| Message ID | 20230905-strncpy-arch-arm64-v4-1-bc4b14ddfaef@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v4] arm64/sysreg: refactor deprecated strncpy | expand |
On Tue, Sep 05, 2023 at 08:10:21PM +0000, Justin Stitt wrote: > strncpy is deprecated [1] and should not be used if the src string is > not NUL-terminated. > > When dealing with `cmdline` we are counting the number of characters > until a space then copying these over into `buf`. Let's not use any of > the str*() functions since the src string is not necessarily NUL-terminated. > > Prefer `memcpy()` alongside a forced NUL-termination as it more > accurately describes what is going on within this function, i.e: copying > from non NUL-terminated buffer into a NUL-terminated buffer. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Suggested-by: Kees Cook <keescook@chromium.org> > Signed-off-by: Justin Stitt <justinstitt@google.com> > --- > Changes in v4: > - rebase onto mainline (thanks Will) > - Link to v3: https://lore.kernel.org/r/20230831-strncpy-arch-arm64-v3-1-cdbb1e7ea5e1@google.com The original patch converting the strncpy() to strscpy() has already landed upstream, so this doesn't apply as-is. Rather than go through a v5, I've reverted your original patch and squashed this on top with a new commit message. I'll push it out tomorrow on to the arm64 fixes branch. Thanks, Will
On Wed, Sep 6, 2023 at 11:48 AM Will Deacon <will@kernel.org> wrote: > > On Tue, Sep 05, 2023 at 08:10:21PM +0000, Justin Stitt wrote: > > strncpy is deprecated [1] and should not be used if the src string is > > not NUL-terminated. > > > > When dealing with `cmdline` we are counting the number of characters > > until a space then copying these over into `buf`. Let's not use any of > > the str*() functions since the src string is not necessarily NUL-terminated. > > > > Prefer `memcpy()` alongside a forced NUL-termination as it more > > accurately describes what is going on within this function, i.e: copying > > from non NUL-terminated buffer into a NUL-terminated buffer. > > > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > > Link: https://github.com/KSPP/linux/issues/90 > > Cc: linux-hardening@vger.kernel.org > > Suggested-by: Kees Cook <keescook@chromium.org> > > Signed-off-by: Justin Stitt <justinstitt@google.com> > > --- > > Changes in v4: > > - rebase onto mainline (thanks Will) > > - Link to v3: https://lore.kernel.org/r/20230831-strncpy-arch-arm64-v3-1-cdbb1e7ea5e1@google.com > > The original patch converting the strncpy() to strscpy() has already landed > upstream, so this doesn't apply as-is. > > Rather than go through a v5, I've reverted your original patch and squashed > this on top with a new commit message. I'll push it out tomorrow on to the > arm64 fixes branch. Thanks! Sorry I hadn't noticed it go through -- especially with all the reviews surrounding the patches. > > Thanks, > > Will
On 5.09.2023 22:10, Justin Stitt wrote: > strncpy is deprecated [1] and should not be used if the src string is > not NUL-terminated. > > When dealing with `cmdline` we are counting the number of characters > until a space then copying these over into `buf`. Let's not use any of > the str*() functions since the src string is not necessarily NUL-terminated. > > Prefer `memcpy()` alongside a forced NUL-termination as it more > accurately describes what is going on within this function, i.e: copying > from non NUL-terminated buffer into a NUL-terminated buffer. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Suggested-by: Kees Cook <keescook@chromium.org> > Signed-off-by: Justin Stitt <justinstitt@google.com> > --- Hi, some form of this patch [1] went into -next and it broke booting on at least the Qualcomm SC8280XP-based Lenovo Thinkpad X13S. Konrad [1] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=d232606773a0b09ec7f1ffc25f63abe801d011fd
