From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>,
kernel test robot <lkp@intel.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 23/74] flow_dissector: Fix out-of-bounds warnings
Date: Thu, 9 Sep 2021 07:56:35 -0400 [thread overview]
Message-ID: <20210909115726.149004-23-sashal@kernel.org> (raw)
In-Reply-To: <20210909115726.149004-1-sashal@kernel.org>
From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
[ Upstream commit 323e0cb473e2a8706ff162b6b4f4fa16023c9ba7 ]
Fix the following out-of-bounds warnings:
net/core/flow_dissector.c: In function '__skb_flow_dissect':
>> net/core/flow_dissector.c:1104:4: warning: 'memcpy' offset [24, 39] from the object at '<unknown>' is out of the bounds of referenced subobject 'saddr' with type 'struct in6_addr' at offset 8 [-Warray-bounds]
1104 | memcpy(&key_addrs->v6addrs, &iph->saddr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1105 | sizeof(key_addrs->v6addrs));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/ipv6.h:5,
from net/core/flow_dissector.c:6:
include/uapi/linux/ipv6.h:133:18: note: subobject 'saddr' declared here
133 | struct in6_addr saddr;
| ^~~~~
>> net/core/flow_dissector.c:1059:4: warning: 'memcpy' offset [16, 19] from the object at '<unknown>' is out of the bounds of referenced subobject 'saddr' with type 'unsigned int' at offset 12 [-Warray-bounds]
1059 | memcpy(&key_addrs->v4addrs, &iph->saddr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1060 | sizeof(key_addrs->v4addrs));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/ip.h:17,
from net/core/flow_dissector.c:5:
include/uapi/linux/ip.h:103:9: note: subobject 'saddr' declared here
103 | __be32 saddr;
| ^~~~~
The problem is that the original code is trying to copy data into a
couple of struct members adjacent to each other in a single call to
memcpy(). So, the compiler legitimately complains about it. As these
are just a couple of members, fix this by copying each one of them in
separate calls to memcpy().
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/lkml/d5ae2e65-1f18-2577-246f-bada7eee6ccd@intel.com/
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/flow_dissector.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 994dd1520f07..949694c70cbc 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -694,8 +694,10 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
FLOW_DISSECTOR_KEY_IPV4_ADDRS,
target_container);
- memcpy(&key_addrs->v4addrs, &iph->saddr,
- sizeof(key_addrs->v4addrs));
+ memcpy(&key_addrs->v4addrs.src, &iph->saddr,
+ sizeof(key_addrs->v4addrs.src));
+ memcpy(&key_addrs->v4addrs.dst, &iph->daddr,
+ sizeof(key_addrs->v4addrs.dst));
key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
}
@@ -744,8 +746,10 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
FLOW_DISSECTOR_KEY_IPV6_ADDRS,
target_container);
- memcpy(&key_addrs->v6addrs, &iph->saddr,
- sizeof(key_addrs->v6addrs));
+ memcpy(&key_addrs->v6addrs.src, &iph->saddr,
+ sizeof(key_addrs->v6addrs.src));
+ memcpy(&key_addrs->v6addrs.dst, &iph->daddr,
+ sizeof(key_addrs->v6addrs.dst));
key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
}
--
2.30.2
next prev parent reply other threads:[~2021-09-09 13:07 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-09 11:56 [PATCH AUTOSEL 4.19 01/74] media: dib8000: rewrite the init prbs logic Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 02/74] crypto: mxs-dcp - Use sg_mapping_iter to copy data Sasha Levin
2021-09-09 11:56 ` Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 03/74] PCI: Use pci_update_current_state() in pci_enable_device_flags() Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 04/74] tipc: keep the skb in rcv queue until the whole data is read Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 05/74] iio: dac: ad5624r: Fix incorrect handling of an optional regulator Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 06/74] ARM: dts: qcom: apq8064: correct clock names Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 07/74] video: fbdev: kyro: fix a DoS bug by restricting user input Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 08/74] netlink: Deal with ESRCH error in nlmsg_notify() Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 09/74] Smack: Fix wrong semantics in smk_access_entry() Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 10/74] usb: host: fotg210: fix the endpoint's transactional opportunities calculation Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 11/74] usb: host: fotg210: fix the actual_length of an iso packet Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 12/74] usb: gadget: u_ether: fix a potential null pointer dereference Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 13/74] usb: gadget: composite: Allow bMaxPower=0 if self-powered Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 14/74] staging: board: Fix uninitialized spinlock when attaching genpd Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 15/74] tty: serial: jsm: hold port lock when reporting modem line changes Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 16/74] drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 17/74] bpf/tests: Fix copy-and-paste error in double word test Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 18/74] bpf/tests: Do not PASS tests without actually testing the result Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 19/74] video: fbdev: asiliantfb: Error out if 'pixclock' equals zero Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 20/74] video: fbdev: kyro: " Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 21/74] video: fbdev: riva: " Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 22/74] ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() Sasha Levin
2021-09-09 11:56 ` Sasha Levin [this message]
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 24/74] s390/jump_label: print real address in a case of a jump label bug Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 25/74] serial: 8250: Define RX trigger levels for OxSemi 950 devices Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 26/74] xtensa: ISS: don't panic in rs_init Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 27/74] hvsi: don't panic on tty_register_driver failure Sasha Levin
