* [PATCH] net: phy: smsc: fix buffer overflow in memcpy
@ 2017-06-20 20:40 Arnd Bergmann
2017-06-20 21:46 ` Andrew Lunn
2017-06-22 15:12 ` David Miller
0 siblings, 2 replies; 3+ messages in thread
From: Arnd Bergmann @ 2017-06-20 20:40 UTC (permalink / raw)
To: Andrew Lunn, Florian Fainelli
Cc: Arnd Bergmann, David S. Miller, Timur Tabi, netdev, linux-kernel
The memcpy annotation triggers for a fixed-length buffer copy:
In file included from /git/arm-soc/arch/arm64/include/asm/processor.h:30:0,
from /git/arm-soc/arch/arm64/include/asm/spinlock.h:21,
from /git/arm-soc/include/linux/spinlock.h:87,
from /git/arm-soc/include/linux/seqlock.h:35,
from /git/arm-soc/include/linux/time.h:5,
from /git/arm-soc/include/linux/stat.h:21,
from /git/arm-soc/include/linux/module.h:10,
from /git/arm-soc/drivers/net/phy/smsc.c:20:
In function 'memcpy',
inlined from 'smsc_get_strings' at /git/arm-soc/drivers/net/phy/smsc.c:166:3:
/git/arm-soc/include/linux/string.h:309:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter
Using strncpy instead of memcpy should do the right thing here.
Fixes: 030a89028db0 ("net: phy: smsc: Implement PHY statistics")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
drivers/net/phy/smsc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/phy/smsc.c b/drivers/net/phy/smsc.c
index 1b8204be064c..2306bfae057f 100644
--- a/drivers/net/phy/smsc.c
+++ b/drivers/net/phy/smsc.c
@@ -163,7 +163,7 @@ static void smsc_get_strings(struct phy_device *phydev, u8 *data)
int i;
for (i = 0; i < ARRAY_SIZE(smsc_hw_stats); i++) {
- memcpy(data + i * ETH_GSTRING_LEN,
+ strncpy(data + i * ETH_GSTRING_LEN,
smsc_hw_stats[i].string, ETH_GSTRING_LEN);
}
}
--
2.9.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] net: phy: smsc: fix buffer overflow in memcpy
2017-06-20 20:40 [PATCH] net: phy: smsc: fix buffer overflow in memcpy Arnd Bergmann
@ 2017-06-20 21:46 ` Andrew Lunn
2017-06-22 15:12 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: Andrew Lunn @ 2017-06-20 21:46 UTC (permalink / raw)
To: Arnd Bergmann
Cc: Florian Fainelli, David S. Miller, Timur Tabi, netdev, linux-kernel
On Tue, Jun 20, 2017 at 10:40:46PM +0200, Arnd Bergmann wrote:
> The memcpy annotation triggers for a fixed-length buffer copy:
>
> In file included from /git/arm-soc/arch/arm64/include/asm/processor.h:30:0,
> from /git/arm-soc/arch/arm64/include/asm/spinlock.h:21,
> from /git/arm-soc/include/linux/spinlock.h:87,
> from /git/arm-soc/include/linux/seqlock.h:35,
> from /git/arm-soc/include/linux/time.h:5,
> from /git/arm-soc/include/linux/stat.h:21,
> from /git/arm-soc/include/linux/module.h:10,
> from /git/arm-soc/drivers/net/phy/smsc.c:20:
> In function 'memcpy',
> inlined from 'smsc_get_strings' at /git/arm-soc/drivers/net/phy/smsc.c:166:3:
> /git/arm-soc/include/linux/string.h:309:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter
>
> Using strncpy instead of memcpy should do the right thing here.
Hi Arnd
You will find this pattern in number of phy drivers:
bcm-phy-lib.c: memcpy(data + i * ETH_GSTRING_LEN,
marvell.c: memcpy(data + i * ETH_GSTRING_LEN,
micrel.c: memcpy(data + i * ETH_GSTRING_LEN,
smsc.c: memcpy(data + i * ETH_GSTRING_LEN,
They probably all need the same fix.
Andrew
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] net: phy: smsc: fix buffer overflow in memcpy
2017-06-20 20:40 [PATCH] net: phy: smsc: fix buffer overflow in memcpy Arnd Bergmann
2017-06-20 21:46 ` Andrew Lunn
@ 2017-06-22 15:12 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2017-06-22 15:12 UTC (permalink / raw)
To: arnd; +Cc: andrew, f.fainelli, timur, netdev, linux-kernel
From: Arnd Bergmann <arnd@arndb.de>
Date: Tue, 20 Jun 2017 22:40:46 +0200
> The memcpy annotation triggers for a fixed-length buffer copy:
>
> In file included from /git/arm-soc/arch/arm64/include/asm/processor.h:30:0,
> from /git/arm-soc/arch/arm64/include/asm/spinlock.h:21,
> from /git/arm-soc/include/linux/spinlock.h:87,
> from /git/arm-soc/include/linux/seqlock.h:35,
> from /git/arm-soc/include/linux/time.h:5,
> from /git/arm-soc/include/linux/stat.h:21,
> from /git/arm-soc/include/linux/module.h:10,
> from /git/arm-soc/drivers/net/phy/smsc.c:20:
> In function 'memcpy',
> inlined from 'smsc_get_strings' at /git/arm-soc/drivers/net/phy/smsc.c:166:3:
> /git/arm-soc/include/linux/string.h:309:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter
>
> Using strncpy instead of memcpy should do the right thing here.
>
> Fixes: 030a89028db0 ("net: phy: smsc: Implement PHY statistics")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
APplied to net-next, thanks Arnd.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-06-22 15:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-20 20:40 [PATCH] net: phy: smsc: fix buffer overflow in memcpy Arnd Bergmann
2017-06-20 21:46 ` Andrew Lunn
2017-06-22 15:12 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.