bpf: Use memmove for bpf_dynptr_{read,write}

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

It may happen that destination buffer memory overlaps with memory dynptr
points to. Hence, we must use memmove to correctly copy from dynptr to
destination buffer, or source buffer to dynptr.

This actually isn't a problem right now, as memcpy implementation falls
back to memmove on detecting overlap and warns about it, but we
shouldn't be relying on that.

Acked-by: Joanne Koong <joannelkoong@gmail.com>
Acked-by: David Vernet <void@manifault.com>
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20221207204141.308952-7-memxor@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

Kumar Kartikeya Dwivedi and committed by

Alexei Starovoitov 3 years ago 76d16077 f6ee298f

+10 -2

1 changed file

expand all

kernel

bpf

helpers.c

+10 -2

kernel/bpf/helpers.c

··· 1495 1495 if (err) 1496 1496 return err; 1497 1497 1498 - memcpy(dst, src->data + src->offset + offset, len); 1498 + /* Source and destination may possibly overlap, hence use memmove to 1499 + * copy the data. E.g. bpf_dynptr_from_mem may create two dynptr 1500 + * pointing to overlapping PTR_TO_MAP_VALUE regions. 1501 + */ 1502 + memmove(dst, src->data + src->offset + offset, len); 1499 1503 1500 1504 return 0; 1501 1505 } ··· 1527 1523 if (err) 1528 1524 return err; 1529 1525 1530 - memcpy(dst->data + dst->offset + offset, src, len); 1526 + /* Source and destination may possibly overlap, hence use memmove to 1527 + * copy the data. E.g. bpf_dynptr_from_mem may create two dynptr 1528 + * pointing to overlapping PTR_TO_MAP_VALUE regions. 1529 + */ 1530 + memmove(dst->data + dst->offset + offset, src, len); 1531 1531 1532 1532 return 0; 1533 1533 }