From: Kees Cook <keescook@chromium.org> To: linux-kernel@vger.kernel.org Cc: Kees Cook <keescook@chromium.org>, Rasmus Villemoes <linux@rasmusvillemoes.dk>, linux-kbuild@vger.kernel.org, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, linux-staging@lists.linux.dev, linux-wireless@vger.kernel.org, "Gustavo A. R. Silva" <gustavoars@kernel.org>, dri-devel@lists.freedesktop.org, linux-block@vger.kernel.org, clang-built-linux@googlegroups.com, iommu@lists.linux-foundation.org, linux-hardening@vger.kernel.org, netdev@vger.kernel.org, Andrew Morton <akpm@linux-foundation.org>, Will Deacon <will@kernel.org> Subject: [PATCH v2 13/63] iommu/amd: Use struct_group() for memcpy() region Date: Tue, 17 Aug 2021 23:04:43 -0700 [thread overview] Message-ID: <20210818060533.3569517-14-keescook@chromium.org> (raw) In-Reply-To: <20210818060533.3569517-1-keescook@chromium.org> In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally writing across neighboring fields. Use struct_group() in struct ivhd_entry around members ext and hidh, so they can be referenced together. This will allow memcpy() and sizeof() to more easily reason about sizes, improve readability, and avoid future warnings about writing beyond the end of ext. "pahole" shows no size nor member offset changes to struct ivhd_entry. "objdump -d" shows no object code changes. Cc: Joerg Roedel <joro@8bytes.org> Cc: Will Deacon <will@kernel.org> Cc: iommu@lists.linux-foundation.org Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/iommu/amd/init.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index bdcf167b4afe..70506d6175e9 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -121,8 +121,10 @@ struct ivhd_entry { u8 type; u16 devid; u8 flags; - u32 ext; - u32 hidh; + struct_group(ext_hid, + u32 ext; + u32 hidh; + ); u64 cid; u8 uidf; u8 uidl; @@ -1377,7 +1379,8 @@ static int __init init_iommu_from_acpi(struct amd_iommu *iommu, break; } - memcpy(hid, (u8 *)(&e->ext), ACPIHID_HID_LEN - 1); + BUILD_BUG_ON(sizeof(e->ext_hid) != ACPIHID_HID_LEN - 1); + memcpy(hid, &e->ext_hid, ACPIHID_HID_LEN - 1); hid[ACPIHID_HID_LEN - 1] = '\0'; if (!(*hid)) { -- 2.30.2 _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org> To: linux-kernel@vger.kernel.org Cc: Kees Cook <keescook@chromium.org>, Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>, iommu@lists.linux-foundation.org, "Gustavo A. R. Silva" <gustavoars@kernel.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Andrew Morton <akpm@linux-foundation.org>, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-staging@lists.linux.dev, linux-block@vger.kernel.org, linux-kbuild@vger.kernel.org, clang-built-linux@googlegroups.com, Rasmus Villemoes <linux@rasmusvillemoes.dk>, linux-hardening@vger.kernel.org Subject: [PATCH v2 13/63] iommu/amd: Use struct_group() for memcpy() region Date: Tue, 17 Aug 2021 23:04:43 -0700 [thread overview] Message-ID: <20210818060533.3569517-14-keescook@chromium.org> (raw) In-Reply-To: <20210818060533.3569517-1-keescook@chromium.org> In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally writing across neighboring fields. Use struct_group() in struct ivhd_entry around members ext and hidh, so they can be referenced together. This will allow memcpy() and sizeof() to more easily reason about sizes, improve readability, and avoid future warnings about writing beyond the end of ext. "pahole" shows no size nor member offset changes to struct ivhd_entry. "objdump -d" shows no object code changes. Cc: Joerg Roedel <joro@8bytes.org> Cc: Will Deacon <will@kernel.org> Cc: iommu@lists.linux-foundation.org Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/iommu/amd/init.