| Message ID | 20230517145323.1522010-1-azeemshaikh38@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | d0c2d66fcc8db748edfe60e3b443eaff931f50e9 |
| Headers | show |
| Series | ftrace: Replace all non-returning strlcpy with strscpy | expand |
On Wed, May 17, 2023 at 02:53:23PM +0000, Azeem Shaikh wrote: > strlcpy() reads the entire source buffer first. > This read may exceed the destination size limit. > This is both inefficient and can lead to linear read > overflows if a source string is not NUL-terminated [1]. > In an effort to remove strlcpy() completely [2], replace > strlcpy() here with strscpy(). > No return values were used, so direct replacement is safe. > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy > [2] https://github.com/KSPP/linux/issues/89 > > Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> Reviewed-by: Kees Cook <keescook@chromium.org>
On Wed, 17 May 2023 14:53:23 +0000 Azeem Shaikh <azeemshaikh38@gmail.com> wrote: > strlcpy() reads the entire source buffer first. > This read may exceed the destination size limit. > This is both inefficient and can lead to linear read > overflows if a source string is not NUL-terminated [1]. > In an effort to remove strlcpy() completely [2], replace > strlcpy() here with strscpy(). > No return values were used, so direct replacement is safe. > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy > [2] https://github.com/KSPP/linux/issues/89 > > Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> Looks good to me. Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Thanks! > --- > kernel/trace/ftrace.c | 18 +++++++++--------- > 1 file changed, 9 insertions(+), 9 deletions(-) > > diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c > index 764668467155..6a77edb51f18 100644 > --- a/kernel/trace/ftrace.c > +++ b/kernel/trace/ftrace.c > @@ -5743,7 +5743,7 @@ bool ftrace_filter_param __initdata; > static int __init set_ftrace_notrace(char *str) > { > ftrace_filter_param = true; > - strlcpy(ftrace_notrace_buf, str, FTRACE_FILTER_SIZE); > + strscpy(ftrace_notrace_buf, str, FTRACE_FILTER_SIZE); > return 1; > } > __setup("ftrace_notrace=", set_ftrace_notrace); > @@ -5751,7 +5751,7 @@ __setup("ftrace_notrace=", set_ftrace_notrace); > static int __init set_ftrace_filter(char *str) > { > ftrace_filter_param = true; > - strlcpy(ftrace_filter_buf, str, FTRACE_FILTER_SIZE); > + strscpy(ftrace_filter_buf, str, FTRACE_FILTER_SIZE); > return 1; > } > __setup("ftrace_filter=", set_ftrace_filter); > @@ -5763,14 +5763,14 @@ static int ftrace_graph_set_hash(struct ftrace_hash *hash, char *buffer); > > static int __init set_graph_function(char *str) > { > - strlcpy(ftrace_graph_buf, str, FTRACE_FILTER_SIZE); > + strscpy(ftrace_graph_buf, str, FTRACE_FILTER_SIZE); > return 1; > } > __setup("ftrace_graph_filter=", set_graph_function); > > static int __init set_graph_notrace_function(char *str) > { > - strlcpy(ftrace_graph_notrace_buf, str, FTRACE_FILTER_SIZE); > + strscpy(ftrace_graph_notrace_buf, str, FTRACE_FILTER_SIZE); > return 1; > } > __setup("ftrace_graph_notrace=", set_graph_notrace_function); > @@ -6569,8 +6569,8 @@ static int ftrace_get_trampoline_kallsym(unsigned int symnum, > continue; > *value = op->trampoline; > *type = 't'; > - strlcpy(name, FTRACE_TRAMPOLINE_SYM, KSYM_NAME_LEN); > - strlcpy(module_name, FTRACE_TRAMPOLINE_MOD, MODULE_NAME_LEN); > + strscpy(name, FTRACE_TRAMPOLINE_SYM, KSYM_NAME_LEN); > + strscpy(module_name, FTRACE_TRAMPOLINE_MOD, MODULE_NAME_LEN); > *exported = 0; > return 0; > } > @@ -6933,7 +6933,7 @@ ftrace_func_address_lookup(struct ftrace_mod_map *mod_map, > if (off) > *off = addr - found_func->ip; > if (sym) > - strlcpy(sym, found_func->name, KSYM_NAME_LEN); > + strscpy(sym, found_func->name, KSYM_NAME_LEN); > > return found_func->name; > } > @@ -6987,8 +6987,8 @@ int ftrace_mod_get_kallsym(unsigned int symnum, unsigned long *value, > > *value = mod_func->ip; > *type = 'T'; > - strlcpy(name, mod_func->name, KSYM_NAME_LEN); > - strlcpy(module_name, mod_map->mod->name, MODULE_NAME_LEN); > + strscpy(name, mod_func->name, KSYM_NAME_LEN); > + strscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN); > *exported = 1; > preempt_enable(); > return 0; >
