mlxsw: core_acl_flex_actions: Split memcpy() of struct flow_action_cookie flexible...

To work around a misbehavior of the compiler's ability to see into
composite flexible array structs (as detailed in the coming memcpy()
hardening series[1]), split the memcpy() of the header and the payload
so no false positive run-time overflow warning will be generated.

[1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@chromium.org

Cc: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Link: https://lore.kernel.org/r/20220927004033.1942992-1-keescook@chromium.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
index 636db9a8745774adc42d97946b3166209c4f41e9..9dfe7148199f9ec4d79e8aa23ea8d8e7bdfe69d7 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
@@ -737,8 +737,9 @@ mlxsw_afa_cookie_create(struct mlxsw_afa *mlxsw_afa,
        if (!cookie)
                return ERR_PTR(-ENOMEM);
        refcount_set(&cookie->ref_count, 1);
-       memcpy(&cookie->fa_cookie, fa_cookie,
-              sizeof(*fa_cookie) + fa_cookie->cookie_len);
+       cookie->fa_cookie = *fa_cookie;
+       memcpy(cookie->fa_cookie.cookie, fa_cookie->cookie,
+              fa_cookie->cookie_len);
 
        err = rhashtable_insert_fast(&mlxsw_afa->cookie_ht, &cookie->ht_node,
                                     mlxsw_afa_cookie_ht_params);