All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] r8152: Avoid memcpy() over-reading of ETH_SS_STATS
@ 2021-06-16 19:53 Kees Cook
  2021-06-16 20:02 ` Andrew Lunn
  2021-06-16 20:10 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 5+ messages in thread
From: Kees Cook @ 2021-06-16 19:53 UTC (permalink / raw)
  To: netdev
  Cc: Kees Cook, David S. Miller, Jakub Kicinski, Hayes Wang,
	Lee Jones, EJ Hsu, linux-kernel, linux-usb, linux-hardening

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.

The memcpy() is copying the entire structure, not just the first array.
Adjust the source argument so the compiler can do appropriate bounds
checking.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/net/usb/r8152.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
index 85039e17f4cd..5f08720bf1c9 100644
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -8678,7 +8678,7 @@ static void rtl8152_get_strings(struct net_device *dev, u32 stringset, u8 *data)
 {
 	switch (stringset) {
 	case ETH_SS_STATS:
-		memcpy(data, *rtl8152_gstrings, sizeof(rtl8152_gstrings));
+		memcpy(data, rtl8152_gstrings, sizeof(rtl8152_gstrings));
 		break;
 	}
 }
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] r8152: Avoid memcpy() over-reading of ETH_SS_STATS
  2021-06-16 19:53 [PATCH] r8152: Avoid memcpy() over-reading of ETH_SS_STATS Kees Cook
@ 2021-06-16 20:02 ` Andrew Lunn
  2021-06-16 20:10   ` Andrew Lunn
  2021-06-16 20:10 ` patchwork-bot+netdevbpf
  1 sibling, 1 reply; 5+ messages in thread
From: Andrew Lunn @ 2021-06-16 20:02 UTC (permalink / raw)
  To: Kees Cook
  Cc: netdev, David S. Miller, Jakub Kicinski, Hayes Wang, Lee Jones,
	EJ Hsu, linux-kernel, linux-usb, linux-hardening

On Wed, Jun 16, 2021 at 12:53:03PM -0700, Kees Cook wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), memmove(), and memset(), avoid
> intentionally reading across neighboring array fields.
> 
> The memcpy() is copying the entire structure, not just the first array.
> Adjust the source argument so the compiler can do appropriate bounds
> checking.
> 
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  drivers/net/usb/r8152.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
> index 85039e17f4cd..5f08720bf1c9 100644
> --- a/drivers/net/usb/r8152.c
> +++ b/drivers/net/usb/r8152.c
> @@ -8678,7 +8678,7 @@ static void rtl8152_get_strings(struct net_device *dev, u32 stringset, u8 *data)
>  {
>  	switch (stringset) {
>  	case ETH_SS_STATS:
> -		memcpy(data, *rtl8152_gstrings, sizeof(rtl8152_gstrings));
> +		memcpy(data, rtl8152_gstrings, sizeof(rtl8152_gstrings));
>  		break;

Is this correct? The call is supposed to return all the statistic
strings, which would be the entire structure.

	  Andrew

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] r8152: Avoid memcpy() over-reading of ETH_SS_STATS
  2021-06-16 19:53 [PATCH] r8152: Avoid memcpy() over-reading of ETH_SS_STATS Kees Cook
  2021-06-16 20:02 ` Andrew Lunn
@ 2021-06-16 20:10 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 5+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-06-16 20:10 UTC (permalink / raw)
  To: Kees Cook
  Cc: netdev, davem, kuba, hayeswang, lee.jones, ejh, linux-kernel,
	linux-usb, linux-hardening

Hello:

This patch was applied to netdev/net.git (refs/heads/master):

On Wed, 16 Jun 2021 12:53:03 -0700 you wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), memmove(), and memset(), avoid
> intentionally reading across neighboring array fields.
> 
> The memcpy() is copying the entire structure, not just the first array.
> Adjust the source argument so the compiler can do appropriate bounds
> checking.
> 
> [...]

Here is the summary with links:
  - r8152: Avoid memcpy() over-reading of ETH_SS_STATS
    https://git.kernel.org/netdev/net/c/99718abdc00e

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] r8152: Avoid memcpy() over-reading of ETH_SS_STATS
  2021-06-16 20:02 ` Andrew Lunn
@ 2021-06-16 20:10   ` Andrew Lunn
  2021-06-17  3:20     ` Kees Cook
  0 siblings, 1 reply; 5+ messages in thread
From: Andrew Lunn @ 2021-06-16 20:10 UTC (permalink / raw)
  To: Kees Cook
  Cc: netdev, David S. Miller, Jakub Kicinski, Hayes Wang, Lee Jones,
	EJ Hsu, linux-kernel, linux-usb, linux-hardening

