[PATCH AUTOSEL 6.1 10/12] enic: Avoid false positive under FORTIFY

Linux Hardening
 help / color / mirror / Atom feed

* [PATCH AUTOSEL 6.1 10/12] enic: Avoid false positive under FORTIFY_SOURCE
       [not found] <20240229204039.2861519-1-sashal@kernel.org>
@ 2024-02-29 20:40 ` Sasha Levin
  2024-03-11 21:03   ` Pavel Machek
  0 siblings, 1 reply; 3+ messages in thread
From: Sasha Levin @ 2024-02-29 20:40 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Kees Cook, David S . Miller, Sasha Levin, benve, satishkh,
	edumazet, kuba, pabeni, netdev, linux-hardening

From: Kees Cook <keescook@chromium.org>

[ Upstream commit 40b9385dd8e6a0515e1c9cd06a277483556b7286 ]

FORTIFY_SOURCE has been ignoring 0-sized destinations while the kernel
code base has been converted to flexible arrays. In order to enforce
the 0-sized destinations (e.g. with __counted_by), the remaining 0-sized
destinations need to be handled. Unfortunately, struct vic_provinfo
resists full conversion, as it contains a flexible array of flexible
arrays, which is only possible with the 0-sized fake flexible array.

Use unsafe_memcpy() to avoid future false positives under
CONFIG_FORTIFY_SOURCE.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/cisco/enic/vnic_vic.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/cisco/enic/vnic_vic.c b/drivers/net/ethernet/cisco/enic/vnic_vic.c
index 20fcb20b42ede..66b5778353389 100644
--- a/drivers/net/ethernet/cisco/enic/vnic_vic.c
+++ b/drivers/net/ethernet/cisco/enic/vnic_vic.c
@@ -49,7 +49,8 @@ int vic_provinfo_add_tlv(struct vic_provinfo *vp, u16 type, u16 length,
 
 	tlv->type = htons(type);
 	tlv->length = htons(length);
-	memcpy(tlv->value, value, length);
+	unsafe_memcpy(tlv->value, value, length,
+		      /* Flexible array of flexible arrays */);
 
 	vp->num_tlvs = htonl(ntohl(vp->num_tlvs) + 1);
 	vp->length = htonl(ntohl(vp->length) +
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH AUTOSEL 6.1 10/12] enic: Avoid false positive under FORTIFY_SOURCE
  2024-02-29 20:40 ` [PATCH AUTOSEL 6.1 10/12] enic: Avoid false positive under FORTIFY_SOURCE Sasha Levin
@ 2024-03-11 21:03   ` Pavel Machek
  2024-03-18 12:50     ` Sasha Levin
  0 siblings, 1 reply; 3+ messages in thread
From: Pavel Machek @ 2024-03-11 21:03 UTC (permalink / raw)
  To: Sasha Levin
  Cc: linux-kernel, stable, Kees Cook, David S . Miller, benve,
	satishkh, edumazet, kuba, pabeni, netdev, linux-hardening

[-- Attachment #1: Type: text/plain, Size: 839 bytes --]

Hi!

> From: Kees Cook <keescook@chromium.org>
> 
> [ Upstream commit 40b9385dd8e6a0515e1c9cd06a277483556b7286 ]
> 
> FORTIFY_SOURCE has been ignoring 0-sized destinations while the kernel
> code base has been converted to flexible arrays. In order to enforce
> the 0-sized destinations (e.g. with __counted_by), the remaining 0-sized
> destinations need to be handled. Unfortunately, struct vic_provinfo
> resists full conversion, as it contains a flexible array of flexible
> arrays, which is only possible with the 0-sized fake flexible array.
> 
> Use unsafe_memcpy() to avoid future false positives under
> CONFIG_FORTIFY_SOURCE.

This prepares for future chagnes, but I don't believe we'll port them
to stable.

Best regards,
								Pavel
-- 
People of Russia, stop Putin before his war on Ukraine escalates.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH AUTOSEL 6.1 10/12] enic: Avoid false positive under FORTIFY_SOURCE
  2024-03-11 21:03   ` Pavel Machek
@ 2024-03-18 12:50     ` Sasha Levin
  0 siblings, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2024-03-18 12:50 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, stable, Kees Cook, David S . Miller, benve,
	satishkh, edumazet, kuba, pabeni, netdev, linux-hardening

On Mon, Mar 11, 2024 at 10:03:35PM +0100, Pavel Machek wrote:
>Hi!
>
>> From: Kees Cook <keescook@chromium.org>
>>
>> [ Upstream commit 40b9385dd8e6a0515e1c9cd06a277483556b7286 ]
>>
>> FORTIFY_SOURCE has been ignoring 0-sized destinations while the kernel
>> code base has been converted to flexible arrays. In order to enforce
>> the 0-sized destinations (e.g. with __counted_by), the remaining 0-sized
>> destinations need to be handled. Unfortunately, struct vic_provinfo
>> resists full conversion, as it contains a flexible array of flexible
>> arrays, which is only possible with the 0-sized fake flexible array.
>>
>> Use unsafe_memcpy() to avoid future false positives under
>> CONFIG_FORTIFY_SOURCE.
>
>This prepares for future chagnes, but I don't believe we'll port them
>to stable.

Dropped, thanks.

-- 
Thanks,
Sasha

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-03-18 12:50 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20240229204039.2861519-1-sashal@kernel.org>
2024-02-29 20:40 ` [PATCH AUTOSEL 6.1 10/12] enic: Avoid false positive under FORTIFY_SOURCE Sasha Levin
2024-03-11 21:03   ` Pavel Machek
2024-03-18 12:50     ` Sasha Levin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox