flow_dissector: Fix out-of-bounds warnings
authorGustavo A. R. Silva <gustavoars@kernel.org>
Mon, 26 Jul 2021 19:25:11 +0000 (14:25 -0500)
committerDavid S. Miller <davem@davemloft.net>
Mon, 26 Jul 2021 22:02:59 +0000 (23:02 +0100)
Fix the following out-of-bounds warnings:

    net/core/flow_dissector.c: In function '__skb_flow_dissect':
>> net/core/flow_dissector.c:1104:4: warning: 'memcpy' offset [24, 39] from the object at '<unknown>' is out of the bounds of referenced subobject 'saddr' with type 'struct in6_addr' at offset 8 [-Warray-bounds]
     1104 |    memcpy(&key_addrs->v6addrs, &iph->saddr,
          |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     1105 |           sizeof(key_addrs->v6addrs));
          |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    In file included from include/linux/ipv6.h:5,
                     from net/core/flow_dissector.c:6:
    include/uapi/linux/ipv6.h:133:18: note: subobject 'saddr' declared here
      133 |  struct in6_addr saddr;
          |                  ^~~~~
>> net/core/flow_dissector.c:1059:4: warning: 'memcpy' offset [16, 19] from the object at '<unknown>' is out of the bounds of referenced subobject 'saddr' with type 'unsigned int' at offset 12 [-Warray-bounds]
     1059 |    memcpy(&key_addrs->v4addrs, &iph->saddr,
          |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     1060 |           sizeof(key_addrs->v4addrs));
          |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    In file included from include/linux/ip.h:17,
                     from net/core/flow_dissector.c:5:
    include/uapi/linux/ip.h:103:9: note: subobject 'saddr' declared here
      103 |  __be32 saddr;
          |         ^~~~~

The problem is that the original code is trying to copy data into a
couple of struct members adjacent to each other in a single call to
memcpy().  So, the compiler legitimately complains about it. As these
are just a couple of members, fix this by copying each one of them in
separate calls to memcpy().

This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().

Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/lkml/d5ae2e65-1f18-2577-246f-bada7eee6ccd@intel.com/
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/core/flow_dissector.c

index 2aadbfc..39d7be0 100644 (file)
@@ -1056,8 +1056,10 @@ proto_again:
                                                              FLOW_DISSECTOR_KEY_IPV4_ADDRS,
                                                              target_container);
 
-                       memcpy(&key_addrs->v4addrs, &iph->saddr,
-                              sizeof(key_addrs->v4addrs));
+                       memcpy(&key_addrs->v4addrs.src, &iph->saddr,
+                              sizeof(key_addrs->v4addrs.src));
+                       memcpy(&key_addrs->v4addrs.dst, &iph->daddr,
+                              sizeof(key_addrs->v4addrs.dst));
                        key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
                }
 
@@ -1101,8 +1103,10 @@ proto_again:
                                                              FLOW_DISSECTOR_KEY_IPV6_ADDRS,
                                                              target_container);
 
-                       memcpy(&key_addrs->v6addrs, &iph->saddr,
-                              sizeof(key_addrs->v6addrs));
+                       memcpy(&key_addrs->v6addrs.src, &iph->saddr,
+                              sizeof(key_addrs->v6addrs.src));
+                       memcpy(&key_addrs->v6addrs.dst, &iph->daddr,
+                              sizeof(key_addrs->v6addrs.dst));
                        key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
                }