On Wed, Jun 16, 2021 at 10:02:43PM +0200, Andrew Lunn wrote:
> On Wed, Jun 16, 2021 at 12:53:03PM -0700, Kees Cook wrote:
> > In preparation for FORTIFY_SOURCE performing compile-time and run-time
> > field bounds checking for memcpy(), memmove(), and memset(), avoid
> > intentionally reading across neighboring array fields.
> > 
> > The memcpy() is copying the entire structure, not just the first array.
> > Adjust the source argument so the compiler can do appropriate bounds
> > checking.
> > 
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > ---
> >  drivers/net/usb/r8152.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
> > index 85039e17f4cd..5f08720bf1c9 100644
> > --- a/drivers/net/usb/r8152.c
> > +++ b/drivers/net/usb/r8152.c
> > @@ -8678,7 +8678,7 @@ static void rtl8152_get_strings(struct net_device *dev, u32 stringset, u8 *data)
> >  {
> >  	switch (stringset) {
> >  	case ETH_SS_STATS:
> > -		memcpy(data, *rtl8152_gstrings, sizeof(rtl8152_gstrings));
> > +		memcpy(data, rtl8152_gstrings, sizeof(rtl8152_gstrings));
> >  		break;
> 
> Is this correct? The call is supposed to return all the statistic
> strings, which would be the entire structure.

Ah! now i think i get it.

Although *rtl8152_gstrings == rtl8152_gstrings in terms of addresses,
the compiler sees that *rtl8152_gstrings is sizeof(ETH_GSTRING_LEN),
but we are copying sizeof(rtl8152_gstrings), so it will issue a
warning. So you remove the * to indicate we are interesting in the
whole structure of arrays.

      Andrew

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] r8152: Avoid memcpy() over-reading of ETH_SS_STATS
  2021-06-16 20:10   ` Andrew Lunn
@ 2021-06-17  3:20     ` Kees Cook
  0 siblings, 0 replies; 5+ messages in thread
From: Kees Cook @ 2021-06-17  3:20 UTC (permalink / raw)
  To: Andrew Lunn
  Cc: netdev, David S. Miller, Jakub Kicinski, Hayes Wang, Lee Jones,
	EJ Hsu, linux-kernel, linux-usb, linux-hardening

On Wed, Jun 16, 2021 at 10:10:40PM +0200, Andrew Lunn wrote:
> On Wed, Jun 16, 2021 at 10:02:43PM +0200, Andrew Lunn wrote:
> > On Wed, Jun 16, 2021 at 12:53:03PM -0700, Kees Cook wrote:
> > > In preparation for FORTIFY_SOURCE performing compile-time and run-time
> > > field bounds checking for memcpy(), memmove(), and memset(), avoid
> > > intentionally reading across neighboring array fields.
> > > 
> > > The memcpy() is copying the entire structure, not just the first array.
> > > Adjust the source argument so the compiler can do appropriate bounds
> > > checking.
> > > 
> > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > ---
> > >  drivers/net/usb/r8152.c | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
> > > index 85039e17f4cd..5f08720bf1c9 100644
> > > --- a/drivers/net/usb/r8152.c
> > > +++ b/drivers/net/usb/r8152.c
> > > @@ -8678,7 +8678,7 @@ static void rtl8152_get_strings(struct net_device *dev, u32 stringset, u8 *data)
> > >  {
> > >  	switch (stringset) {
> > >  	case ETH_SS_STATS:
> > > -		memcpy(data, *rtl8152_gstrings, sizeof(rtl8152_gstrings));
> > > +		memcpy(data, rtl8152_gstrings, sizeof(rtl8152_gstrings));
> > >  		break;
> > 
> > Is this correct? The call is supposed to return all the statistic
> > strings, which would be the entire structure.
> 
> Ah! now i think i get it.
> 
> Although *rtl8152_gstrings == rtl8152_gstrings in terms of addresses,
> the compiler sees that *rtl8152_gstrings is sizeof(ETH_GSTRING_LEN),
> but we are copying sizeof(rtl8152_gstrings), so it will issue a
> warning. So you remove the * to indicate we are interesting in the
> whole structure of arrays.

Right! Sorry if that wasn't more clear. :)

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-06-17  3:21 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-16 19:53 [PATCH] r8152: Avoid memcpy() over-reading of ETH_SS_STATS Kees Cook
2021-06-16 20:02 ` Andrew Lunn
2021-06-16 20:10   ` Andrew Lunn
2021-06-17  3:20     ` Kees Cook
2021-06-16 20:10 ` patchwork-bot+netdevbpf

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.