From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EEB1C3D7C for ; Thu, 30 Jun 2022 13:55:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4130FC34115; Thu, 30 Jun 2022 13:55:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1656597355; bh=0Pztk4mzBqgFgfsq/p8hGIUhrVzLBaGck9BeRq7gqEM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=W6IC1Y9er6nY8OAIsJdxyjxEd6xUB1dB4a98jULLELviemI5b/cr1p/q2XZu1huWD 7KjyEM90BZYCglP64/Z4e9w8oAhshPUp3X3hhkZFp2IkfOsRk9hnAbwyF4ruRYRSjT Z9n89b7u+jGp9dnNW3C6ckvOCji6dfQVwgGc4sA0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Nick Desaulniers , Tom Rix , llvm@lists.linux.dev, Kees Cook , "Gustavo A. R. Silva" , Jakub Kicinski , Nathan Chancellor Subject: [PATCH 5.18 4/6] hinic: Replace memcpy() with direct assignment Date: Thu, 30 Jun 2022 15:47:30 +0200 Message-Id: <20220630133230.371942781@linuxfoundation.org> X-Mailer: git-send-email 2.37.0 In-Reply-To: <20220630133230.239507521@linuxfoundation.org> References: <20220630133230.239507521@linuxfoundation.org> User-Agent: quilt/0.66 Precedence: bulk X-Mailing-List: llvm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Kees Cook commit 1e70212e031528918066a631c9fdccda93a1ffaa upstream. Under CONFIG_FORTIFY_SOURCE=y and CONFIG_UBSAN_BOUNDS=y, Clang is bugged here for calculating the size of the destination buffer (0x10 instead of 0x14). This copy is a fixed size (sizeof(struct fw_section_info_st)), with the source and dest being struct fw_section_info_st, so the memcpy should be safe, assuming the index is within bounds, which is UBSAN_BOUNDS's responsibility to figure out. Avoid the whole thing and just do a direct assignment. This results in no change to the executable code. [This is a duplicate of commit 2c0ab32b73cf ("hinic: Replace memcpy() with direct assignment") which was applied to net-next.] Cc: Nick Desaulniers Cc: Tom Rix Cc: llvm@lists.linux.dev Link: https://github.com/ClangBuiltLinux/linux/issues/1592 Signed-off-by: Kees Cook Reviewed-by: Gustavo A. R. Silva Tested-by: Nathan Chancellor # build Link: https://lore.kernel.org/r/20220616052312.292861-1-keescook@chromium.org Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/huawei/hinic/hinic_devlink.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/drivers/net/ethernet/huawei/hinic/hinic_devlink.c +++ b/drivers/net/ethernet/huawei/hinic/hinic_devlink.c @@ -43,9 +43,7 @@ static bool check_image_valid(struct hin for (i = 0; i < fw_image->fw_info.fw_section_cnt; i++) { len += fw_image->fw_section_info[i].fw_section_len; - memcpy(&host_image->image_section_info[i], - &fw_image->fw_section_info[i], - sizeof(struct fw_section_info_st)); + host_image->image_section_info[i] = fw_image->fw_section_info[i]; } if (len != fw_image->fw_len ||