linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] s390/dasd: Avoid field over-reading memcpy()
@ 2021-06-16 20:19 Kees Cook
  2021-06-29 14:24 ` Heiko Carstens
  2021-06-29 15:51 ` Stefan Haberland
  0 siblings, 2 replies; 3+ messages in thread
From: Kees Cook @ 2021-06-16 20:19 UTC (permalink / raw)
  To: Heiko Carstens
  Cc: Kees Cook, Stefan Haberland, Jan Hoeppner, Vasily Gorbik,
	Christian Borntraeger, linux-kernel, linux-s390, linux-hardening

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field array bounds checking for memcpy(), memmove(), and memset(),
avoid intentionally reading across neighboring array fields.

Add a wrapping structure to serve as the memcpy() source, so the compiler
can do appropriate bounds checking, avoiding this future warning:

In function '__fortify_memcpy',
    inlined from 'create_uid' at drivers/s390/block/dasd_eckd.c:749:2:
./include/linux/fortify-string.h:246:4: error: call to '__read_overflow2_field' declared with attribute error: detected read beyond size of field (2nd parameter)

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/s390/block/dasd_eckd.c | 2 +-
 drivers/s390/block/dasd_eckd.h | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c
index a6ac505cbdd7..0de1a463c509 100644
--- a/drivers/s390/block/dasd_eckd.c
+++ b/drivers/s390/block/dasd_eckd.c
@@ -746,7 +746,7 @@ static void create_uid(struct dasd_eckd_private *private)
 	memcpy(uid->vendor, private->ned->HDA_manufacturer,
 	       sizeof(uid->vendor) - 1);
 	EBCASC(uid->vendor, sizeof(uid->vendor) - 1);
-	memcpy(uid->serial, private->ned->HDA_location,
+	memcpy(uid->serial, &private->ned->serial,
 	       sizeof(uid->serial) - 1);
 	EBCASC(uid->serial, sizeof(uid->serial) - 1);
 	uid->ssid = private->gneq->subsystemID;
diff --git a/drivers/s390/block/dasd_eckd.h b/drivers/s390/block/dasd_eckd.h
index 73651211789f..65e4630ad2ae 100644
--- a/drivers/s390/block/dasd_eckd.h
+++ b/drivers/s390/block/dasd_eckd.h
@@ -332,8 +332,10 @@ struct dasd_ned {
 	__u8 dev_type[6];
 	__u8 dev_model[3];
 	__u8 HDA_manufacturer[3];
-	__u8 HDA_location[2];
-	__u8 HDA_seqno[12];
+	struct {
+		__u8 HDA_location[2];
+		__u8 HDA_seqno[12];
+	} serial;
 	__u8 ID;
 	__u8 unit_addr;
 } __attribute__ ((packed));
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] s390/dasd: Avoid field over-reading memcpy()
  2021-06-16 20:19 [PATCH] s390/dasd: Avoid field over-reading memcpy() Kees Cook
@ 2021-06-29 14:24 ` Heiko Carstens
  2021-06-29 15:51 ` Stefan Haberland
  1 sibling, 0 replies; 3+ messages in thread
From: Heiko Carstens @ 2021-06-29 14:24 UTC (permalink / raw)
  To: Kees Cook
  Cc: Stefan Haberland, Jan Hoeppner, Vasily Gorbik,
	Christian Borntraeger, linux-kernel, linux-s390, linux-hardening

On Wed, Jun 16, 2021 at 01:19:17PM -0700, Kees Cook wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field array bounds checking for memcpy(), memmove(), and memset(),
> avoid intentionally reading across neighboring array fields.
> 
> Add a wrapping structure to serve as the memcpy() source, so the compiler
> can do appropriate bounds checking, avoiding this future warning:
> 
> In function '__fortify_memcpy',
>     inlined from 'create_uid' at drivers/s390/block/dasd_eckd.c:749:2:
> ./include/linux/fortify-string.h:246:4: error: call to '__read_overflow2_field' declared with attribute error: detected read beyond size of field (2nd parameter)
> 
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  drivers/s390/block/dasd_eckd.c | 2 +-
>  drivers/s390/block/dasd_eckd.h | 6 ++++--
>  2 files changed, 5 insertions(+), 3 deletions(-)

I'll leave it up to Stefan Haberland and Jan Hoeppner to handle this one.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] s390/dasd: Avoid field over-reading memcpy()
  2021-06-16 20:19 [PATCH] s390/dasd: Avoid field over-reading memcpy() Kees Cook
  2021-06-29 14:24 ` Heiko Carstens
@ 2021-06-29 15:51 ` Stefan Haberland
  1 sibling, 0 replies; 3+ messages in thread
From: Stefan Haberland @ 2021-06-29 15:51 UTC (permalink / raw)
  To: Kees Cook, Heiko Carstens
  Cc: Jan Hoeppner, Vasily Gorbik, Christian Borntraeger, linux-kernel,
	linux-s390, linux-hardening

Am 16.06.21 um 22:19 schrieb Kees Cook:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field array bounds checking for memcpy(), memmove(), and memset(),
> avoid intentionally reading across neighboring array fields.
>
> Add a wrapping structure to serve as the memcpy() source, so the compiler
> can do appropriate bounds checking, avoiding this future warning:
>
> In function '__fortify_memcpy',
>     inlined from 'create_uid' at drivers/s390/block/dasd_eckd.c:749:2:
> ./include/linux/fortify-string.h:246:4: error: call to '__read_overflow2_field' declared with attribute error: detected read beyond size of field (2nd parameter)
>
> Signed-off-by: Kees Cook <keescook@chromium.org

Thanks,

applied.



^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-06-29 15:51 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-16 20:19 [PATCH] s390/dasd: Avoid field over-reading memcpy() Kees Cook
2021-06-29 14:24 ` Heiko Carstens
2021-06-29 15:51 ` Stefan Haberland

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).