To work around a misbehavior of the compiler's ability to see into composite flexible array structs (as detailed in the coming memcpy() hardening series[1]), split the memcpy() of the header and the payload so no false positive run-time overflow warning will be generated. This results in the already inlined memcpy getting unrolled a little more, which very slightly increases text size: $ size drivers/hv/vmbus_drv.o.before drivers/hv/vmbus_drv.o text data bss dec hex filename 22968 5239 232 28439 6f17 drivers/hv/vmbus_drv.o.before 23032 5239 232 28503 6f57 drivers/hv/vmbus_drv.o Avoids the run-time false-positive warning: memcpy: detected field-spanning write (size 212) of single field "&ctx->msg" at drivers/hv/vmbus_drv.c:1133 (size 16) [1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@xxxxxxxxxxxx/ Cc: "K. Y. Srinivasan" <kys@xxxxxxxxxxxxx> Cc: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx> Cc: Stephen Hemminger <sthemmin@xxxxxxxxxxxxx> Cc: Wei Liu <wei.liu@xxxxxxxxxx> Cc: Dexuan Cui <decui@xxxxxxxxxxxxx> Cc: linux-hyperv@xxxxxxxxxxxxxxx Reported-by: Nathan Chancellor <nathan@xxxxxxxxxx> Reported-by: "Gustavo A. R. Silva" <gustavoars@xxxxxxxxxx> Tested-by: Nathan Chancellor <nathan@xxxxxxxxxx> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> --- v2: - fix commit log, add tags and exact warning test from Nathan v1: https://lore.kernel.org/lkml/20220924030741.3345349-1-keescook@xxxxxxxxxxxx --- drivers/hv/vmbus_drv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 23c680d1a0f5..9b111a8262e3 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1131,7 +1131,8 @@ void vmbus_on_msg_dpc(unsigned long data) return; INIT_WORK(&ctx->work, vmbus_onmessage_work); - memcpy(&ctx->msg, &msg_copy, sizeof(msg->header) + payload_size); + ctx->msg.header = msg_copy.header; + memcpy(&ctx->msg.payload, msg_copy.u.payload, payload_size); /* * The host can generate a rescind message while we -- 2.34.1
