(Sorry, this v3 got sent to an incomplete CC list...)
On Thu, Apr 28, 2016 at 4:46 PM, Kees Cook <[email protected]> wrote: > If an overlapping memcpy() is ever attempted, we should report it and > gracefully call memmove(). These cases can be found and fixed to use > memmove() correctly, but in the meantime, we will not break booting. > > Suggested-by: Ingo Molnar <[email protected]> > Signed-off-by: Kees Cook <[email protected]> > --- > arch/x86/boot/compressed/string.c | 15 +++++++++++++-- > 1 file changed, 13 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/boot/compressed/string.c > b/arch/x86/boot/compressed/string.c > index 2befeca1aada..7402227fdfdb 100644 > --- a/arch/x86/boot/compressed/string.c > +++ b/arch/x86/boot/compressed/string.c > @@ -8,7 +8,7 @@ > #include "../string.c" > > #ifdef CONFIG_X86_32 > -void *memcpy(void *dest, const void *src, size_t n) > +static void *__memcpy(void *dest, const void *src, size_t n) > { > int d0, d1, d2; > asm volatile( > @@ -22,7 +22,7 @@ void *memcpy(void *dest, const void *src, size_t n) > return dest; > } > #else > -void *memcpy(void *dest, const void *src, size_t n) > +static void *__memcpy(void *dest, const void *src, size_t n) > { > long d0, d1, d2; > asm volatile( > @@ -60,3 +60,14 @@ void *memmove(void *dest, const void *src, size_t n) > > return dest; > } > + > +/* Detect and warn about potential overlaps, but handle them with memmove. */ > +void *memcpy(void *dest, const void *src, size_t n) > +{ > + if (dest > src && dest - src < n) { > + warn("Avoiding potentially unsafe overlapping memcpy()!"); > + return memmove(dest, src, n); > + } > + return __memcpy(dest, src, n); > +} > + > -- > 2.6.3 > > > -- > Kees Cook > Chrome OS & Brillo Security -- Kees Cook Chrome OS & Brillo Security
