On Fri, Feb 16, 2024 at 12:39:41PM -0800, Kees Cook wrote:
> When a memcpy() would exceed the length of an entire structure, no
> detailed WARN would be emitted, making debugging a bit more challenging.
> Similarly, other buffer overflow reports would have no size information
> reported.
>
> Always warn for memcpy() overflows, but distinguish between the two
> cases in the message before continuing (warn-only) or blocking the copy
> (hard-fail). Additionally add size information to existing overflow
> reports.
>
> Signed-off-by: Kees Cook <[email protected]>
This will need a v2 ... something in my manipulations is triggering a
bizarre warning in Clang:
../fs/dlm/rcom.c:490:13: error: member reference type 'int' is not a pointer
490 | memcpy(rc->rc_buf, rc_in->rc_buf, sizeof(struct rcom_lock));
| ~~ ^
../include/linux/fortify-string.h:636:47: note: expanded from macro 'memcpy'
636 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s,
\
| ^
../include/linux/fortify-string.h:591:20: note: expanded from macro
'__fortify_memcpy_chk'
591 | __underlying_##op(p, q, __fortify_size);
\
| ^
I'll track it down...
--
Kees Cook
