Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-06 05:06:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1a807e46aa
linux-stable/net/xfrm
History
Nathan Chancellor 1a807e46aa xfrm: Avoid clang fortify warning in copy_to_user_tmpl() 
After a couple recent changes in LLVM, there is a warning (or error with
CONFIG_WERROR=y or W=e) from the compile time fortify source routines,
specifically the memset() in copy_to_user_tmpl().

  In file included from net/xfrm/xfrm_user.c:14:
  ...
  include/linux/fortify-string.h:438:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
    438 |                         __write_overflow_field(p_size_field, size);
        |                         ^
  1 error generated.

While ->xfrm_nr has been validated against XFRM_MAX_DEPTH when its value
is first assigned in copy_templates() by calling validate_tmpl() first
(so there should not be any issue in practice), LLVM/clang cannot really
deduce that across the boundaries of these functions. Without that
knowledge, it cannot assume that the loop stops before i is greater than
XFRM_MAX_DEPTH, which would indeed result a stack buffer overflow in the
memset().

To make the bounds of ->xfrm_nr clear to the compiler and add additional
defense in case copy_to_user_tmpl() is ever used in a path where
->xfrm_nr has not been properly validated against XFRM_MAX_DEPTH first,
add an explicit bound check and early return, which clears up the
warning.

Cc: stable@vger.kernel.org
Link: https://github.com/ClangBuiltLinux/linux/issues/1985
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2024-02-26 11:59:40 +01:00
..
espintcp.c tcp_bpf, smc, tls, espintcp, siw: Reduce MSG_SENDPAGE_NOTLAST usage 2023-06-24 15:50:12 -07:00
Kconfig ipsec: Select CRYPTO_AEAD 2023-10-01 16:28:14 +08:00
Makefile bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc 2023-12-14 17:12:49 -08:00
xfrm_algo.c ipsec: Stop using crypto_has_alg 2023-09-20 13:15:29 +08:00
xfrm_compat.c net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure 2023-07-03 10:51:45 +02:00
xfrm_device.c xfrm: Pass UDP encapsulation in TX packet offload 2024-01-25 09:05:39 +01:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: add state hashtable keyed by seq 2021-05-14 13:52:01 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c xfrm: Use the XFRM_GRO to indicate a GRO call on input 2023-10-06 07:29:52 +02:00
xfrm_interface_bpf.c bpf: Add __bpf_kfunc_{start,end}_defs macros 2023-11-01 22:33:53 -07:00
xfrm_interface_core.c ipsec-next-2023-10-28 2023-10-30 14:36:57 -07:00
xfrm_ipcomp.c net: introduce and use skb_frag_fill_page_desc() 2023-05-13 19:47:56 +01:00
xfrm_output.c net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
xfrm_policy.c xfrm: Clear low order bits of ->flowi4_tos in decode_session4(). 2024-01-17 08:18:53 +01:00
xfrm_proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm_replay.c xfrm: replay: Fix ESN wrap around for GSO 2022-10-19 09:00:53 +02:00
xfrm_state_bpf.c bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc 2023-12-14 17:12:49 -08:00
xfrm_state.c xfrm: don't skip free of empty state in acquire policy 2023-08-01 12:04:43 +02:00
xfrm_sysctl.c networking: Update to register_net_sysctl_sz 2023-08-15 15:26:18 -07:00
xfrm_user.c xfrm: Avoid clang fortify warning in copy_to_user_tmpl() 2024-02-26 11:59:40 +01:00