From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753182AbcD1RpX (ORCPT <rfc822;w@1wt.eu>);
	Thu, 28 Apr 2016 13:45:23 -0400
Received: from mail-wm0-f65.google.com ([74.125.82.65]:33178 "EHLO
	mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752194AbcD1RpW (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 28 Apr 2016 13:45:22 -0400
Date: Thu, 28 Apr 2016 19:45:15 +0200
From: Ingo Molnar <mingo@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
        Yinghai Lu <yinghai@kernel.org>, Baoquan He <bhe@redhat.com>,
        Borislav Petkov <bp@suse.de>, Ingo Molnar <mingo@redhat.com>,
        "x86@kernel.org" <x86@kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Andrey Ryabinin <aryabinin@virtuozzo.com>,
        Dmitry Vyukov <dvyukov@google.com>, "H.J. Lu" <hjl.tools@gmail.com>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andy Lutomirski <luto@kernel.org>, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2] x86/boot: Rename overlapping memcpy() to memmove()
Message-ID: <20160428174515.GA9206@gmail.com>
References: <20160426214606.GA5758@www.outflux.net>
 <20160428090427.GB5773@gmail.com>
 <CAGXu5jK68mnKmkc1X6zKd-Bkat8Wryb9ifHUQ5pVTKHP9CJLWQ@mail.gmail.com>
 <20160428093741.GA23251@gmail.com>
 <CAGXu5jJLEi2pkdMg6xfQiu-SHJuUaftTC+vShm5+ZyqV7GQZgw@mail.gmail.com>
 <20160428174731.042b7394@lxorguk.ukuu.org.uk>
 <CAGXu5jJb1KKDfYsZPPGrF-1UUf1sKkvzdt=i115bKKhOBp72Vw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAGXu5jJb1KKDfYsZPPGrF-1UUf1sKkvzdt=i115bKKhOBp72Vw@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


* Kees Cook <keescook@chromium.org> wrote:

> On Thu, Apr 28, 2016 at 9:47 AM, One Thousand Gnomes
> <gnomes@lxorguk.ukuu.org.uk> wrote:
> > O> For example, this is what I've got currently:
> >>
> >> /* Detect and warn about potential overlaps. */
> >> void *memcpy(void *dest, const void *src, size_t n)
> >> {
> >>         if (dest > src && dest - src < n)
> >>                 warn("Potentially unsafe overlapping memcpy detected!");
> >>         return __memcpy(dest, src, n);
> >> }
> >>
> >> Does that seem okay? If so, I'll send the patch...
> >
> > Probably useful for debug, but instead of relying on __memcpy
> > happening to handle overlaps - which isn't portable you could instead
> > debug all platforms by doing
> >
> >         if (...) {
> >                 warn(...)
> >                 memmove()
> >         } else
> >                 __memcpy
> >
> 
> Yeah, that's kind of where we started (but without the warning). I
> prefer this, since we don't run the risk of MAYBE breaking. We warn,
> but we remain safe.

Works for me!

Thanks,

	Ingo