Commit 76d16077 authored by Kumar Kartikeya Dwivedi's avatar Kumar Kartikeya Dwivedi Committed by Alexei Starovoitov
Browse files

bpf: Use memmove for bpf_dynptr_{read,write} 



It may happen that destination buffer memory overlaps with memory dynptr
points to. Hence, we must use memmove to correctly copy from dynptr to
destination buffer, or source buffer to dynptr.

This actually isn't a problem right now, as memcpy implementation falls
back to memmove on detecting overlap and warns about it, but we
shouldn't be relying on that.

Acked-by: default avatarJoanne Koong <joannelkoong@gmail.com>
Acked-by: default avatarDavid Vernet <void@manifault.com>
Signed-off-by: default avatarKumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20221207204141.308952-7-memxor@gmail.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent f6ee298f

kernel/bpf/helpers.c

+10 −2
Original line number Diff line number Diff line
@@ -1495,7 +1495,11 @@ BPF_CALL_5(bpf_dynptr_read, void *, dst, u32, len, const struct bpf_dynptr_kern 
	if (err)

		return err;



	memcpy(dst, src->data + src->offset + offset, len);

	/* Source and destination may possibly overlap, hence use memmove to

	 * copy the data. E.g. bpf_dynptr_from_mem may create two dynptr

	 * pointing to overlapping PTR_TO_MAP_VALUE regions.

	 */

	memmove(dst, src->data + src->offset + offset, len);



	return 0;

}
@@ -1523,7 +1527,11 @@ BPF_CALL_5(bpf_dynptr_write, const struct bpf_dynptr_kern *, dst, u32, offset, v 
	if (err)

		return err;



	memcpy(dst->data + dst->offset + offset, src, len);

	/* Source and destination may possibly overlap, hence use memmove to

	 * copy the data. E.g. bpf_dynptr_from_mem may create two dynptr

	 * pointing to overlapping PTR_TO_MAP_VALUE regions.

	 */

	memmove(dst->data + dst->offset + offset, src, len);



	return 0;

}