On 09/07/24 12:20, Mirsad Todorovac wrote:
On 7/9/24 01:44, Gustavo A. R. Silva wrote:
On 7/8/24 14:22, Kees Cook wrote:
Modern (fortified) memcpy() prefers to avoid writing (or reading) beyond
the end of the addressed destination (or source) struct member:
In function ‘fortify_memcpy_chk’,
inlined from ‘syscall_get_arguments’ at
./arch/x86/include/asm/syscall.h:85:2,
inlined from ‘populate_seccomp_data’ at kernel/seccomp.c:258:2,
inlined from ‘__seccomp_filter’ at kernel/seccomp.c:1231:3:
./include/linux/fortify-string.h:580:25: error: call to
‘__read_overflow2_field’ declared with attribute warning: detected read beyond
size of field (2nd parameter); maybe use struct_group()?
[-Werror=attribute-warning]
580 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
As already done for x86_64 and compat mode, do not use memcpy() to
extract syscall arguments from struct pt_regs but rather just perform
direct assignments. Binary output differences are negligible, and actually
ends up using less stack space:
- sub $0x84,%esp
+ sub $0x6c,%esp
and less text size:
text data bss dec hex filename
10794 252 0 11046 2b26 gcc-32b/kernel/seccomp.o.stock
10714 252 0 10966 2ad6 gcc-32b/kernel/seccomp.o.after
Reported-by: Mirsad Todorovac <[email protected]>
Closes:
https://lore.kernel.org/lkml/[email protected]/
Signed-off-by: Kees Cook <[email protected]>
---
Cc: Thomas Gleixner <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Dave Hansen <[email protected]>
Cc: [email protected]
Cc: "H. Peter Anvin" <[email protected]>
Cc: Daniel Sneddon <[email protected]>
Cc: Arnd Bergmann <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Josh Poimboeuf <[email protected]>
Cc: Pawan Gupta <[email protected]>
Cc: Peter Collingbourne <[email protected]>
Reviewed-by: Gustavo A. R. Silva <[email protected]>
Thanks
I can confirm that the error was fixed after applying the patch, in the same
build environment.
Tested-by: Mirsad Todorovac <[email protected]>
However, why memcpy() directly from struct pt_regs doesn't work is beyond my
understanding :-/
This is because under CONFIG_FORTIFY_SOURCE=y, memcpy() prevents writing or
reading beyond
the boundaries of dest/src objects.
--
Gustavo
FWIW, bulk memcpy() might be replaced by a single assembler instruction? Or am
I thinking still
in 6502 mode? :-)
Best regards,
Mirsad Todorovac
--
Gustavo
---
arch/x86/include/asm/syscall.h | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h
index 2fc7bc3863ff..7c488ff0c764 100644
--- a/arch/x86/include/asm/syscall.h
+++ b/arch/x86/include/asm/syscall.h
@@ -82,7 +82,12 @@ static inline void syscall_get_arguments(struct task_struct
*task,
struct pt_regs *regs,
unsigned long *args)
{
- memcpy(args, ®s->bx, 6 * sizeof(args[0]));
+ args[0] = regs->bx;
+ args[1] = regs->cx;
+ args[2] = regs->dx;
+ args[3] = regs->si;
+ args[4] = regs->di;
+ args[5] = regs->bp;
}
static inline int syscall_get_arch(struct task_struct *task)
