summaryrefslogtreecommitdiffstats
path: root/drivers/xen/pci.c
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2021-05-24 21:15:15 -0700
committerKees Cook <keescook@chromium.org>2022-02-27 10:58:04 -0800
commitfad278388e01e3658a356118bed8ee2c2408d280 (patch)
tree62f441588b936ee7e296c65aa5fcce7025fd18b8 /drivers/xen/pci.c
parente52432e164230929fe1f7b5a67bda0cc870f66d5 (diff)
downloadlinux-fad278388e01e3658a356118bed8ee2c2408d280.tar.bz2
media: omap3isp: Use struct_group() for memcpy() region
In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally writing across neighboring fields. Wrap the target region in struct_group(). This additionally fixes a theoretical misalignment of the copy (since the size of "buf" changes between 64-bit and 32-bit, but this is likely never built for 64-bit). FWIW, I think this code is totally broken on 64-bit (which appears to not be a "real" build configuration): it would either always fail (with an uninitialized data->buf_size) or would cause corruption in userspace due to the copy_to_user() in the call path against an uninitialized data->buf value: omap3isp_stat_request_statistics_time32(...) struct omap3isp_stat_data data64; ... omap3isp_stat_request_statistics(stat, &data64); int omap3isp_stat_request_statistics(struct ispstat *stat, struct omap3isp_stat_data *data) ... buf = isp_stat_buf_get(stat, data); static struct ispstat_buffer *isp_stat_buf_get(struct ispstat *stat, struct omap3isp_stat_data *data) ... if (buf->buf_size > data->buf_size) { ... return ERR_PTR(-EINVAL); } ... rval = copy_to_user(data->buf, buf->virt_addr, buf->buf_size); Regardless, additionally initialize data64 to be zero-filled to avoid undefined behavior. Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Cc: Mauro Carvalho Chehab <mchehab@kernel.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Sakari Ailus <sakari.ailus@linux.intel.com> Cc: linux-media@vger.kernel.org Fixes: 378e3f81cb56 ("media: omap3isp: support 64-bit version of omap3isp_stat_data") Cc: stable@vger.kernel.org Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Link: https://lore.kernel.org/lkml/20211215220505.GB21862@embeddedor Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'drivers/xen/pci.c')
0 files changed, 0 insertions, 0 deletions