From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>,
kernel test robot <lkp@intel.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.9 18/48] ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
Date: Thu, 9 Sep 2021 07:59:45 -0400 [thread overview]
Message-ID: <20210909120015.150411-18-sashal@kernel.org> (raw)
In-Reply-To: <20210909120015.150411-1-sashal@kernel.org>
From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
[ Upstream commit 6321c7acb82872ef6576c520b0e178eaad3a25c0 ]
Fix the following out-of-bounds warning:
In function 'ip_copy_addrs',
inlined from '__ip_queue_xmit' at net/ipv4/ip_output.c:517:2:
net/ipv4/ip_output.c:449:2: warning: 'memcpy' offset [40, 43] from the object at 'fl' is out of the bounds of referenced subobject 'saddr' with type 'unsigned int' at offset 36 [-Warray-bounds]
449 | memcpy(&iph->saddr, &fl4->saddr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
450 | sizeof(fl4->saddr) + sizeof(fl4->daddr));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The problem is that the original code is trying to copy data into a
couple of struct members adjacent to each other in a single call to
memcpy(). This causes a legitimate compiler warning because memcpy()
overruns the length of &iph->saddr and &fl4->saddr. As these are just
a couple of struct members, fix this by using direct assignments,
instead of memcpy().
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/lkml/d5ae2e65-1f18-2577-246f-bada7eee6ccd@intel.com/
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/ip_output.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 3164bae4024a..589fd0904e0d 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -393,8 +393,9 @@ static void ip_copy_addrs(struct iphdr *iph, const struct flowi4 *fl4)
{
BUILD_BUG_ON(offsetof(typeof(*fl4), daddr) !=
offsetof(typeof(*fl4), saddr) + sizeof(fl4->saddr));
- memcpy(&iph->saddr, &fl4->saddr,
- sizeof(fl4->saddr) + sizeof(fl4->daddr));
+
+ iph->saddr = fl4->saddr;
+ iph->daddr = fl4->daddr;
}
/* Note: skb->sk can be different from sk, in case of tunnels */
--
2.30.2
next prev parent reply other threads:[~2021-09-09 13:25 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-09 11:59 [PATCH AUTOSEL 4.9 01/48] crypto: mxs-dcp - Use sg_mapping_iter to copy data Sasha Levin
2021-09-09 11:59 ` Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 02/48] PCI: Use pci_update_current_state() in pci_enable_device_flags() Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 03/48] iio: dac: ad5624r: Fix incorrect handling of an optional regulator Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 04/48] video: fbdev: kyro: fix a DoS bug by restricting user input Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 05/48] netlink: Deal with ESRCH error in nlmsg_notify() Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 06/48] Smack: Fix wrong semantics in smk_access_entry() Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 07/48] usb: host: fotg210: fix the endpoint's transactional opportunities calculation Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 08/48] usb: host: fotg210: fix the actual_length of an iso packet Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 09/48] usb: gadget: u_ether: fix a potential null pointer dereference Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 10/48] usb: gadget: composite: Allow bMaxPower=0 if self-powered Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 11/48] staging: board: Fix uninitialized spinlock when attaching genpd Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 12/48] tty: serial: jsm: hold port lock when reporting modem line changes Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 13/48] bpf/tests: Fix copy-and-paste error in double word test Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 14/48] bpf/tests: Do not PASS tests without actually testing the result Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 15/48] video: fbdev: asiliantfb: Error out if 'pixclock' equals zero Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 16/48] video: fbdev: kyro: " Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 17/48] video: fbdev: riva: " Sasha Levin
2021-09-09 11:59 ` Sasha Levin [this message]
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 19/48] flow_dissector: Fix out-of-bounds warnings Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 20/48] s390/jump_label: print real address in a case of a jump label bug Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 21/48] serial: 8250: Define RX trigger levels for OxSemi 950 devices Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 22/48] xtensa: ISS: don't panic in rs_init Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 23/48] hvsi: don't panic on tty_register_driver failure Sasha Levin
2021-09-09 11:59 ` Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 24/48] serial: 8250_pci: make setup_port() parameters explicitly unsigned Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 25/48] staging: ks7010: Fix the initialization of the 'sleep_status' structure Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 26/48] ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 27/48] Bluetooth: skip invalid hci_sync_conn_complete_evt Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 28/48] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output Sasha Levin
2021-09-09 11:59 ` Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 29/48] bpf: Fix off-by-one in tail call count limiting Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 30/48] net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() Sasha Levin
2021-09-09 11:59 ` Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 31/48] Bluetooth: avoid circular locks in sco_sock_connect Sasha Levin
2021-09-09 11:59 ` [PATCH AUTOSEL 4.9 32/48] gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 33/48] ARM: tegra: tamonten: Fix UART pad setting Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 34/48] ACPICA: iASL: Fix for WPBT table with no command-line arguments Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 35/48] rpc: fix gss_svc_init cleanup on failure Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 36/48] gfs2: Don't call dlm after protocol is unmounted Sasha Levin
2021-09-09 12:00 ` [Cluster-devel] " Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 37/48] btrfs: subpage: check if there are compressed extents inside one page Sasha Levin
2021-09-09 13:01 ` David Sterba
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 38/48] btrfs: subpage: fix race between prepare_pages() and btrfs_releasepage() Sasha Levin
2021-09-09 13:01 ` David Sterba
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 39/48] ASoC: intel: atom: Revert PCM buffer address setup workaround again Sasha Levin
2021-09-09 12:07 ` Takashi Iwai
2021-09-09 12:07 ` Takashi Iwai
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 40/48] mmc: rtsx_pci: Fix long reads when clock is prescaled Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 41/48] cifs: fix wrong release in sess_alloc_buffer() failed path Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 42/48] Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 43/48] usbip: give back URBs for unsent unlink requests during cleanup Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 44/48] parport: remove non-zero check on count Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 45/48] ath9k: fix OOB read ar9300_eeprom_restore_internal Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 46/48] ath9k: fix sleeping in atomic context Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 47/48] net: fix NULL pointer reference in cipso_v4_doi_free Sasha Levin
2021-09-09 12:00 ` [PATCH AUTOSEL 4.9 48/48] net: w5100: check return value after calling platform_get_resource() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210909120015.150411-18-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=gustavoars@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.