linux-hardening.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array
@ 2022-09-24  4:08 Kees Cook
  2022-09-24  4:28 ` Gustavo A. R. Silva
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Kees Cook @ 2022-09-24  4:08 UTC (permalink / raw)
  To: Krzysztof Kozlowski
  Cc: Kees Cook, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, netdev, Gustavo A. R. Silva, linux-kernel,
	linux-hardening

To work around a misbehavior of the compiler's ability to see into
composite flexible array structs (as detailed in the coming memcpy()
hardening series[1]), split the memcpy() of the header and the payload
so no false positive run-time overflow warning will be generated. This
split already existed for the "firstfrag" case, so just generalize the
logic further.

[1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@chromium.org/

Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: netdev@vger.kernel.org
Reported-by: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 net/nfc/hci/hcp.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/net/nfc/hci/hcp.c b/net/nfc/hci/hcp.c
index 05c60988f59a..4902f5064098 100644
--- a/net/nfc/hci/hcp.c
+++ b/net/nfc/hci/hcp.c
@@ -73,14 +73,12 @@ int nfc_hci_hcp_message_tx(struct nfc_hci_dev *hdev, u8 pipe,
 		if (firstfrag) {
 			firstfrag = false;
 			packet->message.header = HCP_HEADER(type, instruction);
-			if (ptr) {
-				memcpy(packet->message.data, ptr,
-				       data_link_len - 1);
-				ptr += data_link_len - 1;
-			}
 		} else {
-			memcpy(&packet->message, ptr, data_link_len);
-			ptr += data_link_len;
+			packet->message.header = *ptr++;
+		}
+		if (ptr) {
+			memcpy(packet->message.data, ptr, data_link_len - 1);
+			ptr += data_link_len - 1;
 		}
 
 		/* This is the last fragment, set the cb bit */
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array
  2022-09-24  4:08 [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array Kees Cook
@ 2022-09-24  4:28 ` Gustavo A. R. Silva
  2022-09-24  9:28 ` Krzysztof Kozlowski
  2022-09-27 14:50 ` patchwork-bot+netdevbpf
  2 siblings, 0 replies; 4+ messages in thread
From: Gustavo A. R. Silva @ 2022-09-24  4:28 UTC (permalink / raw)
  To: Kees Cook
  Cc: Krzysztof Kozlowski, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, netdev, linux-kernel,
	linux-hardening

On Fri, Sep 23, 2022 at 09:08:35PM -0700, Kees Cook wrote:
> To work around a misbehavior of the compiler's ability to see into
> composite flexible array structs (as detailed in the coming memcpy()
> hardening series[1]), split the memcpy() of the header and the payload
> so no false positive run-time overflow warning will be generated. This
> split already existed for the "firstfrag" case, so just generalize the
> logic further.
> 
> [1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@chromium.org/
> 
> Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: netdev@vger.kernel.org
> Reported-by: "Gustavo A. R. Silva" <gustavoars@kernel.org>
> Signed-off-by: Kees Cook <keescook@chromium.org>

Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Thanks!
--
Gustavo

> ---
>  net/nfc/hci/hcp.c | 12 +++++-------
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/net/nfc/hci/hcp.c b/net/nfc/hci/hcp.c
> index 05c60988f59a..4902f5064098 100644
> --- a/net/nfc/hci/hcp.c
> +++ b/net/nfc/hci/hcp.c
> @@ -73,14 +73,12 @@ int nfc_hci_hcp_message_tx(struct nfc_hci_dev *hdev, u8 pipe,
>  		if (firstfrag) {
>  			firstfrag = false;
>  			packet->message.header = HCP_HEADER(type, instruction);
> -			if (ptr) {
> -				memcpy(packet->message.data, ptr,
> -				       data_link_len - 1);
> -				ptr += data_link_len - 1;
> -			}
>  		} else {
> -			memcpy(&packet->message, ptr, data_link_len);
> -			ptr += data_link_len;
> +			packet->message.header = *ptr++;
> +		}
> +		if (ptr) {
> +			memcpy(packet->message.data, ptr, data_link_len - 1);
> +			ptr += data_link_len - 1;
>  		}
>  
>  		/* This is the last fragment, set the cb bit */
> -- 
> 2.34.1
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array
  2022-09-24  4:08 [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array Kees Cook
  2022-09-24  4:28 ` Gustavo A. R. Silva
@ 2022-09-24  9:28 ` Krzysztof Kozlowski
  2022-09-27 14:50 ` patchwork-bot+netdevbpf
  2 siblings, 0 replies; 4+ messages in thread
From: Krzysztof Kozlowski @ 2022-09-24  9:28 UTC (permalink / raw)
  To: Kees Cook
  Cc: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	netdev, Gustavo A. R. Silva, linux-kernel, linux-hardening

On 24/09/2022 06:08, Kees Cook wrote:
> To work around a misbehavior of the compiler's ability to see into
> composite flexible array structs (as detailed in the coming memcpy()
> hardening series[1]), split the memcpy() of the header and the payload
> so no false positive run-time overflow warning will be generated. This
> split already existed for the "firstfrag" case, so just generalize the
> logic further.
> 
> [1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@chromium.org/
> 

Looks correct:

Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>

Best regards,
Krzysztof


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array
  2022-09-24  4:08 [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array Kees Cook
  2022-09-24  4:28 ` Gustavo A. R. Silva
  2022-09-24  9:28 ` Krzysztof Kozlowski
@ 2022-09-27 14:50 ` patchwork-bot+netdevbpf
  2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2022-09-27 14:50 UTC (permalink / raw)
  To: Kees Cook
  Cc: krzysztof.kozlowski, davem, edumazet, kuba, pabeni, netdev,
	gustavoars, linux-kernel, linux-hardening

Hello:

This patch was applied to netdev/net-next.git (master)
by Jakub Kicinski <kuba@kernel.org>:

On Fri, 23 Sep 2022 21:08:35 -0700 you wrote:
> To work around a misbehavior of the compiler's ability to see into
> composite flexible array structs (as detailed in the coming memcpy()
> hardening series[1]), split the memcpy() of the header and the payload
> so no false positive run-time overflow warning will be generated. This
> split already existed for the "firstfrag" case, so just generalize the
> logic further.
> 
> [...]

Here is the summary with links:
  - NFC: hci: Split memcpy() of struct hcp_message flexible array
    https://git.kernel.org/netdev/net-next/c/de4feb4e3d61

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-09-27 14:51 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-24  4:08 [PATCH] NFC: hci: Split memcpy() of struct hcp_message flexible array Kees Cook
2022-09-24  4:28 ` Gustavo A. R. Silva
2022-09-24  9:28 ` Krzysztof Kozlowski
2022-09-27 14:50 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).