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index bdcf167b4afe..70506d6175e9 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -121,8 +121,10 @@ struct ivhd_entry { u8 type; u16 devid; u8 flags; - u32 ext; - u32 hidh; + struct_group(ext_hid, + u32 ext; + u32 hidh; + ); u64 cid; u8 uidf; u8 uidl; @@ -1377,7 +1379,8 @@ static int __init init_iommu_from_acpi(struct amd_iommu *iommu, break; } - memcpy(hid, (u8 *)(&e->ext), ACPIHID_HID_LEN - 1); + BUILD_BUG_ON(sizeof(e->ext_hid) != ACPIHID_HID_LEN - 1); + memcpy(hid, &e->ext_hid, ACPIHID_HID_LEN - 1); hid[ACPIHID_HID_LEN - 1] = '\0'; if (!(*hid)) { -- 2.30.2
next prev parent reply other threads:[~2021-08-18 6:06 UTC|newest] Thread overview: 158+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-08-18 6:04 [PATCH v2 00/63] Introduce strict memcpy() bounds checking Kees Cook 2021-08-18 6:04 ` [PATCH v2 01/63] ipw2x00: Avoid field-overflowing memcpy() Kees Cook 2021-08-18 6:04 ` [PATCH v2 02/63] net/mlx5e: " Kees Cook 2021-08-18 6:04 ` [PATCH v2 03/63] rpmsg: glink: Replace strncpy() with strscpy_pad() Kees Cook 2021-08-18 6:04 ` [PATCH v2 04/63] pcmcia: ray_cs: Split memcpy() to avoid bounds check warning Kees Cook 2021-08-18 6:04 ` [PATCH v2 05/63] stddef: Introduce struct_group() helper macro Kees Cook 2021-08-18 22:35 ` Dan Williams 2021-08-18 22:35 ` Dan Williams 2021-08-18 22:35 ` Dan Williams 2021-08-18 6:04 ` [PATCH v2 06/63] cxl/core: Replace unions with struct_group() Kees Cook 2021-08-18 22:36 ` Dan Williams 2021-08-18 22:36 ` Dan Williams 2021-08-18 22:36 ` Dan Williams 2021-08-18 6:04 ` [PATCH v2 07/63] skbuff: Switch structure bounds to struct_group() Kees Cook 2021-09-01 13:46 ` Jason A. Donenfeld 2021-09-01 13:46 ` Jason A. Donenfeld 2021-09-01 13:46 ` Jason A. Donenfeld 2021-08-18 6:04 ` [PATCH v2 08/63] bnxt_en: Use struct_group_attr() for memcpy() region Kees Cook 2021-08-18 6:04 ` [PATCH v2 09/63] mwl8k: Use struct_group() " Kees Cook 2021-08-18 6:04 ` [PATCH v2 10/63] libertas: " Kees Cook 2021-08-18 6:04 ` [PATCH v2 11/63] libertas_tf: " Kees Cook 2021-08-18 6:04 ` [PATCH v2 12/63] thermal: intel: int340x_thermal: " Kees Cook 2021-11-23 13:19 ` Rafael J. Wysocki 2021-11-23 13:19 ` Rafael J. Wysocki 2021-11-23 23:53 ` Srinivas Pandruvada 2021-11-23 23:53 ` Srinivas Pandruvada 2021-11-24 13:33 ` Rafael J. Wysocki 2021-11-24 13:33 ` Rafael J. Wysocki 2021-08-18 6:04 ` Kees Cook [this message] 2021-08-18 6:04 ` [PATCH v2 13/63] iommu/amd: " Kees Cook 2021-08-18 11:34 ` Joerg Roedel 2021-08-18 11:34 ` Joerg Roedel 2021-08-18 6:04 ` [PATCH v2 14/63] cxgb3: " Kees Cook 2021-08-18 6:04 ` [PATCH v2 15/63] intersil: " Kees Cook 2021-08-18 6:04 ` [PATCH v2 16/63] cxgb4: " Kees Cook 2021-08-18 6:04 ` [PATCH v2 17/63] bnx2x: " Kees Cook 2021-08-18 6:04 ` [PATCH v2 18/63] drm/amd/pm: " Kees Cook 2021-08-18 11:42 ` Lazar, Lijo 2021-08-18 23:59 ` Kees Cook 2021-08-19 5:03 ` Lazar, Lijo 2021-08-19 19:58 ` Kees Cook 2021-08-18 6:04 ` [PATCH v2 19/63] staging: wlan-ng: " Kees Cook 2021-08-18 6:04 ` [PATCH v2 20/63] drm/mga/mga_ioc32: " Kees Cook 2021-08-18 6:04 ` [PATCH v2 21/63] net/mlx5e: " Kees Cook 2021-08-18 6:04 ` [PATCH v2 22/63] HID: cp2112: " Kees Cook 2021-08-20 13:01 ` Jiri Kosina 2021-08-20 13:01 ` Jiri Kosina 