diff options
author | Kees Cook <keescook@chromium.org> | 2024-03-05 00:29:31 +0300 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2024-03-06 05:35:12 +0300 |
commit | ff73f8344e58e7557819f92c88f289ffa6116be7 (patch) | |
tree | fbd4c36c8575882d60e06ea46aaf204c8b236ce5 /net/ethtool | |
parent | 4166204d7ec26aee3d1f26847e88e4e41841fbe3 (diff) | |
download | linux-ff73f8344e58e7557819f92c88f289ffa6116be7.tar.xz |
sock: Use unsafe_memcpy() for sock_copy()
While testing for places where zero-sized destinations were still showing
up in the kernel, sock_copy() and inet_reqsk_clone() were found, which
are using very specific memcpy() offsets for both avoiding a portion of
struct sock, and copying beyond the end of it (since struct sock is really
just a common header before the protocol-specific allocation). Instead
of trying to unravel this historical lack of container_of(), just switch
to unsafe_memcpy(), since that's effectively what was happening already
(memcpy() wasn't checking 0-sized destinations while the code base was
being converted away from fake flexible arrays).
Avoid the following false positive warning with future changes to
CONFIG_FORTIFY_SOURCE:
memcpy: detected field-spanning write (size 3068) of destination "&nsk->__sk_common.skc_dontcopy_end" at net/core/sock.c:2057 (size 0)
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240304212928.make.772-kees@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net/ethtool')
0 files changed, 0 insertions, 0 deletions