[v2,3/4] string: Allow 2-argument strscpy_pad()

Message ID	20240205123525.1379299-3-keescook@chromium.org (mailing list archive)
State	Superseded
Headers	show Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 068901CA80 for <linux-hardening@vger.kernel.org>; Mon, 5 Feb 2024 12:35:28 +0000 (UTC) From: Kees Cook <keescook@chromium.org> To: Andy Shevchenko <andy@kernel.org> Cc: Kees Cook <keescook@chromium.org>, linux-hardening@vger.kernel.org, Richard Weinberger <richard@nod.at>, Justin Stitt <justinstitt@google.com>, Anton Ivanov <anton.ivanov@cambridgegreys.com>, Johannes Berg <johannes@sipsolutions.net>, Willem de Bruijn <willemdebruijn.kernel@gmail.com>, Jason Wang <jasowang@redhat.com>, kernel test robot <lkp@intel.com>, Nathan Chancellor <nathan@kernel.org>, Azeem Shaikh <azeemshaikh38@gmail.com>, linux-kernel@vger.kernel.org, linux-um@lists.infradead.org Subject: [PATCH v2 3/4] string: Allow 2-argument strscpy_pad() Date: Mon, 5 Feb 2024 04:35:23 -0800 Message-Id: <20240205123525.1379299-3-keescook@chromium.org> In-Reply-To: <20240205122916.it.909-kees@kernel.org> References: <20240205122916.it.909-kees@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	string: Allow 2-argument strscpy() \| expand [v2,0/4] string: Allow 2-argument strscpy() [v2,1/4] string: Redefine strscpy_pad() as a macro [v2,2/4] string: Allow 2-argument strscpy() [v2,3/4] string: Allow 2-argument strscpy_pad() [v2,4/4] um: Convert strscpy() usage to 2-argument style

Message ID

20240205123525.1379299-3-keescook@chromium.org (mailing list archive)

State

Superseded

Headers

From: Kees Cook <keescook@chromium.org>
To: Andy Shevchenko <andy@kernel.org>
Cc: Kees Cook <keescook@chromium.org>,
	linux-hardening@vger.kernel.org,
	Richard Weinberger <richard@nod.at>,
	Justin Stitt <justinstitt@google.com>,
	Anton Ivanov <anton.ivanov@cambridgegreys.com>,
	Johannes Berg <johannes@sipsolutions.net>,
	Willem de Bruijn <willemdebruijn.kernel@gmail.com>,
	Jason Wang <jasowang@redhat.com>,
	kernel test robot <lkp@intel.com>,
	Nathan Chancellor <nathan@kernel.org>,
	Azeem Shaikh <azeemshaikh38@gmail.com>,
	linux-kernel@vger.kernel.org,
	linux-um@lists.infradead.org
Subject: [PATCH v2 3/4] string: Allow 2-argument strscpy_pad()
Date: Mon,  5 Feb 2024 04:35:23 -0800
Message-Id: <20240205123525.1379299-3-keescook@chromium.org>
In-Reply-To: <20240205122916.it.909-kees@kernel.org>
References: <20240205122916.it.909-kees@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

string: Allow 2-argument strscpy() | expand

Commit Message

Kees Cook Feb. 5, 2024, 12:35 p.m. UTC

Similar to strscpy(), update strscpy_pad()'s 3rd argument to be
optional when the destination is a compile-time known size array.

Cc: Andy Shevchenko <andy@kernel.org>
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/linux/string.h | 29 ++++++++++++++++++-----------
 1 file changed, 18 insertions(+), 11 deletions(-)

Comments

Geert Uytterhoeven Feb. 5, 2024, 12:48 p.m. UTC | #1

Hi Kees,

On Mon, Feb 5, 2024 at 1:36 PM Kees Cook <keescook@chromium.org> wrote:
> Similar to strscpy(), update strscpy_pad()'s 3rd argument to be
> optional when the destination is a compile-time known size array.
>
> Cc: Andy Shevchenko <andy@kernel.org>
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>

Thanks for your patch!

> --- a/include/linux/string.h
> +++ b/include/linux/string.h
> @@ -78,6 +78,10 @@ ssize_t sized_strscpy(char *, const char *, size_t);
>         sized_strscpy(dst, src, sizeof(dst) + __must_be_array(dst))
>  #define __strscpy1(dst, src, size)     sized_strscpy(dst, src, size)
>
> +#define __strscpy_pad0(dst, src, ...)  \
> +       sized_strscpy_pad(dst, src, sizeof(dst) + __must_be_array(dst))
> +#define __strscpy_pad1(dst, src, size) sized_strscpy_pad(dst, src, size)

(dst) etc.

