[PATCH v4] x86/boot: Warn on future overlapping memcpy() use

From: Kees Cook
Date: Thu Apr 28 2016 - 20:18:28 EST


If an overlapping memcpy() is ever attempted, we should at least report
it, in case it might lead to problems, so it could be changed to a
memmove() call instead.

Suggested-by: Ingo Molnar <mingo@xxxxxxxxxx>
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
v4:
- use __memcpy not memcpy since we've already done the check.
v3:
- call memmove in addition to doing the warning
v2:
- warn about overlapping region
---
arch/x86/boot/compressed/string.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/arch/x86/boot/compressed/string.c b/arch/x86/boot/compressed/string.c
index 2befeca1aada..5ac3acb5699f 100644
--- a/arch/x86/boot/compressed/string.c
+++ b/arch/x86/boot/compressed/string.c
@@ -8,7 +8,7 @@
#include "../string.c"

#ifdef CONFIG_X86_32
-void *memcpy(void *dest, const void *src, size_t n)
+static void *__memcpy(void *dest, const void *src, size_t n)
{
int d0, d1, d2;
asm volatile(
@@ -22,7 +22,7 @@ void *memcpy(void *dest, const void *src, size_t n)
return dest;
}
#else
-void *memcpy(void *dest, const void *src, size_t n)
+static void *__memcpy(void *dest, const void *src, size_t n)
{
long d0, d1, d2;
asm volatile(
@@ -53,10 +53,20 @@ void *memmove(void *dest, const void *src, size_t n)
const unsigned char *s = src;

if (d <= s || d - s >= n)
- return memcpy(dest, src, n);
+ return __memcpy(dest, src, n);

while (n-- > 0)
d[n] = s[n];

return dest;
}
+
+/* Detect and warn about potential overlaps, but handle them with memmove. */
+void *memcpy(void *dest, const void *src, size_t n)
+{
+ if (dest > src && dest - src < n) {
+ warn("Avoiding potentially unsafe overlapping memcpy()!");
+ return memmove(dest, src, n);
+ }
+ return __memcpy(dest, src, n);
+}
--
2.6.3


--
Kees Cook
Chrome OS & Brillo Security