| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CO1PR18MB4666CF07894856612643001FA1099@CO1PR18MB4666.namprd18.prod.outlook.com>
Date: Tue, 22 Jun 2021 05:55:17 +0000
From: Subbaraya Sundeep Bhatta <sbhatta@...vell.com>
To: Kees Cook <keescook@...omium.org>,
"David S . Miller" <davem@...emloft.net>
CC: Sunil Kovvuri Goutham <sgoutham@...vell.com>,
Linu Cherian <lcherian@...vell.com>,
Geethasowjanya Akula <gakula@...vell.com>,
Jerin Jacob Kollanukkaran <jerinj@...vell.com>,
Hariprasad Kelam <hkelam@...vell.com>,
Jakub Kicinski <kuba@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>
Subject: Re: [EXT] [PATCH] octeontx2-af: Avoid field-overflowing memcpy()
Tested-by: Subbaraya Sundeep<sbhatta@...vell.com>
Thanks,
Sundeep
________________________________________
From: Kees Cook <keescook@...omium.org>
Sent: Tuesday, June 22, 2021 3:24 AM
To: David S . Miller
Cc: Kees Cook; Sunil Kovvuri Goutham; Linu Cherian; Geethasowjanya Akula; Jerin Jacob Kollanukkaran; Hariprasad Kelam; Subbaraya Sundeep Bhatta; Jakub Kicinski; linux-kernel@...r.kernel.org; netdev@...r.kernel.org; linux-hardening@...r.kernel.org
Subject: [EXT] [PATCH] octeontx2-af: Avoid field-overflowing memcpy()
External Email
----------------------------------------------------------------------
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.
To avoid having memcpy() think a u64 "prof" is being written beyond,
adjust the prof member type by adding struct nix_bandprof_s to the union
to match the other structs. This silences the following future warning:
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:65,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/stat.h:19,
from ./include/linux/module.h:13,
from drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c:11:
In function '__fortify_memcpy_chk',
inlined from '__fortify_memcpy' at ./include/linux/fortify-string.h:310:2,
inlined from 'rvu_nix_blk_aq_enq_inst' at drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c:910:5:
./include/linux/fortify-string.h:268:4: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); please use struct_group() [-Wattribute-warning]
268 | __write_overflow_field();
| ^~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c:
...
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
memcpy(&rsp->prof, ctx,
sizeof(struct nix_bandprof_s));
...
Signed-off-by: Kees Cook <keescook@...omium.org>
---
drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/mbox.h b/drivers/net/ethernet/marvell/octeontx2/af/mbox.h
index 7d7dfa8d8a3f..770d86262838 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/mbox.h
+++ b/drivers/net/ethernet/marvell/octeontx2/af/mbox.h
@@ -746,7 +746,7 @@ struct nix_aq_enq_rsp {
struct nix_cq_ctx_s cq;
struct nix_rsse_s rss;
struct nix_rx_mce_s mce;
- u64 prof;
+ struct nix_bandprof_s prof;
};
};
--
2.30.2
Powered by blists - more mailing lists