On Thu, Sep 7, 2023 at 10:37 AM Konrad Dybcio <konradybcio@kernel.org> wrote: > > > > On 5.09.2023 22:10, Justin Stitt wrote: > > strncpy is deprecated [1] and should not be used if the src string is > > not NUL-terminated. > > > > When dealing with `cmdline` we are counting the number of characters > > until a space then copying these over into `buf`. Let's not use any of > > the str*() functions since the src string is not necessarily NUL-terminated. > > > > Prefer `memcpy()` alongside a forced NUL-termination as it more > > accurately describes what is going on within this function, i.e: copying > > from non NUL-terminated buffer into a NUL-terminated buffer. > > > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > > Link: https://github.com/KSPP/linux/issues/90 > > Cc: linux-hardening@vger.kernel.org > > Suggested-by: Kees Cook <keescook@chromium.org> > > Signed-off-by: Justin Stitt <justinstitt@google.com> > > --- > Hi, > > some form of this patch [1] went into -next and it broke booting > on at least the Qualcomm SC8280XP-based Lenovo Thinkpad X13S. > Thanks for the heads up! The previous versions of the patch (including the one that was applied) had some errors. This patch should be good and Will is looking to apply it to arm64 fixes tree. > Konrad > > [1] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=d232606773a0b09ec7f1ffc25f63abe801d011fd
On Thu, Sep 07, 2023 at 11:17:08AM -0700, Justin Stitt wrote: > On Thu, Sep 7, 2023 at 10:37 AM Konrad Dybcio <konradybcio@kernel.org> wrote: > > > > > > > > On 5.09.2023 22:10, Justin Stitt wrote: > > > strncpy is deprecated [1] and should not be used if the src string is > > > not NUL-terminated. > > > > > > When dealing with `cmdline` we are counting the number of characters > > > until a space then copying these over into `buf`. Let's not use any of > > > the str*() functions since the src string is not necessarily NUL-terminated. > > > > > > Prefer `memcpy()` alongside a forced NUL-termination as it more > > > accurately describes what is going on within this function, i.e: copying > > > from non NUL-terminated buffer into a NUL-terminated buffer. > > > > > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > > > Link: https://github.com/KSPP/linux/issues/90 > > > Cc: linux-hardening@vger.kernel.org > > > Suggested-by: Kees Cook <keescook@chromium.org> > > > Signed-off-by: Justin Stitt <justinstitt@google.com> > > > --- > > Hi, > > > > some form of this patch [1] went into -next and it broke booting > > on at least the Qualcomm SC8280XP-based Lenovo Thinkpad X13S. > > > > Thanks for the heads up! The previous versions of the patch (including > the one that was applied) had some errors. This patch should be good > and Will is looking to apply it to arm64 fixes tree. Yes, it should be fixed in linux-next 20230908. Cheers, Will
diff --git a/arch/arm64/kernel/idreg-override.c b/arch/arm64/kernel/idreg-override.c index 2fe2491b692c..3addc09f8746 100644 --- a/arch/arm64/kernel/idreg-override.c +++ b/arch/arm64/kernel/idreg-override.c @@ -263,8 +263,8 @@ static __init void __parse_cmdline(const char *cmdline, bool parse_aliases) return; len = min(len, ARRAY_SIZE(buf) - 1); - strncpy(buf, cmdline, len); - buf[len] = 0; + memcpy(buf, cmdline, len); + buf[len] = '\0'; if (strcmp(buf, "--") == 0) return;
strncpy is deprecated [1] and should not be used if the src string is not NUL-terminated. When dealing with `cmdline` we are counting the number of characters until a space then copying these over into `buf`. Let's not use any of the str*() functions since the src string is not necessarily NUL-terminated. Prefer `memcpy()` alongside a forced NUL-termination as it more accurately describes what is going on within this function, i.e: copying from non NUL-terminated buffer into a NUL-terminated buffer. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Suggested-by: Kees Cook <keescook@chromium.org> Signed-off-by: Justin Stitt <justinstitt@google.com> --- Changes in v4: - rebase onto mainline (thanks Will) - Link to v3: https://lore.kernel.org/r/20230831-strncpy-arch-arm64-v3-1-cdbb1e7ea5e1@google.com Changes in v3: - Fix faulty logic and use memcpy over strscpy (thanks Mostafa and Kees) - Use '\0' instead of 0 to make it abundantly clear that `buf` is a NUL-terminated string - Link to v2: https://lore.kernel.org/r/20230811-strncpy-arch-arm64-v2-1-ba84eabffadb@google.com Changes in v2: - Utilize return value from strscpy and check for truncation (thanks Kees) - Link to v1: https://lore.kernel.org/r/20230810-strncpy-arch-arm64-v1-1-f67f3685cd64@google.com --- arch/arm64/kernel/idreg-override.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- base-commit: 2dde18cd1d8fac735875f2e4987f11817cc0bc2c change-id: 20230810-strncpy-arch-arm64-1f3d328bd9b8 Best regards, -- Justin Stitt <justinstitt@google.com>