On 7/9/24 01:44, Gustavo A. R. Silva wrote:
>
>
> On 7/8/24 14:22, Kees Cook wrote:
>> Modern (fortified) memcpy() prefers to avoid writing (or reading) beyond
>> the end of the addressed destination (or source) struct member:
>>
>> In function ‘fortify_memcpy_chk’,
>> inlined from ‘syscall_get_arguments’ at
>> ./arch/x86/include/asm/syscall.h:85:2,
>> inlined from ‘populate_seccomp_data’ at kernel/seccomp.c:258:2,
>> inlined from ‘__seccomp_filter’ at kernel/seccomp.c:1231:3:
>> ./include/linux/fortify-string.h:580:25: error: call to
>> ‘__read_overflow2_field’ declared with attribute warning: detected read
>> beyond size of field (2nd parameter); maybe use struct_group()?
>> [-Werror=attribute-warning]
>> 580 | __read_overflow2_field(q_size_field, size);
>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> As already done for x86_64 and compat mode, do not use memcpy() to
>> extract syscall arguments from struct pt_regs but rather just perform
>> direct assignments. Binary output differences are negligible, and actually
>> ends up using less stack space:
>>
>> - sub $0x84,%esp
>> + sub $0x6c,%esp
>>
>> and less text size:
>>
>> text data bss dec hex filename
>> 10794 252 0 11046 2b26 gcc-32b/kernel/seccomp.o.stock
>> 10714 252 0 10966 2ad6 gcc-32b/kernel/seccomp.o.after
>>
>> Reported-by: Mirsad Todorovac <[email protected]>
>> Closes:
>> https://lore.kernel.org/lkml/[email protected]/
>> Signed-off-by: Kees Cook <[email protected]>
>> ---
>> Cc: Thomas Gleixner <[email protected]>
>> Cc: Ingo Molnar <[email protected]>
>> Cc: Borislav Petkov <[email protected]>
>> Cc: Dave Hansen <[email protected]>
>> Cc: [email protected]
>> Cc: "H. Peter Anvin" <[email protected]>
>> Cc: Daniel Sneddon <[email protected]>
>> Cc: Arnd Bergmann <[email protected]>
>> Cc: Brian Gerst <[email protected]>
>> Cc: Josh Poimboeuf <[email protected]>
>> Cc: Pawan Gupta <[email protected]>
>> Cc: Peter Collingbourne <[email protected]>
>
> Reviewed-by: Gustavo A. R. Silva <[email protected]>
>
> Thanks
I can confirm that the error was fixed after applying the patch, in the same
build environment.
Tested-by: Mirsad Todorovac <[email protected]>
However, why memcpy() directly from struct pt_regs doesn't work is beyond my
understanding :-/
FWIW, bulk memcpy() might be replaced by a single assembler instruction? Or am
I thinking still
in 6502 mode? :-)
Best regards,
Mirsad Todorovac
> --
> Gustavo
>
>> ---
>> arch/x86/include/asm/syscall.h | 7 ++++++-
>> 1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h
>> index 2fc7bc3863ff..7c488ff0c764 100644
>> --- a/arch/x86/include/asm/syscall.h
>> +++ b/arch/x86/include/asm/syscall.h
>> @@ -82,7 +82,12 @@ static inline void syscall_get_arguments(struct
>> task_struct *task,
>> struct pt_regs *regs,
>> unsigned long *args)
>> {
>> - memcpy(args, ®s->bx, 6 * sizeof(args[0]));
>> + args[0] = regs->bx;
>> + args[1] = regs->cx;
>> + args[2] = regs->dx;
>> + args[3] = regs->si;
>> + args[4] = regs->di;
>> + args[5] = regs->bp;
>> }
>> static inline int syscall_get_arch(struct task_struct *task)
