warning will be generated. This > split already existed for the "firstfrag" case, so just generalize the > logic further. > > [...] Here is the summary with links: - NFC: hci: Split memcpy() of struct hcp_message flexible array https://git.kernel.org/netdev/net-next/c/de4feb4e3d61 You are awesome, thank you!
diff --git a/net/nfc/hci/hcp.c b/net/nfc/hci/hcp.c index 05c60988f59a..4902f5064098 100644 --- a/net/nfc/hci/hcp.c +++ b/net/nfc/hci/hcp.c @@ -73,14 +73,12 @@ int nfc_hci_hcp_message_tx(struct nfc_hci_dev *hdev, u8 pipe, if (firstfrag) { firstfrag = false; packet->message.header = HCP_HEADER(type, instruction); - if (ptr) { - memcpy(packet->message.data, ptr, - data_link_len - 1); - ptr += data_link_len - 1; - } } else { - memcpy(&packet->message, ptr, data_link_len); - ptr += data_link_len; + packet->message.header = *ptr++; + } + if (ptr) { + memcpy(packet->message.data, ptr, data_link_len - 1); + ptr += data_link_len - 1; } /* This is the last fragment, set the cb bit */
To work around a misbehavior of the compiler's ability to see into composite flexible array structs (as detailed in the coming memcpy() hardening series[1]), split the memcpy() of the header and the payload so no false positive run-time overflow warning will be generated. This split already existed for the "firstfrag" case, so just generalize the logic further. [1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@chromium.org/ Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: netdev@vger.kernel.org Reported-by: "Gustavo A. R. Silva" <gustavoars@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> --- net/nfc/hci/hcp.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-)