From patchwork Tue Jan 7 18:48:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Isaac Manjarres X-Patchwork-Id: 13929510 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7765E77197 for ; Tue, 7 Jan 2025 18:48:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4F6C36B00A1; Tue, 7 Jan 2025 13:48:21 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 47B606B00A2; Tue, 7 Jan 2025 13:48:21 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2D0356B00A4; Tue, 7 Jan 2025 13:48:21 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 0965A6B00A1 for ; Tue, 7 Jan 2025 13:48:21 -0500 (EST) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id BBD88A0BE5 for ; Tue, 7 Jan 2025 18:48:20 +0000 (UTC) X-FDA: 82981541160.19.C04A765 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) by imf29.hostedemail.com (Postfix) with ESMTP id E3AB6120014 for ; Tue, 7 Jan 2025 18:48:18 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=PcDPTjk1; spf=pass (imf29.hostedemail.com: domain of 38XZ9Zw4KCBg6Gyy0AyB7yFF2G4CC492.0CA96BIL-AA8Jy08.CF4@flex--isaacmanjarres.bounces.google.com designates 209.85.216.73 as permitted sender) smtp.mailfrom=38XZ9Zw4KCBg6Gyy0AyB7yFF2G4CC492.0CA96BIL-AA8Jy08.CF4@flex--isaacmanjarres.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736275699; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=50lLEW9SKYc1xkD+PbF+LHJJKluSEdexAUkKUhuIKDk=; b=PLd11RnpYHOSYMcOUKjoFZMqw1HbnVYYDaHfoWuxB6J7lWnB4e5pnJxTYpDPiFGgy67Ur7 N4e63xdTgkLgF1BiUmEbhr/8CqOOD+KAOI/r0Qj2oNlpHGlCFJ6LvKPacbokpXzZjpbJDy vTDG5W9qxQj0Bsb0QTEU214gabJQ8kU= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=PcDPTjk1; spf=pass (imf29.hostedemail.com: domain of 38XZ9Zw4KCBg6Gyy0AyB7yFF2G4CC492.0CA96BIL-AA8Jy08.CF4@flex--isaacmanjarres.bounces.google.com designates 209.85.216.73 as permitted sender) smtp.mailfrom=38XZ9Zw4KCBg6Gyy0AyB7yFF2G4CC492.0CA96BIL-AA8Jy08.CF4@flex--isaacmanjarres.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736275699; a=rsa-sha256; cv=none; b=siD4Bm3ynkTU6PAxfzkO2rmMRqzczJQQeLmFpBhjT7W0nt9DjX2tUrozpuP4c0pJpAeXgM snW35alhshFj80MqNCp+Pq7QFaABsgwu6kZv7wGSphjmbOZE5MWwiO1fBQgaH93wF6hqT7 oNNkpbPznRMRMrTT2aOOB9KpBRT5zGE= Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ef8c7ef51dso121140a91.1 for ; Tue, 07 Jan 2025 10:48:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1736275697; x=1736880497; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=50lLEW9SKYc1xkD+PbF+LHJJKluSEdexAUkKUhuIKDk=; b=PcDPTjk1YNfWhGD67P8j2DfildM0+GQ7ZimAQ23mUk/QH1bsw0mi8KBrDsyySpBGJM Gbt3zNJ7F33ce1cbwX77qWMKPA4UH0TedCkbQKb1IHy9OcncaHhPwpWG+VAembpZcAbF 7x4Jdeo/NXWQmCikKSoITOq+poXECjz9TKbwJokI7VDSl4nCrf9/YruqQm09DEqQCz3o 9+ePUiDQYTFqDAuti1G9gzs6brkLiWLJ8QEkS2S4oJn5jOx+PSOfIwsKeLw2GeUFDFb2 sVIh37pXSNsD9zeVbO0N4DyrFcdJ8/UrGh3sQLkqGX2Fz6+FiyX/0yZv9Pudr79hw3UW 7fjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736275697; x=1736880497; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=50lLEW9SKYc1xkD+PbF+LHJJKluSEdexAUkKUhuIKDk=; b=UEu+1llaZ47wX9qUHcaChTPn6xej1Q/wECvIlLUB0iFc3ENG8F3AQdIZZetg8tUe8s B17Bn+LBrMGP/5xigBKq8d/ks3wH34+dQ/fwyGlr+LE5Dzl+5DpA7V/vB4YQ3XnsF/MK dtUXxf1GHSw7YwOdsJ9VFvnTi/UguRwj0xCpLABHPOpk10W4JthXDpqFdXtQAmfjZwJm Gye2AAKbCSESnarZfJmQun4GGR3rMEQosROzFFVXK+V8KHojmM5FRdoC8yrjfJ751LKj q6KF7A8Sgv+Ndfdjc7Lf42A36pk4qfRd39K4z8QBp4Gp4O+kD/z/Trwis7zqfiXle5Xc QvpQ== X-Forwarded-Encrypted: i=1; AJvYcCUn+RVdvXLJZ3f94UJK2kFh23nZ2lffcAQXFpz0JK6VJ8/+/HXRXeZ8fEolvtdSnEMQ9EM1izoreQ==@kvack.org X-Gm-Message-State: AOJu0YyGytEdk5UQ9LLmzyONW+iiII4bEY5OXrkvPTsSX2cMUvNax/wH O4LipLDHpKStMoibyC6VkXb4kZS+OXM9+lT2ZAaKrU7EYoH+wgK2mmyqExrAQPUW8CtY0VM4IRK 6w2KnvUih2jql4P9zU9Yg24gSruRsH/n0uQ== X-Google-Smtp-Source: AGHT+IGHSFoGgESZy9nn6zzNByx2COlM3Gms6uDyLSzyV2qnHkKsirasdpXYNca+u/B/CV52aTS2q18lsuiCDMLSkxsbsw== X-Received: from pjbsl16.prod.google.com ([2002:a17:90b:2e10:b0:2ef:82a8:7171]) (user=isaacmanjarres job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:5245:b0:2f2:a90e:74ef with SMTP id 98e67ed59e1d1-2f53cb837b7mr6272082a91.1.1736275697657; Tue, 07 Jan 2025 10:48:17 -0800 (PST) Date: Tue, 7 Jan 2025 10:48:02 -0800 In-Reply-To: <20250107184804.4074147-1-isaacmanjarres@google.com> Mime-Version: 1.0 References: <20250107184804.4074147-1-isaacmanjarres@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20250107184804.4074147-3-isaacmanjarres@google.com> Subject: [PATCH v2 2/2] mm/memfd: Use strncpy_from_user() to read memfd name From: "Isaac J. Manjarres" To: lorenzo.stoakes@oracle.com, Andrew Morton Cc: kaleshsingh@google.com, jstultz@google.com, aliceryhl@google.com, surenb@google.com, "Isaac J. Manjarres" , kernel-team@android.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org X-Rspamd-Queue-Id: E3AB6120014 X-Stat-Signature: 8ywuwedh58tijzcxf6zu4scr9ikhdxqq X-Rspam-User: X-Rspamd-Server: rspam11 X-HE-Tag: 1736275698-987968 X-HE-Meta: U2FsdGVkX18VYMMHCbrY+Ed1q6whJZr23j3Z4+SugNAbIDsU/qyi8HWr1B8htAplkfKyE7qfmTZ4l9cuE/byYyeY6qutcJVkRP6pGRHR79ifHhxj65rjnLXqk4+1S+Ep0mn6+up8h4httdPudBkrXstUMqqmORIEkMy36+icBLyj+nleJuf5c4qrT3yhRZEKggxR/5qGPnZMKid+Jpgtxhex0wTF1FrYhZZDhf0W3OlGsLF9VjF8JDM9jHD9tqN8Bb5aAHJT/wYed+6M9dkZEyZym9ii00wgRQEnLdzLHqDPS5oQWLhCzd7w1L5JMm2LvF3vYhYdCEdCZ9asel5v0qHRy2G7CVzG1cJoXFbK+5ZWE/7HGjDZ58p7o/oDrzeZm4GrLXGOQUxMGybMZ/gDkDLVZBuT1VIjz/4k8I0oAAbzkqxddhmxvRhV1GF3GlK32Um7/Y2RCGDvuj26Mhl00kfU5ZBLq4JtZDy1hyrb+wSw19jl2RvbTWe9Xh85dUztCvUQyvhc4ZLUbOOQSwGSPjPMc0jTT//4m9rWsXNJTcLY1chtnrhFs3oL/ALrLBGyr+91u5NvKVNEUHKg2J4uhijcvK2qThCDiMYciNiQ7bz1shB3+QT67cWb0aY/qAhyoxod+BEJfBE4ALeKI6FlwsgoFtjrAursvxMCSueAQ7hVfFR9FoEVd9xVCvEzq6OBeWhYVdmWHq0MmlyO8ginbiD3d9BvfW5DcJ3hC/QI5TpYTsEZ1+fk4euC6KWXIgyBZoHI81o9nXdptk/lwiDZfcoGFHkCUJahqpyDzZJ0PCf/CKYySCEiqm71Rmq4/nAtoDKUCEpt0tt1rGjMIyKYWwXyCXyxWh59Cv7DCPo8jLUxrCfE5KFMYDe5Kix+iQLJlg48E+3nsTNGnLY5OEmU6D+pYWfonqqV/w0OslCxbm7Bky8DEHfbDSzaazplxp7uPJ2cPlLlEh6PfrPkRfj