Re: [PATCH] mlxsw: core_acl_flex_actions: Split memcpy() of struct flow_action_cookie flexible array
From: Petr Machata
Date: Tue Sep 27 2022 - 05:51:24 EST
Kees Cook <keescook@xxxxxxxxxxxx> writes:
> To work around a misbehavior of the compiler's ability to see into
> composite flexible array structs (as detailed in the coming memcpy()
> hardening series[1]), split the memcpy() of the header and the payload
> so no false positive run-time overflow warning will be generated.
>
> [1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@xxxxxxxxxxxx
>
> Cc: Ido Schimmel <idosch@xxxxxxxxxx>
> Cc: Petr Machata <petrm@xxxxxxxxxx>
> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> Cc: Eric Dumazet <edumazet@xxxxxxxxxx>
> Cc: Jakub Kicinski <kuba@xxxxxxxxxx>
> Cc: Paolo Abeni <pabeni@xxxxxxxxxx>
> Cc: netdev@xxxxxxxxxxxxxxx
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Reviewed-by: Petr Machata <petrm@xxxxxxxxxx>