If an overlapping memcpy() is ever attempted, we should report it and gracefully call memmove(). These cases can be found and fixed to use memmove() correctly, but in the meantime, we will not break booting.
Suggested-by: Ingo Molnar <[email protected]> Signed-off-by: Kees Cook <[email protected]> --- arch/x86/boot/compressed/string.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/x86/boot/compressed/string.c b/arch/x86/boot/compressed/string.c index 2befeca1aada..7402227fdfdb 100644 --- a/arch/x86/boot/compressed/string.c +++ b/arch/x86/boot/compressed/string.c @@ -8,7 +8,7 @@ #include "../string.c" #ifdef CONFIG_X86_32 -void *memcpy(void *dest, const void *src, size_t n) +static void *__memcpy(void *dest, const void *src, size_t n) { int d0, d1, d2; asm volatile( @@ -22,7 +22,7 @@ void *memcpy(void *dest, const void *src, size_t n) return dest; } #else -void *memcpy(void *dest, const void *src, size_t n) +static void *__memcpy(void *dest, const void *src, size_t n) { long d0, d1, d2; asm volatile( @@ -60,3 +60,14 @@ void *memmove(void *dest, const void *src, size_t n) return dest; } + +/* Detect and warn about potential overlaps, but handle them with memmove. */ +void *memcpy(void *dest, const void *src, size_t n) +{ + if (dest > src && dest - src < n) { + warn("Avoiding potentially unsafe overlapping memcpy()!"); + return memmove(dest, src, n); + } + return __memcpy(dest, src, n); +} + -- 2.6.3 -- Kees Cook Chrome OS & Brillo Security
