lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Dec 2022 15:29:14 -0800 From: Kees Cook <keescook@...omium.org> To: Paolo Abeni <pabeni@...hat.com> Cc: Samuel Mendoza-Jonas <sam@...dozajonas.com>, Joel Stanley <joel@....id.au>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] net/ncsi: Silence runtime memcpy() false positive warning On Tue, Dec 06, 2022 at 11:36:54AM +0100, Paolo Abeni wrote: > Hello, > > On Fri, 2022-12-02 at 13:24 -0800, Kees Cook wrote: > > The memcpy() in ncsi_cmd_handler_oem deserializes nca->data into a > > flexible array structure that overlapping with non-flex-array members > > (mfr_id) intentionally. Since the mem_to_flex() API is not finished, > > temporarily silence this warning, since it is a false positive, using > > unsafe_memcpy(). > > > > Reported-by: Joel Stanley <joel@....id.au> > > Link: https://lore.kernel.org/netdev/CACPK8Xdfi=OJKP0x0D1w87fQeFZ4A2DP2qzGCRcuVbpU-9=4sQ@mail.gmail.com/ > > Cc: Samuel Mendoza-Jonas <sam@...dozajonas.com> > > Cc: "David S. Miller" <davem@...emloft.net> > > Cc: Eric Dumazet <edumazet@...gle.com> > > Cc: Jakub Kicinski <kuba@...nel.org> > > Cc: Paolo Abeni <pabeni@...hat.com> > > Cc: netdev@...r.kernel.org > > Signed-off-by: Kees Cook <keescook@...omium.org> > > Is this for the -net or the -net-next tree? It applies to both... > > It you are targetting the -net tree, I think it would be nicer adding a > suitable Fixes tag. -net-next (v6.2) is fine -- this is where the warning manifests. -Kees -- Kees Cook
Powered by blists - more mailing lists