2021-08-20 15:19 ` Kees Cook 2021-08-20 15:48 ` Kees Cook 2021-08-18 6:04 ` [PATCH v2 23/63] media: omap3isp: " Kees Cook 2021-08-18 6:04 ` [PATCH v2 24/63] sata_fsl: " Kees Cook 2021-08-18 6:04 ` [PATCH v2 25/63] compiler_types.h: Remove __compiletime_object_size() Kees Cook 2021-08-18 13:02 ` Miguel Ojeda 2021-08-18 13:02 ` Miguel Ojeda 2021-08-18 6:04 ` [PATCH v2 26/63] lib/string: Move helper functions out of string.c Kees Cook 2021-08-18 9:35 ` Andy Shevchenko 2021-08-18 6:04 ` [PATCH v2 27/63] fortify: Move remaining fortify helpers into fortify-string.h Kees Cook 2021-08-18 19:05 ` Francis Laniel 2021-08-18 6:04 ` [PATCH v2 28/63] fortify: Explicitly disable Clang support Kees Cook 2021-08-18 6:04 ` [PATCH v2 29/63] fortify: Fix dropped strcpy() compile-time write overflow check Kees Cook 2021-08-18 6:05 ` [PATCH v2 30/63] fortify: Prepare to improve strnlen() and strlen() warnings Kees Cook 2021-08-18 6:05 ` [PATCH v2 31/63] fortify: Allow strlen() and strnlen() to pass compile-time known lengths Kees Cook 2021-08-18 6:05 ` [PATCH v2 32/63] fortify: Add compile-time FORTIFY_SOURCE tests Kees Cook 2021-08-18 6:05 ` [PATCH v2 33/63] lib: Introduce CONFIG_TEST_MEMCPY Kees Cook 2021-08-18 6:05 ` [PATCH v2 34/63] fortify: Detect struct member overflows in memcpy() at compile-time Kees Cook 2021-08-18 6:05 ` [PATCH v2 35/63] fortify: Detect struct member overflows in memmove() " Kees Cook 2021-08-18 6:05 ` [PATCH v2 36/63] scsi: ibmvscsi: Avoid multi-field memset() overflow by aiming at srp Kees Cook 2021-08-18 6:05 ` Kees Cook 2021-08-18 6:05 ` [PATCH v2 37/63] string.h: Introduce memset_after() for wiping trailing members/padding Kees Cook 2021-08-18 6:05 ` [PATCH v2 38/63] xfrm: Use memset_after() to clear padding Kees Cook 2021-08-18 6:05 ` [PATCH v2 39/63] ipv6: Use memset_after() to zero rt6_info Kees Cook 2021-08-18 6:05 ` [PATCH v2 40/63] netfilter: conntrack: Use memset_startat() to zero struct nf_conn Kees Cook 2021-08-18 6:05 ` [PATCH v2 41/63] net: 802: Use memset_startat() to clear struct fields Kees Cook 2021-08-18 6:05 ` [PATCH v2 42/63] net: dccp: Use memset_startat() for TP zeroing Kees Cook 2021-08-18 6:05 ` Kees Cook 2021-08-18 6:05 ` [PATCH v2 43/63] net: qede: Use memset_startat() for counters Kees Cook 2021-08-18 6:05 ` [PATCH v2 44/63] mac80211: Use memset_after() to clear tx status Kees Cook 2021-08-18 7:08 ` Johannes Berg 2021-08-18 7:08 ` Johannes Berg 2021-08-18 8:06 ` Johannes Berg 2021-08-18 8:06 ` Johannes Berg 2021-08-18 9:05 ` Kees Cook 2021-08-18 6:05 ` [PATCH v2 45/63] ath11k: Use memset_startat() for clearing queue descriptors Kees Cook 2021-08-18 6:05 ` Kees Cook 2021-08-19 13:19 ` Kalle Valo 2021-08-19 13:19 ` Kalle Valo 2021-08-19 13:19 ` Kalle Valo 2021-08-19 16:25 ` Kees Cook 2021-08-19 16:25 ` Kees Cook 2021-08-21 10:17 ` Kalle Valo 2021-08-21 10:17 ` Kalle Valo 2021-08-21 10:17 ` Kalle Valo 2021-08-22 8:11 ` Kees Cook 2021-08-22 8:11 ` Kees Cook 2021-08-18 6:05 ` [PATCH v2 46/63] iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl Kees Cook 2021-08-18 6:05 ` [PATCH v2 47/63] intel_th: msu: Use memset_startat() for clearing hw header Kees Cook 2021-08-24 7:38 ` Alexander Shishkin 2021-08-18 6:05 ` [PATCH v2 48/63] IB/mthca: Use memset_startat() for clearing mpt_entry Kees Cook 2021-08-18 6:05 ` [PATCH v2 49/63] btrfs: Use memset_startat() to clear end of struct Kees Cook 2021-08-18 6:35 ` Nikolay Borisov 2021-08-18 9:28 ` David Sterba 2021-08-18 