Commit bd745027 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'hardening-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux 

Pull hardening fix from Kees Cook:

 - Correctly report struct member size on memcpy overflow (Kees Cook)

* tag 'hardening-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  fortify: Capture __bos() results in const temp vars
parents 1caa2f18 6f7630b1

include/linux/fortify-string.h

+9 −4
Original line number Diff line number Diff line
@@ -454,13 +454,18 @@ __FORTIFY_INLINE bool fortify_memcpy_chk(__kernel_size_t size, 


#define __fortify_memcpy_chk(p, q, size, p_size, q_size,		\

			     p_size_field, q_size_field, op) ({		\

	size_t __fortify_size = (size_t)(size);				\

	WARN_ONCE(fortify_memcpy_chk(__fortify_size, p_size, q_size,	\

				     p_size_field, q_size_field, #op),	\

	const size_t __fortify_size = (size_t)(size);			\

	const size_t __p_size = (p_size);				\

	const size_t __q_size = (q_size);				\

	const size_t __p_size_field = (p_size_field);			\

	const size_t __q_size_field = (q_size_field);			\

	WARN_ONCE(fortify_memcpy_chk(__fortify_size, __p_size,		\

				     __q_size, __p_size_field,		\

				     __q_size_field, #op),		\

		  #op ": detected field-spanning write (size %zu) of single %s (size %zu)\n", \

		  __fortify_size,					\

		  "field \"" #p "\" at " __FILE__ ":" __stringify(__LINE__), \

		  p_size_field);					\

		  __p_size_field);					\

	__underlying_##op(p, q, __fortify_size);			\

})