On Thu, Apr 28, 2016 at 11:43 PM, Ingo Molnar <mi...@kernel.org> wrote: > > * Kees Cook <keesc...@chromium.org> wrote: > >> If an overlapping memcpy() is ever attempted, we should at least report >> it, in case it might lead to problems, so it could be changed to a >> memmove() call instead. >> >> Suggested-by: Ingo Molnar <mi...@kernel.org> >> Signed-off-by: Kees Cook <keesc...@chromium.org> >> --- >> v4: >> - use __memcpy not memcpy since we've already done the check. >> v3: >> - call memmove in addition to doing the warning >> v2: >> - warn about overlapping region >> --- >> arch/x86/boot/compressed/string.c | 16 +++++++++++++--- >> 1 file changed, 13 insertions(+), 3 deletions(-) > > Applied, thanks Kees! > > Btw., can we now also remove the memmove() hack from lib/decompress_unxz.c?
I'll let Lasse answer for sure, but I don't think so. The original commit says: The XZ decompressor needs memmove(), memeq() (memcmp() == 0), and memzero() (memset(ptr, 0, size)), which aren't available in all arch-specific pre-boot environments. I'm including simple versions in decompress_unxz.c, but a cleaner solution would naturally be nicer. -Kees -- Kees Cook Chrome OS & Brillo Security