2021-09-09 11:56 ` Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 28/74] serial: 8250_pci: make setup_port() parameters explicitly unsigned Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 29/74] staging: ks7010: Fix the initialization of the 'sleep_status' structure Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 30/74] samples: bpf: Fix tracex7 error raised on the missing argument Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 31/74] ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 32/74] Bluetooth: skip invalid hci_sync_conn_complete_evt Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 33/74] bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 34/74] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output Sasha Levin
2021-09-09 11:56 ` Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 35/74] bpf: Fix off-by-one in tail call count limiting Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 36/74] media: imx258: Rectify mismatch of VTS value Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 37/74] media: imx258: Limit the max analogue gain to 480 Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 38/74] media: v4l2-dv-timings.c: fix wrong condition in two for-loops Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 39/74] media: TDA1997x: fix tda1997x_query_dv_timings() return value Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 40/74] media: tegra-cec: Handle errors of clk_prepare_enable() Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 41/74] ARM: dts: imx53-ppd: Fix ACHC entry Sasha Levin
2021-09-09 11:56 ` Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 42/74] arm64: dts: qcom: sdm660: use reg value for memory node Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 43/74] net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() Sasha Levin
2021-09-09 11:56 ` Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 44/74] Bluetooth: schedule SCO timeouts with delayed_work Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 45/74] Bluetooth: avoid circular locks in sco_sock_connect Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 46/74] gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() Sasha Levin
2021-09-09 11:56 ` [PATCH AUTOSEL 4.19 47/74] ARM: tegra: tamonten: Fix UART pad setting Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 48/74] ACPICA: iASL: Fix for WPBT table with no command-line arguments Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 49/74] Bluetooth: Fix handling of LE Enhanced Connection Complete Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 50/74] serial: sh-sci: fix break handling for sysrq Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 51/74] tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 52/74] rpc: fix gss_svc_init cleanup on failure Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 53/74] staging: rts5208: Fix get_ms_information() heap buffer size Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 54/74] gfs2: Don't call dlm after protocol is unmounted Sasha Levin
2021-09-09 11:57 ` [Cluster-devel] " Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 55/74] btrfs: subpage: check if there are compressed extents inside one page Sasha Levin
2021-09-09 13:01 ` David Sterba
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 56/74] btrfs: subpage: fix race between prepare_pages() and btrfs_releasepage() Sasha Levin
2021-09-09 13:01 ` David Sterba
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 57/74] ASoC: intel: atom: Revert PCM buffer address setup workaround again Sasha Levin
2021-09-09 12:06 ` Takashi Iwai
2021-09-09 12:06 ` Takashi Iwai
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 58/74] of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 59/74] mmc: sdhci-of-arasan: Check return value of non-void funtions Sasha Levin
2021-09-09 11:57 ` Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 60/74] mmc: rtsx_pci: Fix long reads when clock is prescaled Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 61/74] selftests/bpf: Enlarge select() timeout for test_maps Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 62/74] mmc: core: Return correct emmc response in case of ioctl error Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 63/74] cifs: fix wrong release in sess_alloc_buffer() failed path Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 64/74] Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 65/74] usb: musb: musb_dsps: request_irq() after initializing musb Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 66/74] usbip: give back URBs for unsent unlink requests during cleanup Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 67/74] usbip:vhci_hcd USB port can get stuck in the disabled state Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 68/74] ASoC: rockchip: i2s: Fix regmap_ops hang Sasha Levin
2021-09-09 11:57 ` Sasha Levin
2021-09-09 11:57 ` Sasha Levin
2021-09-09 11:57 ` Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 69/74] ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B Sasha Levin
2021-09-09 11:57 ` Sasha Levin
2021-09-09 11:57 ` Sasha Levin
2021-09-09 11:57 ` Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 70/74] parport: remove non-zero check on count Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 71/74] ath9k: fix OOB read ar9300_eeprom_restore_internal Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 72/74] ath9k: fix sleeping in atomic context Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 73/74] net: fix NULL pointer reference in cipso_v4_doi_free Sasha Levin
2021-09-09 11:57 ` [PATCH AUTOSEL 4.19 74/74] net: w5100: check return value after calling platform_get_resource() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210909115726.149004-23-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=gustavoars@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.