* [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array
@ 2022-09-24 4:08 Kees Cook
2022-09-24 4:28 ` Gustavo A. R. Silva
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Kees Cook @ 2022-09-24 4:08 UTC (permalink / raw)
To: Krzysztof Kozlowski
Cc: Kees Cook, David S. Miller, Eric Dumazet, Jakub Kicinski,
Paolo Abeni, netdev, Gustavo A. R. Silva, linux-kernel,
linux-hardening
To work around a misbehavior of the compiler's ability to see into
composite flexible array structs (as detailed in the coming memcpy()
hardening series[1]), split the memcpy() of the header and the payload
so no false positive run-time overflow warning will be generated. This
split already existed for the "firstfrag" case, so just generalize the
logic further.
[1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@chromium.org/
Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: netdev@vger.kernel.org
Reported-by: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
net/nfc/hci/hcp.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/net/nfc/hci/hcp.c b/net/nfc/hci/hcp.c
index 05c60988f59a..4902f5064098 100644
--- a/net/nfc/hci/hcp.c
+++ b/net/nfc/hci/hcp.c
@@ -73,14 +73,12 @@ int nfc_hci_hcp_message_tx(struct nfc_hci_dev *hdev, u8 pipe,
if (firstfrag) {
firstfrag = false;
packet->message.header = HCP_HEADER(type, instruction);
- if (ptr) {
- memcpy(packet->message.data, ptr,
- data_link_len - 1);
- ptr += data_link_len - 1;
- }
} else {
- memcpy(&packet->message, ptr, data_link_len);
- ptr += data_link_len;
+ packet->message.header = *ptr++;
+ }
+ if (ptr) {
+ memcpy(packet->message.data, ptr, data_link_len - 1);
+ ptr += data_link_len - 1;
}
/* This is the last fragment, set the cb bit */
--
2.34.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array
2022-09-24 4:08 [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array Kees Cook
@ 2022-09-24 4:28 ` Gustavo A. R. Silva
2022-09-24 9:28 ` Krzysztof Kozlowski
2022-09-27 14:50 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Gustavo A. R. Silva @ 2022-09-24 4:28 UTC (permalink / raw)
To: Kees Cook
Cc: Krzysztof Kozlowski, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, netdev, linux-kernel,
linux-hardening
On Fri, Sep 23, 2022 at 09:08:35PM -0700, Kees Cook wrote:
> To work around a misbehavior of the compiler's ability to see into
> composite flexible array structs (as detailed in the coming memcpy()
> hardening series[1]), split the memcpy() of the header and the payload
> so no false positive run-time overflow warning will be generated. This
> split already existed for the "firstfrag" case, so just generalize the
> logic further.
>
> [1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@chromium.org/
>
> Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: netdev@vger.kernel.org
> Reported-by: "Gustavo A. R. Silva" <gustavoars@kernel.org>
> Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Thanks!
--
Gustavo
> ---
> net/nfc/hci/hcp.c | 12 +++++-------
> 1 file changed, 5 insertions(+), 7 deletions(-)
>
> diff --git a/net/nfc/hci/hcp.c b/net/nfc/hci/hcp.c
> index 05c60988f59a..4902f5064098 100644
> --- a/net/nfc/hci/hcp.c
> +++ b/net/nfc/hci/hcp.c
> @@ -73,14 +73,12 @@ int nfc_hci_hcp_message_tx(struct nfc_hci_dev *hdev, u8 pipe,
> if (firstfrag) {
> firstfrag = false;
> packet->message.header = HCP_HEADER(type, instruction);
> - if (ptr) {
> - memcpy(packet->message.data, ptr,
> - data_link_len - 1);
> - ptr += data_link_len - 1;
> - }
> } else {
> - memcpy(&packet->message, ptr, data_link_len);
> - ptr += data_link_len;
> + packet->message.header = *ptr++;
> + }
> + if (ptr) {
> + memcpy(packet->message.data, ptr, data_link_len - 1);
> + ptr += data_link_len - 1;
> }
>
> /* This is the last fragment, set the cb bit */
> --
> 2.34.1
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array
2022-09-24 4:08 [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array Kees Cook
2022-09-24 4:28 ` Gustavo A. R. Silva
@ 2022-09-24 9:28 ` Krzysztof Kozlowski
2022-09-27 14:50 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Krzysztof Kozlowski @ 2022-09-24 9:28 UTC (permalink / raw)
To: Kees Cook
Cc: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
netdev, Gustavo A. R. Silva, linux-kernel, linux-hardening
On 24/09/2022 06:08, Kees Cook wrote:
> To work around a misbehavior of the compiler's ability to see into
> composite flexible array structs (as detailed in the coming memcpy()
> hardening series[1]), split the memcpy() of the header and the payload
> so no false positive run-time overflow warning will be generated. This
> split already existed for the "firstfrag" case, so just generalize the
> logic further.
>
> [1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@chromium.org/
>
Looks correct:
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array
2022-09-24 4:08 [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array Kees Cook
2022-09-24 4:28 ` Gustavo A. R. Silva
2022-09-24 9:28 ` Krzysztof Kozlowski
@ 2022-09-27 14:50 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2022-09-27 14:50 UTC (permalink / raw)
To: Kees Cook
Cc: krzysztof.kozlowski, davem, edumazet, kuba, pabeni, netdev,
gustavoars, linux-kernel, linux-hardening
Hello:
This patch was applied to netdev/net-next.git (master)
by Jakub Kicinski <kuba@kernel.org>:
On Fri, 23 Sep 2022 21:08:35 -0700 you wrote:
> To work around a misbehavior of the compiler's ability to see into
> composite flexible array structs (as detailed in the coming memcpy()
> hardening series[1]), split the memcpy() of the header and the payload
> so no false positive run-time overflow warning will be generated. This
> split already existed for the "firstfrag" case, so just generalize the
> logic further.
>
> [...]
Here is the summary with links:
- NFC: hci: Split memcpy() of struct hcp_message flexible array
https://git.kernel.org/netdev/net-next/c/de4feb4e3d61
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-09-27 14:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-24 4:08 [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array Kees Cook
2022-09-24 4:28 ` Gustavo A. R. Silva
2022-09-24 9:28 ` Krzysztof Kozlowski
2022-09-27 14:50 ` patchwork-bot+netdevbpf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.