diff options
author | Kees Cook <keescook@chromium.org> | 2021-06-21 16:23:22 -0700 |
---|---|---|
committer | Dave Kleikamp <dave.kleikamp@oracle.com> | 2021-06-23 09:21:52 -0500 |
commit | 5d299f44d7658f4423e33a0b9915bc8d81687511 (patch) | |
tree | b8ff7f89dd4370c2a3851c404b7f1a9d09dcb4a7 /fs/jfs/jfs_imap.c | |
parent | e15a56b7469529b4225e5c504ba6d51851e3bba4 (diff) |
jfs: Avoid field-overflowing memcpy()
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field array bounds checking for memcpy(), memmove(), and memset(),
avoid intentionally writing across neighboring fields.
Introduce more unions to cover the full inline data section, so that the
entire 256 bytes can be addressed by memcpy() without thinking it is
crossing field boundaries. Additionally adjusts dir memcpy() to use
existing union names to get the same coverage.
diffoscope shows there are no binary differences before/after excepting
the name of the initcall, which is line number based:
$ diffoscope --exclude-directory-metadata yes before/fs after/fs
--- before/fs
+++ after/fs
│ --- before/fs/jfs
├── +++ after/fs/jfs
│ │ --- before/fs/jfs/super.o
│ ├── +++ after/fs/jfs/super.o
│ │ ├── readelf --wide --symbols {}
│ │ │ @@ -2,15 +2,15 @@
│ │ │ Symbol table '.symtab' contains 158 entries:
│ │ │ Num: Value Size Type Bind Vis Ndx Name
...
│ │ │ - 5: 0000000000000000 0 NOTYPE LOCAL DEFAULT 6 __initcall__kmod_jfs__319_1049_ini
t_jfs_fs6
│ │ │ + 5: 0000000000000000 0 NOTYPE LOCAL DEFAULT 6 __initcall__kmod_jfs__319_1050_ini
t_jfs_fs6
...
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Diffstat (limited to 'fs/jfs/jfs_imap.c')
-rw-r--r-- | fs/jfs/jfs_imap.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c index 47913c3d7e1c..799d3837e7c2 100644 --- a/fs/jfs/jfs_imap.c +++ b/fs/jfs/jfs_imap.c @@ -761,7 +761,7 @@ int diWrite(tid_t tid, struct inode *ip) lv = & dilinelock->lv[dilinelock->index]; lv->offset = (dioffset + 2 * 128) >> L2INODESLOTSIZE; lv->length = 2; - memcpy(&dp->di_fastsymlink, jfs_ip->i_inline, IDATASIZE); + memcpy(&dp->di_inline_all, jfs_ip->i_inline_all, IDATASIZE); dilinelock->index++; } /* @@ -3082,7 +3082,7 @@ static int copy_from_dinode(struct dinode * dip, struct inode *ip) } if (S_ISDIR(ip->i_mode)) { - memcpy(&jfs_ip->i_dirtable, &dip->di_dirtable, 384); + memcpy(&jfs_ip->u.dir, &dip->u._dir, 384); } else if (S_ISREG(ip->i_mode) || S_ISLNK(ip->i_mode)) { memcpy(&jfs_ip->i_xtroot, &dip->di_xtroot, 288); } else |