| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jJb1KKDfYsZPPGrF-1UUf1sKkvzdt=i115bKKhOBp72Vw@mail.gmail.com>
Date: Thu, 28 Apr 2016 09:49:18 -0700
From: Kees Cook <keescook@...omium.org>
To: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>
Cc: Ingo Molnar <mingo@...nel.org>, Yinghai Lu <yinghai@...nel.org>,
Baoquan He <bhe@...hat.com>, Borislav Petkov <bp@...e.de>,
Ingo Molnar <mingo@...hat.com>,
"x86@...nel.org" <x86@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
"H.J. Lu" <hjl.tools@...il.com>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andy Lutomirski <luto@...nel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] x86/boot: Rename overlapping memcpy() to memmove()
On Thu, Apr 28, 2016 at 9:47 AM, One Thousand Gnomes
<gnomes@...rguk.ukuu.org.uk> wrote:
> O> For example, this is what I've got currently:
>>
>> /* Detect and warn about potential overlaps. */
>> void *memcpy(void *dest, const void *src, size_t n)
>> {
>> if (dest > src && dest - src < n)
>> warn("Potentially unsafe overlapping memcpy detected!");
>> return __memcpy(dest, src, n);
>> }
>>
>> Does that seem okay? If so, I'll send the patch...
>
> Probably useful for debug, but instead of relying on __memcpy
> happening to handle overlaps - which isn't portable you could instead
> debug all platforms by doing
>
> if (...) {
> warn(...)
> memmove()
> } else
> __memcpy
>
Yeah, that's kind of where we started (but without the warning). I
prefer this, since we don't run the risk of MAYBE breaking. We warn,
but we remain safe.
-Kees
--
Kees Cook
Chrome OS & Brillo Security
Powered by blists - more mailing lists