| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Nov 2022 10:44:06 +0800
From: Hangbin Liu <liuhangbin@...il.com>
To: netdev@...r.kernel.org
Cc: Jay Vosburgh <j.vosburgh@...il.com>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Jonathan Toppins <jtoppins@...hat.com>,
Paolo Abeni <pabeni@...hat.com>,
David Ahern <dsahern@...il.com>,
Tom Herbert <tom@...bertland.com>,
Hangbin Liu <liuhangbin@...il.com>,
kernel test robot <lkp@...el.com>
Subject: [PATCH net] net: fix the address copy size to flow_keys
kernel test robot reported a warning when build bonding module:
from ../drivers/net/bonding/bond_main.c:35:
In function ‘fortify_memcpy_chk’,
inlined from ‘iph_to_flow_copy_v4addrs’ at ../include/net/ip.h:566:2,
inlined from ‘bond_flow_ip’ at ../drivers/net/bonding/bond_main.c:3984:3:
../include/linux/fortify-string.h:413:25: warning: call to ‘__read_overflow2_field’ declared with attribute warning: detected read beyond size of f
ield (2nd parameter); maybe use struct_group()? [-Wattribute-warning]
413 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘fortify_memcpy_chk’,
inlined from ‘iph_to_flow_copy_v6addrs’ at ../include/net/ipv6.h:900:2,
inlined from ‘bond_flow_ip’ at ../drivers/net/bonding/bond_main.c:3994:3:
../include/linux/fortify-string.h:413:25: warning: call to ‘__read_overflow2_field’ declared with attribute warning: detected read beyond size of f
ield (2nd parameter); maybe use struct_group()? [-Wattribute-warning]
413 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is because we try to memcpy the whole ip/ip6 address to the flow_key,
while we only point the to ip/ip6 saddr. It is efficient since we only need
to do copy once for both saddr and daddr. But to fix the build warning,
let's break the memcpy to 2 parts. This may affect bonding's performance
slightly, but shouldn't too much.
Reported-by: kernel test robot <lkp@...el.com>
Fixes: c3f8324188fa ("net: Add full IPv6 addresses to flow_keys")
Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
---
include/net/ip.h | 3 ++-
include/net/ipv6.h | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/net/ip.h b/include/net/ip.h
index 038097c2a152..8ab4cea47ceb 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -563,7 +563,8 @@ static inline void iph_to_flow_copy_v4addrs(struct flow_keys *flow,
BUILD_BUG_ON(offsetof(typeof(flow->addrs), v4addrs.dst) !=
offsetof(typeof(flow->addrs), v4addrs.src) +
sizeof(flow->addrs.v4addrs.src));
- memcpy(&flow->addrs.v4addrs, &iph->saddr, sizeof(flow->addrs.v4addrs));
+ memcpy(&flow->addrs.v4addrs.src, &iph->saddr, sizeof(flow->addrs.v4addrs.src));
+ memcpy(&flow->addrs.v4addrs.dst, &iph->daddr, sizeof(flow->addrs.v4addrs.dst));
flow->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
}
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 37943ba3a73c..f6ff7d30ca49 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -897,7 +897,8 @@ static inline void iph_to_flow_copy_v6addrs(struct flow_keys *flow,
BUILD_BUG_ON(offsetof(typeof(flow->addrs), v6addrs.dst) !=
offsetof(typeof(flow->addrs), v6addrs.src) +
sizeof(flow->addrs.v6addrs.src));
- memcpy(&flow->addrs.v6addrs, &iph->saddr, sizeof(flow->addrs.v6addrs));
+ memcpy(&flow->addrs.v6addrs.src, &iph->saddr, sizeof(flow->addrs.v6addrs.src));
+ memcpy(&flow->addrs.v6addrs.dst, &iph->daddr, sizeof(flow->addrs.v6addrs.dst));
flow->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
}
--
2.38.1
Powered by blists - more mailing lists