mirror of https://gitee.com/openkylin/linux.git
x86/boot: Make memcpy() handle overlaps
Two uses of memcpy() (screen scrolling and ELF parsing) were handling overlapping memory areas. While there were no explicitly noticed bugs here (yet), it is best to fix this so that the copying will always be safe. Instead of making a new memmove() function that might collide with other memmove() definitions in the decompressors, this just makes the compressed boot code's copy of memcpy() overlap-safe. Suggested-by: Lasse Collin <lasse.collin@tukaani.org> Reported-by: Yinghai Lu <yinghai@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Andy Lutomirski <luto@kernel.org> Cc: Baoquan He <bhe@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Borislav Petkov <bp@suse.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: H.J. Lu <hjl.tools@gmail.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/1461185746-8017-5-git-send-email-keescook@chromium.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
This commit is contained in:
parent
1f208de37d
commit
bf0118dbba
|
@ -301,9 +301,7 @@ static void parse_elf(void *output)
|
|||
#else
|
||||
dest = (void *)(phdr->p_paddr);
|
||||
#endif
|
||||
memcpy(dest,
|
||||
output + phdr->p_offset,
|
||||
phdr->p_filesz);
|
||||
memcpy(dest, output + phdr->p_offset, phdr->p_filesz);
|
||||
break;
|
||||
default: /* Ignore other PT_* */ break;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#include "../string.c"
|
||||
|
||||
#ifdef CONFIG_X86_32
|
||||
void *memcpy(void *dest, const void *src, size_t n)
|
||||
void *__memcpy(void *dest, const void *src, size_t n)
|
||||
{
|
||||
int d0, d1, d2;
|
||||
asm volatile(
|
||||
|
@ -15,7 +15,7 @@ void *memcpy(void *dest, const void *src, size_t n)
|
|||
return dest;
|
||||
}
|
||||
#else
|
||||
void *memcpy(void *dest, const void *src, size_t n)
|
||||
void *__memcpy(void *dest, const void *src, size_t n)
|
||||
{
|
||||
long d0, d1, d2;
|
||||
asm volatile(
|
||||
|
@ -39,3 +39,21 @@ void *memset(void *s, int c, size_t n)
|
|||
ss[i] = c;
|
||||
return s;
|
||||
}
|
||||
|
||||
/*
|
||||
* This memcpy is overlap safe (i.e. it is memmove without conflicting
|
||||
* with other definitions of memmove from the various decompressors.
|
||||
*/
|
||||
void *memcpy(void *dest, const void *src, size_t n)
|
||||
{
|
||||
unsigned char *d = dest;
|
||||
const unsigned char *s = src;
|
||||
|
||||
if (d <= s || d - s >= n)
|
||||
return __memcpy(dest, src, n);
|
||||
|
||||
while (n-- > 0)
|
||||
d[n] = s[n];
|
||||
|
||||
return dest;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue