From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753130AbcD2G4F (ORCPT <rfc822;w@1wt.eu>);
	Fri, 29 Apr 2016 02:56:05 -0400
Received: from mail-wm0-f47.google.com ([74.125.82.47]:35020 "EHLO
	mail-wm0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752969AbcD2G4E (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 29 Apr 2016 02:56:04 -0400
MIME-Version: 1.0
In-Reply-To: <20160429064343.GB28320@gmail.com>
References: <20160429001822.GA15625@www.outflux.net>
	<20160429064343.GB28320@gmail.com>
Date: Thu, 28 Apr 2016 23:56:01 -0700
X-Google-Sender-Auth: MI5RNLwYtfWhcj_vZt_mYlRDpMw
Message-ID: <CAGXu5j+b3Qvh4mpG9yJZJ0OkqCqAWJXx9TnKDwqFoJ8x5=eLrw@mail.gmail.com>
Subject: Re: [PATCH v4] x86/boot: Warn on future overlapping memcpy() use
From: Kees Cook <keescook@chromium.org>
To: Ingo Molnar <mingo@kernel.org>, Lasse Collin <lasse.collin@tukaani.org>
Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
        "H. Peter Anvin" <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, "x86@kernel.org" <x86@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>, Yinghai Lu <yinghai@kernel.org>,
        Baoquan He <bhe@redhat.com>, Borislav Petkov <bp@suse.de>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Apr 28, 2016 at 11:43 PM, Ingo Molnar <mingo@kernel.org> wrote:
>
> * Kees Cook <keescook@chromium.org> wrote:
>
>> If an overlapping memcpy() is ever attempted, we should at least report
>> it, in case it might lead to problems, so it could be changed to a
>> memmove() call instead.
>>
>> Suggested-by: Ingo Molnar <mingo@kernel.org>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>> ---
>> v4:
>> - use __memcpy not memcpy since we've already done the check.
>> v3:
>> - call memmove in addition to doing the warning
>> v2:
>> - warn about overlapping region
>> ---
>>  arch/x86/boot/compressed/string.c | 16 +++++++++++++---
>>  1 file changed, 13 insertions(+), 3 deletions(-)
>
> Applied, thanks Kees!
>
> Btw., can we now also remove the memmove() hack from lib/decompress_unxz.c?

I'll let Lasse answer for sure, but I don't think so. The original commit says:

    The XZ decompressor needs memmove(), memeq() (memcmp() == 0), and
    memzero() (memset(ptr, 0, size)), which aren't available in all
    arch-specific pre-boot environments.  I'm including simple versions in
    decompress_unxz.c, but a cleaner solution would naturally be nicer.

-Kees


-- 
Kees Cook
Chrome OS & Brillo Security