From patchwork Fri Aug 11 13:46:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 13350915 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D31B7C001B0 for ; Fri, 11 Aug 2023 13:47:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=jXoKMbiJvV4JGgfR03vKKGvuhEOcbWIG/pJIK+xRVZA=; b=wAQTL5y9077dQC YpoeZ7NuSbLDw9dDQbU15T3TR3xMV4z0gida8/9C4Wg6VM9641t0ib2/G7yaFt2PzhtDUj85YbpcK 599UCXifXb5oIg+Vg1mHoS2xyrfkp7zDa4JiMs+I916c1CXPGc5QrG9ImrLL5Z3eL0Ts1W8fLpkU+ YcefyWTU0V7/6fhPUpUhtauPjHpIWTJrLQhb9ITKAGWnN0buEAUN7YpYrdZDG7VvVGxF/1WAK8Ipv UkFV8xGDIh89+t73qCj+s76+mbC3jgEduaLcujY2W4HMuS34SMwuQvDmlkQBBVpid9x/lrn2lLFAo L0+33pYy4s2sl1aKTpsQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qUSTz-00Akg3-1t; Fri, 11 Aug 2023 13:47:15 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qUSTw-00AkfU-2s for linux-arm-kernel@lists.infradead.org; Fri, 11 Aug 2023 13:47:14 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 59C4B64E96; Fri, 11 Aug 2023 13:47:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8DA38C433C7; Fri, 11 Aug 2023 13:47:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691761631; bh=m+dHKeCOyfldrelbfFz9R7hBuqKctkP1BqoAT6/0PyY=; h=From:To:Cc:Subject:Date:From; b=nYa2mNHPKNfSnuFKw7NHYN4XlDi7Uqas9nWnWhLr/zgt2Pu3Y/16KP7UmQRI5NTxK 5kYddeJK7hdxuBwRThnoSxPwFMubH4JNotpfdWYFfNd5Bq1lMeNvhICFrPDwY5dTIn TFDljzE+TWGO4sb9yDQ/tSIjPkIt8ibFcDbQ3ydcQdquwUQgk6Sm9AERkAwiPGq11I mttZq7B93LgneVZUWHLKSxOuN4UsIzJc8INzqaDl1O9O/+mzg0+YM+NUuZPtp4z6b2 drNUXzgq1fBZb0zZ+J4nw3nPKcAZmX/debxlw+w/lTdPc/AIJWqGx7dq+XQmuHGUv4 DxjMBuomkFoOA== From: Arnd Bergmann To: Herbert Xu Subject: [PATCH] [v2] crypto: drivers - avoid memcpy size warning Date: Fri, 11 Aug 2023 15:46:33 +0200 Message-Id: <20230811134704.3252535-1-arnd@kernel.org> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230811_064713_011708_097EB414 X-CRM114-Status: GOOD ( 15.69 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alexandre Belloni , Ryan Wanner , Arnd Bergmann , Yangtao Li , linux-kernel@vger.kernel.org, Claudiu Beznea , Wang Ming , Sergiu Moga , Ayush Sawal , Gaosheng Cui , "David S. Miller" , linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: Arnd Bergmann Some configurations with gcc-12 or gcc-13 produce a warning for the source and destination of a memcpy() in atmel_sha_hmac_compute_ipad_hash() potentially overlapping: In file included from include/linux/string.h:254, from drivers/crypto/atmel-sha.c:15: drivers/crypto/atmel-sha.c: In function 'atmel_sha_hmac_compute_ipad_hash': include/linux/fortify-string.h:57:33: error: '__builtin_memcpy' accessing 129 or more bytes at offsets 408 and 280 overlaps 1 or more bytes at offset 408 [-Werror=restrict] 57 | #define __underlying_memcpy __builtin_memcpy | ^ include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' 648 | __underlying_##op(p, q, __fortify_size); \ | ^~~~~~~~~~~~~ include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ | ^~~~~~~~~~~~~~~~~~~~ drivers/crypto/atmel-sha.c:1773:9: note: in expansion of macro 'memcpy' 1773 | memcpy(hmac->opad, hmac->ipad, bs); | ^~~~~~ The same thing happens in two more drivers that have the same logic: drivers/crypto/chelsio/chcr_algo.c: In function 'chcr_ahash_setkey': include/linux/fortify-string.h:57:33: error: '__builtin_memcpy' accessing 129 or more bytes at offsets 260 and 132 overlaps 1 or more bytes at offset 260 [-Werror=restrict] drivers/crypto/bcm/cipher.c: In function 'ahash_hmac_setkey': include/linux/fortify-string.h:57:33: error: '__builtin_memcpy' accessing between 129 and 4294967295 bytes at offsets 840 and 712 overlaps between 1 and 4294967167 bytes at offset 840 [-Werror=restrict] I don't think it can actually happen because the size is strictly bounded to the available block sizes, at most 128 bytes, though inlining decisions could lead gcc to not see that. Use the unsafe_memcpy() helper instead of memcpy(), with the only difference being that this skips the hardening checks that produce the warning. Suggested-by: Herbert Xu Signed-off-by: Arnd Bergmann --- drivers/crypto/atmel-sha.c | 3 ++- drivers/crypto/bcm/cipher.c | 3 ++- drivers/crypto/chelsio/chcr_algo.c | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/atmel-sha.c b/drivers/crypto/atmel-sha.c index 54fec72dfba27..99a9ff8e743f2 100644 --- a/drivers/crypto/atmel-sha.c +++ b/drivers/crypto/atmel-sha.c @@ -1770,7 +1770,8 @@ static int atmel_sha_hmac_compute_ipad_hash(struct atmel_sha_dev *dd) size_t bs = ctx->block_size; size_t i, num_words = bs / sizeof(u32); - memcpy(hmac->opad, hmac->ipad, bs); + unsafe_memcpy(hmac->opad, hmac->ipad, bs, + "fortified memcpy causes -Wrestrict warning"); for (i = 0; i < num_words; ++i) { hmac->ipad[i] ^= 0x36363636; hmac->opad[i] ^= 0x5c5c5c5c; diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c index 70b911baab26d..4c46357e2570e 100644 --- a/drivers/crypto/bcm/cipher.c +++ b/drivers/crypto/bcm/cipher.c @@ -2397,7 +2397,8 @@ static int ahash_hmac_setkey(struct crypto_ahash *ahash, const u8 *key, memset(ctx->ipad + ctx->authkeylen, 0, blocksize - ctx->authkeylen); ctx->authkeylen = 0; - memcpy(ctx->opad, ctx->ipad, blocksize); + unsafe_memcpy(ctx->opad, ctx->ipad, blocksize, + "fortified memcpy causes -Wrestrict warning"); for (index = 0; index < blocksize; index++) { ctx->ipad[index] ^= HMAC_IPAD_VALUE; diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 0eade4fa6695b..16298ae4a00bf 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -2216,7 +2216,8 @@ static int chcr_ahash_setkey(struct crypto_ahash *tfm, const u8 *key, memcpy(hmacctx->ipad, key, keylen); } memset(hmacctx->ipad + keylen, 0, bs - keylen); - memcpy(hmacctx->opad, hmacctx->ipad, bs); + unsafe_memcpy(hmacctx->opad, hmacctx->ipad, bs, + "fortified memcpy causes -Wrestrict warning"); for (i = 0; i < bs / sizeof(int); i++) { *((unsigned int *)(&hmacctx->ipad) + i) ^= IPAD_DATA;