6:05 ` [PATCH v2 50/63] tracing: Use memset_startat() to zero struct trace_iterator Kees Cook 2021-08-18 13:33 ` Steven Rostedt 2021-08-18 16:21 ` Kees Cook 2021-08-18 6:05 ` [PATCH v2 51/63] drbd: Use struct_group() to zero algs Kees Cook 2021-08-18 6:05 ` [PATCH v2 52/63] cm4000_cs: Use struct_group() to zero struct cm4000_dev region Kees Cook 2021-08-18 6:05 ` [PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache Kees Cook 2021-08-18 15:11 ` Sean Christopherson 2021-08-18 16:23 ` Kees Cook 2021-08-18 22:53 ` Sean Christopherson 2021-08-18 23:06 ` Kees Cook 2021-08-18 6:05 ` [PATCH v2 54/63] dm integrity: Use struct_group() to zero struct journal_sector Kees Cook 2021-08-18 6:05 ` [dm-devel] " Kees Cook 2021-08-18 6:05 ` [PATCH v2 55/63] HID: roccat: Use struct_group() to zero kone_mouse_event Kees Cook 2021-08-20 13:02 ` Jiri Kosina 2021-08-20 13:02 ` Jiri Kosina 2021-08-20 15:19 ` Kees Cook 2021-08-20 15:27 ` Jiri Kosina 2021-08-20 15:27 ` Jiri Kosina 2021-08-20 15:49 ` Kees Cook 2021-08-20 15:49 ` Kees Cook 2021-08-20 15:57 ` Kees Cook 2021-08-20 15:57 ` Kees Cook 2021-08-20 16:11 ` Jiri Kosina 2021-08-20 16:11 ` Jiri Kosina 2021-08-18 6:05 ` [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr Kees Cook 2021-08-19 12:27 ` Jason Gunthorpe 2021-08-19 16:19 ` Kees Cook 2021-08-19 16:47 ` Jason Gunthorpe 2021-08-19 18:14 ` Kees Cook 2021-08-20 12:34 ` Jason Gunthorpe 2021-08-20 15:56 ` Kees Cook 2021-08-18 6:05 ` [PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs Kees Cook 2021-08-18 6:05 ` Kees Cook 2021-08-20 7:49 ` Michael Ellerman 2021-08-20 7:49 ` Michael Ellerman 2021-08-20 7:53 ` Christophe Leroy 2021-08-20 7:53 ` Christophe Leroy 2021-08-20 7:53 ` Christophe Leroy 2021-08-20 12:13 ` Michael Ellerman 2021-08-20 12:13 ` Michael Ellerman 2021-08-20 15:55 ` Kees Cook 2021-08-20 15:55 ` Kees Cook 2021-08-23 4:55 ` Michael Ellerman 2021-08-23 4:55 ` Michael Ellerman 2021-08-18 6:05 ` [PATCH v2 58/63] ethtool: stats: Use struct_group() to clear all stats at once Kees Cook 2021-08-18 6:05 ` [PATCH v2 59/63] can: flexcan: Use struct_group() to zero struct flexcan_regs regions Kees Cook 2021-08-18 6:26 ` Marc Kleine-Budde 2021-08-18 6:05 ` [PATCH v2 60/63] net/af_iucv: Use struct_group() to zero struct iucv_sock region Kees Cook 2021-09-09 6:14 ` Karsten Graul 2021-08-18 6:05 ` [PATCH v2 61/63] powerpc: Split memset() to avoid multi-field overflow Kees Cook 2021-08-18 6:05 ` Kees Cook 2021-08-18 6:42 ` Christophe Leroy 2021-08-18 6:42 ` Christophe Leroy 2021-08-18 22:30 ` Kees Cook 2021-08-18 22:30 ` Kees Cook 2021-08-18 6:05 ` [PATCH v2 62/63] fortify: Detect struct member overflows in memset() at compile-time Kees Cook 2021-08-18 6:05 ` [PATCH v2 63/63] fortify: Work around Clang inlining bugs Kees Cook
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210818060533.3569517-14-keescook@chromium.org \ --to=keescook@chromium.org \ --cc=akpm@linux-foundation.org \ --cc=clang-built-linux@googlegroups.com \ --cc=dri-devel@lists.freedesktop.org \ --cc=gregkh@linuxfoundation.org \ --cc=gustavoars@kernel.org \ --cc=iommu@lists.linux-foundation.org \ --cc=linux-block@vger.kernel.org \ --cc=linux-hardening@vger.kernel.org \ --cc=linux-kbuild@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-staging@lists.linux.dev \ --cc=linux-wireless@vger.kernel.org \ --cc=linux@rasmusvillemoes.dk \ --cc=netdev@vger.kernel.org \ --cc=will@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.