* [PATCH] s390/dasd: Avoid field over-reading memcpy()
@ 2021-06-16 20:19 Kees Cook
2021-06-29 14:24 ` Heiko Carstens
2021-06-29 15:51 ` Stefan Haberland
0 siblings, 2 replies; 3+ messages in thread
From: Kees Cook @ 2021-06-16 20:19 UTC (permalink / raw)
To: Heiko Carstens
Cc: Kees Cook, Stefan Haberland, Jan Hoeppner, Vasily Gorbik,
Christian Borntraeger, linux-kernel, linux-s390, linux-hardening
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field array bounds checking for memcpy(), memmove(), and memset(),
avoid intentionally reading across neighboring array fields.
Add a wrapping structure to serve as the memcpy() source, so the compiler
can do appropriate bounds checking, avoiding this future warning:
In function '__fortify_memcpy',
inlined from 'create_uid' at drivers/s390/block/dasd_eckd.c:749:2:
./include/linux/fortify-string.h:246:4: error: call to '__read_overflow2_field' declared with attribute error: detected read beyond size of field (2nd parameter)
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/s390/block/dasd_eckd.c | 2 +-
drivers/s390/block/dasd_eckd.h | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c
index a6ac505cbdd7..0de1a463c509 100644
--- a/drivers/s390/block/dasd_eckd.c
+++ b/drivers/s390/block/dasd_eckd.c
@@ -746,7 +746,7 @@ static void create_uid(struct dasd_eckd_private *private)
memcpy(uid->vendor, private->ned->HDA_manufacturer,
sizeof(uid->vendor) - 1);
EBCASC(uid->vendor, sizeof(uid->vendor) - 1);
- memcpy(uid->serial, private->ned->HDA_location,
+ memcpy(uid->serial, &private->ned->serial,
sizeof(uid->serial) - 1);
EBCASC(uid->serial, sizeof(uid->serial) - 1);
uid->ssid = private->gneq->subsystemID;
diff --git a/drivers/s390/block/dasd_eckd.h b/drivers/s390/block/dasd_eckd.h
index 73651211789f..65e4630ad2ae 100644
--- a/drivers/s390/block/dasd_eckd.h
+++ b/drivers/s390/block/dasd_eckd.h
@@ -332,8 +332,10 @@ struct dasd_ned {
__u8 dev_type[6];
__u8 dev_model[3];
__u8 HDA_manufacturer[3];
- __u8 HDA_location[2];
- __u8 HDA_seqno[12];
+ struct {
+ __u8 HDA_location[2];
+ __u8 HDA_seqno[12];
+ } serial;
__u8 ID;
__u8 unit_addr;
} __attribute__ ((packed));
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] s390/dasd: Avoid field over-reading memcpy()
2021-06-16 20:19 [PATCH] s390/dasd: Avoid field over-reading memcpy() Kees Cook
@ 2021-06-29 14:24 ` Heiko Carstens
2021-06-29 15:51 ` Stefan Haberland
1 sibling, 0 replies; 3+ messages in thread
From: Heiko Carstens @ 2021-06-29 14:24 UTC (permalink / raw)
To: Kees Cook
Cc: Stefan Haberland, Jan Hoeppner, Vasily Gorbik,
Christian Borntraeger, linux-kernel, linux-s390, linux-hardening
On Wed, Jun 16, 2021 at 01:19:17PM -0700, Kees Cook wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field array bounds checking for memcpy(), memmove(), and memset(),
> avoid intentionally reading across neighboring array fields.
>
> Add a wrapping structure to serve as the memcpy() source, so the compiler
> can do appropriate bounds checking, avoiding this future warning:
>
> In function '__fortify_memcpy',
> inlined from 'create_uid' at drivers/s390/block/dasd_eckd.c:749:2:
> ./include/linux/fortify-string.h:246:4: error: call to '__read_overflow2_field' declared with attribute error: detected read beyond size of field (2nd parameter)
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> drivers/s390/block/dasd_eckd.c | 2 +-
> drivers/s390/block/dasd_eckd.h | 6 ++++--
> 2 files changed, 5 insertions(+), 3 deletions(-)
I'll leave it up to Stefan Haberland and Jan Hoeppner to handle this one.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] s390/dasd: Avoid field over-reading memcpy()
2021-06-16 20:19 [PATCH] s390/dasd: Avoid field over-reading memcpy() Kees Cook
2021-06-29 14:24 ` Heiko Carstens
@ 2021-06-29 15:51 ` Stefan Haberland
1 sibling, 0 replies; 3+ messages in thread
From: Stefan Haberland @ 2021-06-29 15:51 UTC (permalink / raw)
To: Kees Cook, Heiko Carstens
Cc: Jan Hoeppner, Vasily Gorbik, Christian Borntraeger, linux-kernel,
linux-s390, linux-hardening
Am 16.06.21 um 22:19 schrieb Kees Cook:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field array bounds checking for memcpy(), memmove(), and memset(),
> avoid intentionally reading across neighboring array fields.
>
> Add a wrapping structure to serve as the memcpy() source, so the compiler
> can do appropriate bounds checking, avoiding this future warning:
>
> In function '__fortify_memcpy',
> inlined from 'create_uid' at drivers/s390/block/dasd_eckd.c:749:2:
> ./include/linux/fortify-string.h:246:4: error: call to '__read_overflow2_field' declared with attribute error: detected read beyond size of field (2nd parameter)
>
> Signed-off-by: Kees Cook <keescook@chromium.org
Thanks,
applied.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-06-29 15:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-16 20:19 [PATCH] s390/dasd: Avoid field over-reading memcpy() Kees Cook
2021-06-29 14:24 ` Heiko Carstens
2021-06-29 15:51 ` Stefan Haberland
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).