| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Apr 2016 19:45:15 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Kees Cook <keescook@...omium.org>
Cc: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
Yinghai Lu <yinghai@...nel.org>, Baoquan He <bhe@...hat.com>,
Borislav Petkov <bp@...e.de>, Ingo Molnar <mingo@...hat.com>,
"x86@...nel.org" <x86@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
"H.J. Lu" <hjl.tools@...il.com>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andy Lutomirski <luto@...nel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] x86/boot: Rename overlapping memcpy() to memmove()
* Kees Cook <keescook@...omium.org> wrote:
> On Thu, Apr 28, 2016 at 9:47 AM, One Thousand Gnomes
> <gnomes@...rguk.ukuu.org.uk> wrote:
> > O> For example, this is what I've got currently:
> >>
> >> /* Detect and warn about potential overlaps. */
> >> void *memcpy(void *dest, const void *src, size_t n)
> >> {
> >> if (dest > src && dest - src < n)
> >> warn("Potentially unsafe overlapping memcpy detected!");
> >> return __memcpy(dest, src, n);
> >> }
> >>
> >> Does that seem okay? If so, I'll send the patch...
> >
> > Probably useful for debug, but instead of relying on __memcpy
> > happening to handle overlaps - which isn't portable you could instead
> > debug all platforms by doing
> >
> > if (...) {
> > warn(...)
> > memmove()
> > } else
> > __memcpy
> >
>
> Yeah, that's kind of where we started (but without the warning). I
> prefer this, since we don't run the risk of MAYBE breaking. We warn,
> but we remain safe.
Works for me!
Thanks,
Ingo
Powered by blists - more mailing lists