On Wed, 17 May 2023 14:53:23 +0000, Azeem Shaikh wrote: > strlcpy() reads the entire source buffer first. > This read may exceed the destination size limit. > This is both inefficient and can lead to linear read > overflows if a source string is not NUL-terminated [1]. > In an effort to remove strlcpy() completely [2], replace > strlcpy() here with strscpy(). > No return values were used, so direct replacement is safe. > > [...] Applied to for-next/hardening, thanks! [1/1] ftrace: Replace all non-returning strlcpy with strscpy https://git.kernel.org/kees/c/bd35ef4f612f
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 764668467155..6a77edb51f18 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -5743,7 +5743,7 @@ bool ftrace_filter_param __initdata; static int __init set_ftrace_notrace(char *str) { ftrace_filter_param = true; - strlcpy(ftrace_notrace_buf, str, FTRACE_FILTER_SIZE); + strscpy(ftrace_notrace_buf, str, FTRACE_FILTER_SIZE); return 1; } __setup("ftrace_notrace=", set_ftrace_notrace); @@ -5751,7 +5751,7 @@ __setup("ftrace_notrace=", set_ftrace_notrace); static int __init set_ftrace_filter(char *str) { ftrace_filter_param = true; - strlcpy(ftrace_filter_buf, str, FTRACE_FILTER_SIZE); + strscpy(ftrace_filter_buf, str, FTRACE_FILTER_SIZE); return 1; } __setup("ftrace_filter=", set_ftrace_filter); @@ -5763,14 +5763,14 @@ static int ftrace_graph_set_hash(struct ftrace_hash *hash, char *buffer); static int __init set_graph_function(char *str) { - strlcpy(ftrace_graph_buf, str, FTRACE_FILTER_SIZE); + strscpy(ftrace_graph_buf, str, FTRACE_FILTER_SIZE); return 1; } __setup("ftrace_graph_filter=", set_graph_function); static int __init set_graph_notrace_function(char *str) { - strlcpy(ftrace_graph_notrace_buf, str, FTRACE_FILTER_SIZE); + strscpy(ftrace_graph_notrace_buf, str, FTRACE_FILTER_SIZE); return 1; } __setup("ftrace_graph_notrace=", set_graph_notrace_function); @@ -6569,8 +6569,8 @@ static int ftrace_get_trampoline_kallsym(unsigned int symnum, continue; *value = op->trampoline; *type = 't'; - strlcpy(name, FTRACE_TRAMPOLINE_SYM, KSYM_NAME_LEN); - strlcpy(module_name, FTRACE_TRAMPOLINE_MOD, MODULE_NAME_LEN); + strscpy(name, FTRACE_TRAMPOLINE_SYM, KSYM_NAME_LEN); + strscpy(module_name, FTRACE_TRAMPOLINE_MOD, MODULE_NAME_LEN); *exported = 0; return 0; } @@ -6933,7 +6933,7 @@ ftrace_func_address_lookup(struct ftrace_mod_map *mod_map, if (off) *off = addr - found_func->ip; if (sym) - strlcpy(sym, found_func->name, KSYM_NAME_LEN); + strscpy(sym, found_func->name, KSYM_NAME_LEN); return found_func->name; } @@ -6987,8 +6987,8 @@ int ftrace_mod_get_kallsym(unsigned int symnum, unsigned long *value, *value = mod_func->ip; *type = 'T'; - strlcpy(name, mod_func->name, KSYM_NAME_LEN); - strlcpy(module_name, mod_map->mod->name, MODULE_NAME_LEN); + strscpy(name, mod_func->name, KSYM_NAME_LEN); + strscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN); *exported = 1; preempt_enable(); return 0;
strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated [1]. In an effort to remove strlcpy() completely [2], replace strlcpy() here with strscpy(). No return values were used, so direct replacement is safe. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [2] https://github.com/KSPP/linux/issues/89 Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> --- kernel/trace/ftrace.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-)