mMfHK9MY isPOb7Qct2cs+NsoYFHK8pzxlPFTPQZKatrfK0tgPpZTAqn0Q3aiYWsVLML43o9nFAtiTEOPiJ+/7ZxqrLC2H4Cp4c799bIcETW6kTiAcS+bKsTdU+4qqWKVETkZ4VEvf2KBaFsYnmBNm/lttr3ZwV4Uak0dctNyKl47KctxUtNxr0pD/rqo/1dzh9mQUtZ8wzU/AtYB7zpgOup5gw+B/S77wb+RbSInKpu9qtBB44Wj+Zh3cMpLRAhJiBkzAxxSGLD1Vz2g5gmJn7h6wcdhosLRPLIGBLHeZ45ijrn5l6q7Ck/TW3epZD5HsnYpcI3O2WWU2tfmpHNdZ+uY2VyINPV0LL9QuLFGR6uBE9qzVY38mOh4/1HKdJ5uPFWzF7PSTIKFe5Q24D5bzMEzO4LUX31dWeiN2DAAw3/abZx7Q6swO4ES40cjGYb0D8RnbY7pyTT00/tRQ9QhBMwJc5+awC5jODaG+kgEWJDyAMGL7BbOr3UdfaNwEfUaB8FhPPeN/W4ners0epW29vZYlaFBvTs+63rBbxa3TBtDKlGjhzaFSIY5m6U40Q73CP3VOG2B6Z0sP9gEs+1PhiAhFTDcViQLkkyVzbWAuHdIPcBRnyupoOWBzGIZhHzAJ10395tvPJmbW+gaa1RMDR87cmtYRnTR8rKvtJWyMdBq+qUaZ0XZBE+1FIGE6YwkokQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.063852, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The existing logic uses strnlen_user() to calculate the length of the memfd name from userspace and then copies the string into a buffer using copy_from_user(). This is error-prone, as the string length could have changed between the time when it was calculated and when the string was copied. The existing logic handles this by ensuring that the last byte in the buffer is the terminating zero. This handling is contrived and can better be handled by using strncpy_from_user(), which gets the length of the string and copies it in one shot. Therefore, simplify the logic for copying the memfd name by using strncpy_from_user(). No functional change. Signed-off-by: Isaac J. Manjarres Reviewed-by: Alice Ryhl --- mm/memfd.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/mm/memfd.c b/mm/memfd.c index a9430090bb20..babf6433cf7b 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -394,26 +394,18 @@ static char *memfd_create_name(const char __user *uname) char *name; long len; - /* length includes terminating zero */ - len = strnlen_user(uname, MFD_NAME_MAX_LEN + 1); - if (len <= 0) - return ERR_PTR(-EFAULT); - if (len > MFD_NAME_MAX_LEN + 1) - return ERR_PTR(-EINVAL); - - name = kmalloc(len + MFD_NAME_PREFIX_LEN, GFP_KERNEL); + name = kmalloc(MFD_NAME_PREFIX_LEN + MFD_NAME_MAX_LEN + 1, GFP_KERNEL); if (!name) return ERR_PTR(-ENOMEM); strcpy(name, MFD_NAME_PREFIX); - if (copy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, len)) { + /* length does not include terminating zero */ + len = strncpy_from_user(name + MFD_NAME_PREFIX_LEN, uname, MFD_NAME_MAX_LEN + 1); + if (len < 0) { error = -EFAULT; goto err_name; - } - - /* terminating-zero may have changed after strnlen_user() returned */ - if (name[len + MFD_NAME_PREFIX_LEN - 1]) { - error = -EFAULT; + } else if (len > MFD_NAME_MAX_LEN) { + error = -EINVAL; goto err_name; }