Message ID | 20210818060533.3569517-62-keescook@chromium.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Introduce strict memcpy() bounds checking | expand |
Le 18/08/2021 à 08:05, Kees Cook a écrit : > In preparation for FORTIFY_SOURCE performing compile-time and run-time > field bounds checking for memset(), avoid intentionally writing across > neighboring fields. > > Instead of writing across a field boundary with memset(), move the call > to just the array, and an explicit zeroing of the prior field. > > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> > Cc: Qinglang Miao <miaoqinglang@huawei.com> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: Hulk Robot <hulkci@huawei.com> > Cc: Wang Wensheng <wangwensheng4@huawei.com> > Cc: linuxppc-dev@lists.ozlabs.org > Signed-off-by: Kees Cook <keescook@chromium.org> > Reviewed-by: Michael Ellerman <mpe@ellerman.id.au> > Link: https://lore.kernel.org/lkml/87czqsnmw9.fsf@mpe.ellerman.id.au > --- > drivers/macintosh/smu.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/macintosh/smu.c b/drivers/macintosh/smu.c > index 94fb63a7b357..59ce431da7ef 100644 > --- a/drivers/macintosh/smu.c > +++ b/drivers/macintosh/smu.c > @@ -848,7 +848,8 @@ int smu_queue_i2c(struct smu_i2c_cmd *cmd) > cmd->read = cmd->info.devaddr & 0x01; > switch(cmd->info.type) { > case SMU_I2C_TRANSFER_SIMPLE: > - memset(&cmd->info.sublen, 0, 4); > + cmd->info.sublen = 0; > + memset(&cmd->info.subaddr, 0, 3); subaddr[] is a table, should the & be avoided ? And while at it, why not use sizeof(subaddr) instead of 3 ? > break; > case SMU_I2C_TRANSFER_COMBINED: > cmd->info.devaddr &= 0xfe; >
On Wed, Aug 18, 2021 at 08:42:18AM +0200, Christophe Leroy wrote: > > > Le 18/08/2021 à 08:05, Kees Cook a écrit : > > In preparation for FORTIFY_SOURCE performing compile-time and run-time > > field bounds checking for memset(), avoid intentionally writing across > > neighboring fields. > > > > Instead of writing across a field boundary with memset(), move the call > > to just the array, and an explicit zeroing of the prior field. > > > > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> > > Cc: Qinglang Miao <miaoqinglang@huawei.com> > > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > > Cc: Hulk Robot <hulkci@huawei.com> > > Cc: Wang Wensheng <wangwensheng4@huawei.com> > > Cc: linuxppc-dev@lists.ozlabs.org > > Signed-off-by: Kees Cook <keescook@chromium.org> > > Reviewed-by: Michael Ellerman <mpe@ellerman.id.au> > > Link: https://lore.kernel.org/lkml/87czqsnmw9.fsf@mpe.ellerman.id.au > > --- > > drivers/macintosh/smu.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/macintosh/smu.c b/drivers/macintosh/smu.c > > index 94fb63a7b357..59ce431da7ef 100644 > > --- a/drivers/macintosh/smu.c > > +++ b/drivers/macintosh/smu.c > > @@ -848,7 +848,8 @@ int smu_queue_i2c(struct smu_i2c_cmd *cmd) > > cmd->read = cmd->info.devaddr & 0x01; > > switch(cmd->info.type) { > > case SMU_I2C_TRANSFER_SIMPLE: > > - memset(&cmd->info.sublen, 0, 4); > > + cmd->info.sublen = 0; > > + memset(&cmd->info.subaddr, 0, 3); > > subaddr[] is a table, should the & be avoided ? It results in the same thing, but it's better form to not have the &; I will fix this. > And while at it, why not use sizeof(subaddr) instead of 3 ? Agreed. :) Thanks!
diff --git a/drivers/macintosh/smu.c b/drivers/macintosh/smu.c index 94fb63a7b357..59ce431da7ef 100644 --- a/drivers/macintosh/smu.c +++ b/drivers/macintosh/smu.c @@ -848,7 +848,8 @@ int smu_queue_i2c(struct smu_i2c_cmd *cmd) cmd->read = cmd->info.devaddr & 0x01; switch(cmd->info.type) { case SMU_I2C_TRANSFER_SIMPLE: - memset(&cmd->info.sublen, 0, 4); + cmd->info.sublen = 0; + memset(&cmd->info.subaddr, 0, 3); break; case SMU_I2C_TRANSFER_COMBINED: cmd->info.devaddr &= 0xfe;