> @@ -123,17 +139,8 @@ ssize_t sized_strscpy(char *, const char *, size_t);
>   * * The number of characters copied (not including the trailing %NULs)
>   * * -E2BIG if count is 0 or @src was truncated.
>   */
> -#define strscpy_pad(dest, src, count)  ({                      \
> -       char *__dst = (dest);                                           \
> -       const char *__src = (src);                                      \
> -       const size_t __count = (count);                                 \
> -       ssize_t __wrote;                                                \
> -                                                                       \
> -       __wrote = strscpy(__dst, __src, __count);                       \
> -       if (__wrote >= 0 && __wrote < __count)                          \
> -               memset(__dst + __wrote + 1, 0, __count - __wrote - 1);  \
> -       __wrote;                                                        \
> -})
> +#define strscpy_pad(dst, src, ...)     \
> +       CONCATENATE(__strscpy_pad, COUNT_ARGS(__VA_ARGS__))(dst, src, __VA_ARGS__)

Likewise,

Gr{oetje,eeting}s,

                        Geert

Andy Shevchenko Feb. 5, 2024, 12:57 p.m. UTC | #2

On Mon, Feb 05, 2024 at 01:48:51PM +0100, Geert Uytterhoeven wrote:
> On Mon, Feb 5, 2024 at 1:36 PM Kees Cook <keescook@chromium.org> wrote:

...

> > +#define __strscpy_pad1(dst, src, size) sized_strscpy_pad(dst, src, size)
> 
> (dst) etc.

Makes a little sense here. Are you expecting, e.g., dst to be 'a, b' (w/o
quotes where a and b are expressions)?

...

> > +#define strscpy_pad(dst, src, ...)     \
> > +       CONCATENATE(__strscpy_pad, COUNT_ARGS(__VA_ARGS__))(dst, src, __VA_ARGS__)
> 
> Likewise,

Ditto.

diff --git a/include/linux/string.h b/include/linux/string.h
index a21371aa2fd6..4f0f27013418 100644
--- a/include/linux/string.h
+++ b/include/linux/string.h
@@ -78,6 +78,10 @@  ssize_t sized_strscpy(char *, const char *, size_t);
 	sized_strscpy(dst, src, sizeof(dst) + __must_be_array(dst))
 #define __strscpy1(dst, src, size)	sized_strscpy(dst, src, size)
 
+#define __strscpy_pad0(dst, src, ...)	\
+	sized_strscpy_pad(dst, src, sizeof(dst) + __must_be_array(dst))
+#define __strscpy_pad1(dst, src, size)	sized_strscpy_pad(dst, src, size)
+
 /**
  * strscpy - Copy a C-string into a sized buffer
  * @dst: Where to copy the string to
@@ -103,6 +107,18 @@  ssize_t sized_strscpy(char *, const char *, size_t);
 #define strscpy(dst, src, ...)	\
 	CONCATENATE(__strscpy, COUNT_ARGS(__VA_ARGS__))(dst, src, __VA_ARGS__)
 
+#define sized_strscpy_pad(dest, src, count)	({			\
+	char *__dst = (dest);						\
+	const char *__src = (src);					\
+	const size_t __count = (count);					\
+	ssize_t __wrote;						\
+									\
+	__wrote = sized_strscpy(__dst, __src, __count);			\
+	if (__wrote >= 0 && __wrote < __count)				\
+		memset(__dst + __wrote + 1, 0, __count - __wrote - 1);	\
+	__wrote;							\
+})
+
 /**
  * strscpy_pad() - Copy a C-string into a sized buffer
  * @dest: Where to copy the string to
@@ -123,17 +139,8 @@  ssize_t sized_strscpy(char *, const char *, size_t);
  * * The number of characters copied (not including the trailing %NULs)
  * * -E2BIG if count is 0 or @src was truncated.
  */
-#define strscpy_pad(dest, src, count)	({			\
-	char *__dst = (dest);						\
-	const char *__src = (src);					\
-	const size_t __count = (count);					\
-	ssize_t __wrote;						\
-									\
-	__wrote = strscpy(__dst, __src, __count);			\
-	if (__wrote >= 0 && __wrote < __count)				\
-		memset(__dst + __wrote + 1, 0, __count - __wrote - 1);	\
-	__wrote;							\
-})
+#define strscpy_pad(dst, src, ...)	\
+	CONCATENATE(__strscpy_pad, COUNT_ARGS(__VA_ARGS__))(dst, src, __VA_ARGS__)
 
 #ifndef __HAVE_ARCH_STRCAT
 extern char * strcat(char *, const char *);

[v2,3/4] string: Allow 2-argument strscpy_pad()

Commit Message

Comments

Patch