* [PATCH] octeontx2-af: Avoid field-overflowing memcpy()
@ 2021-06-21 21:54 Kees Cook
2021-06-22 5:55 ` [EXT] " Subbaraya Sundeep Bhatta
2021-06-22 17:20 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 3+ messages in thread
From: Kees Cook @ 2021-06-21 21:54 UTC (permalink / raw)
To: David S . Miller
Cc: Kees Cook, Sunil Goutham, Linu Cherian, Geetha sowjanya,
Jerin Jacob, hariprasad, Subbaraya Sundeep, Jakub Kicinski,
linux-kernel, netdev, linux-hardening
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.
To avoid having memcpy() think a u64 "prof" is being written beyond,
adjust the prof member type by adding struct nix_bandprof_s to the union
to match the other structs. This silences the following future warning:
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:65,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/stat.h:19,
from ./include/linux/module.h:13,
from drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c:11:
In function '__fortify_memcpy_chk',
inlined from '__fortify_memcpy' at ./include/linux/fortify-string.h:310:2,
inlined from 'rvu_nix_blk_aq_enq_inst' at drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c:910:5:
./include/linux/fortify-string.h:268:4: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); please use struct_group() [-Wattribute-warning]
268 | __write_overflow_field();
| ^~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c:
...
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
memcpy(&rsp->prof, ctx,
sizeof(struct nix_bandprof_s));
...
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/mbox.h b/drivers/net/ethernet/marvell/octeontx2/af/mbox.h
index 7d7dfa8d8a3f..770d86262838 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/mbox.h
+++ b/drivers/net/ethernet/marvell/octeontx2/af/mbox.h
@@ -746,7 +746,7 @@ struct nix_aq_enq_rsp {
struct nix_cq_ctx_s cq;
struct nix_rsse_s rss;
struct nix_rx_mce_s mce;
- u64 prof;
+ struct nix_bandprof_s prof;
};
};
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [EXT] [PATCH] octeontx2-af: Avoid field-overflowing memcpy()
2021-06-21 21:54 [PATCH] octeontx2-af: Avoid field-overflowing memcpy() Kees Cook
@ 2021-06-22 5:55 ` Subbaraya Sundeep Bhatta
2021-06-22 17:20 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: Subbaraya Sundeep Bhatta @ 2021-06-22 5:55 UTC (permalink / raw)
To: Kees Cook, David S . Miller
Cc: Sunil Kovvuri Goutham, Linu Cherian, Geethasowjanya Akula,
Jerin Jacob Kollanukkaran, Hariprasad Kelam, Jakub Kicinski,
linux-kernel, netdev, linux-hardening
Tested-by: Subbaraya Sundeep<sbhatta@marvell.com>
Thanks,
Sundeep
________________________________________
From: Kees Cook <keescook@chromium.org>
Sent: Tuesday, June 22, 2021 3:24 AM
To: David S . Miller
Cc: Kees Cook; Sunil Kovvuri Goutham; Linu Cherian; Geethasowjanya Akula; Jerin Jacob Kollanukkaran; Hariprasad Kelam; Subbaraya Sundeep Bhatta; Jakub Kicinski; linux-kernel@vger.kernel.org; netdev@vger.kernel.org; linux-hardening@vger.kernel.org
Subject: [EXT] [PATCH] octeontx2-af: Avoid field-overflowing memcpy()
External Email
----------------------------------------------------------------------
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.
To avoid having memcpy() think a u64 "prof" is being written beyond,
adjust the prof member type by adding struct nix_bandprof_s to the union
to match the other structs. This silences the following future warning:
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:65,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/stat.h:19,
from ./include/linux/module.h:13,
from drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c:11:
In function '__fortify_memcpy_chk',
inlined from '__fortify_memcpy' at ./include/linux/fortify-string.h:310:2,
inlined from 'rvu_nix_blk_aq_enq_inst' at drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c:910:5:
./include/linux/fortify-string.h:268:4: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); please use struct_group() [-Wattribute-warning]
268 | __write_overflow_field();
| ^~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c:
...
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
memcpy(&rsp->prof, ctx,
sizeof(struct nix_bandprof_s));
...
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/mbox.h b/drivers/net/ethernet/marvell/octeontx2/af/mbox.h
index 7d7dfa8d8a3f..770d86262838 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/mbox.h
+++ b/drivers/net/ethernet/marvell/octeontx2/af/mbox.h
@@ -746,7 +746,7 @@ struct nix_aq_enq_rsp {
struct nix_cq_ctx_s cq;
struct nix_rsse_s rss;
struct nix_rx_mce_s mce;
- u64 prof;
+ struct nix_bandprof_s prof;
};
};
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] octeontx2-af: Avoid field-overflowing memcpy()
2021-06-21 21:54 [PATCH] octeontx2-af: Avoid field-overflowing memcpy() Kees Cook
2021-06-22 5:55 ` [EXT] " Subbaraya Sundeep Bhatta
@ 2021-06-22 17:20 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-06-22 17:20 UTC (permalink / raw)
To: Kees Cook
Cc: davem, sgoutham, lcherian, gakula, jerinj, hkelam, sbhatta, kuba,
linux-kernel, netdev, linux-hardening
Hello:
This patch was applied to netdev/net-next.git (refs/heads/master):
On Mon, 21 Jun 2021 14:54:19 -0700 you wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), memmove(), and memset(), avoid
> intentionally writing across neighboring fields.
>
> To avoid having memcpy() think a u64 "prof" is being written beyond,
> adjust the prof member type by adding struct nix_bandprof_s to the union
> to match the other structs. This silences the following future warning:
>
> [...]
Here is the summary with links:
- octeontx2-af: Avoid field-overflowing memcpy()
https://git.kernel.org/netdev/net-next/c/ee8e7622e09a
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-06-22 17:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-21 21:54 [PATCH] octeontx2-af: Avoid field-overflowing memcpy() Kees Cook
2021-06-22 5:55 ` [EXT] " Subbaraya Sundeep Bhatta
2021-06-22 17:20 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).