| Message ID | 20230802-wifi-ipw2x00-refactor-v1-1-6047659410d4@google.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Kalle Valo |
| Headers | show |
| Series | wifi: ipw2x00: refactor to use kstrtoul | expand |
On August 1, 2023 5:51:59 PM PDT, Justin Stitt <justinstitt@google.com> wrote: >The current implementation seems to reinvent what `kstrtoul` already does >in terms of functionality and error handling. Remove uses of `simple_strtoul()` >in favor of `kstrtoul()`. > >There is the following note at `lib/vsprintf.c:simple_strtoull()` which >further backs this change: >| * This function has caveats. Please use kstrtoull (or kstrtoul) instead. > >And here, simple_str* are explicitly deprecated [3]. > >This patch also removes an instance of the deprecated `strncpy` which helps [2]. > >Link: https://lore.kernel.org/all/202308011602.3CC1C0244C@keescook/ [1] >Link: https://github.com/KSPP/linux/issues/90 [2] >Link: https://docs.kernel.org/process/deprecated.html#simple-strtol-simple-strtoll-simple-strtoul-simple-strtoull [3] >Cc: linux-hardening@vger.kernel.org >Suggested-by: Kees Cook <keescook@chromium.org> >Signed-off-by: Justin Stitt <justinstitt@google.com> >--- > > >Link: https://lore.kernel.org/all/20230801-drivers-net-wireless-intel-ipw2x00-v1-1-ffd185c91292@google.com/ >--- > drivers/net/wireless/intel/ipw2x00/ipw2200.c | 43 +++++++++------------------- > 1 file changed, 14 insertions(+), 29 deletions(-) > >diff --git a/drivers/net/wireless/intel/ipw2x00/ipw2200.c b/drivers/net/wireless/intel/ipw2x00/ipw2200.c >index dfe0f74369e6..ac10633f593e 100644 >--- a/drivers/net/wireless/intel/ipw2x00/ipw2200.c >+++ b/drivers/net/wireless/intel/ipw2x00/ipw2200.c >@@ -1176,23 +1176,20 @@ static ssize_t debug_level_show(struct device_driver *d, char *buf) > static ssize_t debug_level_store(struct device_driver *d, const char *buf, > size_t count) > { >- char *p = (char *)buf; >- u32 val; >+ unsigned long *val = NULL; > >- if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') { >- p++; >- if (p[0] == 'x' || p[0] == 'X') >- p++; >- val = simple_strtoul(p, &p, 16); >- } else >- val = simple_strtoul(p, &p, 10); >- if (p == buf) >+ int result = kstrtoul(buf, 0, val); kstrtoul needs somewhere to write the value, so val need to be actually unsigned long, and a pointer passed to that: unsigned long val; ... ... kstrtoul(but, 0, &val); But otherwise, yeah, this looks like the right direction to me. >+ >+ if (result == -EINVAL) > printk(KERN_INFO DRV_NAME > ": %s is not in hex or decimal form.\n", buf); >+ else if (result == -ERANGE) >+ printk(KERN_INFO DRV_NAME >+ ": %s has overflowed.\n", buf); > else >- ipw_debug_level = val; >+ ipw_debug_level = *val; > >- return strnlen(buf, count); >+ return count;. It might be worth mentioning this return value change, but I think it's correct: we're communicating how much was consumed (we consumed it all). When the return value != count, this function may be called again with the "rest" of the input. As this is a sysfs interface, that kind of behavior is very rare bordering on actively unwanted. :) So, I think these should either return a negative error or count. -Kees > } > static DRIVER_ATTR_RW(debug_level); > >@@ -1461,33 +1458,21 @@ static ssize_t scan_age_store(struct device *d, struct device_attribute *attr, > { > struct ipw_priv *priv = dev_get_drvdata(d); > struct net_device *dev = priv->net_dev; >- char buffer[] = "00000000"; >- unsigned long len = >- (sizeof(buffer) - 1) > count ? count : sizeof(buffer) - 1; >- unsigned long val; >- char *p = buffer; > > IPW_DEBUG_INFO("enter\n"); > >- strncpy(buffer, buf, len); >- buffer[len] = 0; >+ unsigned long *val = NULL; >+ int result = kstrtoul(buf, 0, val); > >- if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') { >- p++; >- if (p[0] == 'x' || p[0] == 'X') >- p++; >- val = simple_strtoul(p, &p, 16); >- } else >- val = simple_strtoul(p, &p, 10); >- if (p == buffer) { >+ if (result == -EINVAL || result == -ERANGE) { > IPW_DEBUG_INFO("%s: user supplied invalid value.\n", dev->name); > } else { >- priv->ieee->scan_age = val; >+ priv->ieee->scan_age = *val; > IPW_DEBUG_INFO("set scan_age = %u\n", priv->ieee->scan_age); > } > > IPW_DEBUG_INFO("exit\n"); >- return len; >+ return count; > } > > static DEVICE_ATTR_RW(scan_age); > >--- >base-commit: 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 >change-id: 20230801-wifi-ipw2x00-refactor-fa6deb6c67ea > >Best regards, >-- >Justin Stitt <justinstitt@google.com> >
On Tue, Aug 1, 2023 at 6:16 PM Kees Cook <kees@kernel.org> wrote: > > On August 1, 2023 5:51:59 PM PDT, Justin Stitt <justinstitt@google.com> wrote: > >The current implementation seems to reinvent what `kstrtoul` already does > >in terms of functionality and error handling. Remove uses of `simple_strtoul()` > >in favor of `kstrtoul()`. > > > >There is the following note at `lib/vsprintf.c:simple_strtoull()` which > >further backs this change: > >| * This function has caveats. Please use kstrtoull (or kstrtoul) instead. > > > >And here, simple_str* are explicitly deprecated [3]. > > > >This patch also removes an instance of the deprecated `strncpy` which helps [2]. > > > >Link: https://lore.kernel.org/all/202308011602.3CC1C0244C@keescook/ [1] > >Link: https://github.com/KSPP/linux/issues/90 [2] > >Link: https://docs.kernel.org/process/deprecated.html#simple-strtol-simple-strtoll-simple-strtoul-simple-strtoull [3] > >Cc: linux-hardening@vger.kernel.org > >Suggested-by: Kees Cook <keescook@chromium.org> > >Signed-off-by: Justin Stitt <justinstitt@google.com> > >--- > > > > > >Link: https://lore.kernel.org/all/20230801-drivers-net-wireless-intel-ipw2x00-v1-1-ffd185c91292@google.com/ > >--- > > drivers/net/wireless/intel/ipw2x00/ipw2200.c | 43 +++++++++------------------- > > 1 file changed, 14 insertions(+), 29 deletions(-) > > > >diff --git a/drivers/net/wireless/intel/ipw2x00/ipw2200.c b/drivers/net/wireless/intel/ipw2x00/ipw2200.c > >index dfe0f74369e6..ac10633f593e 100644 > >--- a/drivers/net/wireless/intel/ipw2x00/ipw2200.c > >+++ b/drivers/net/wireless/intel/ipw2x00/ipw2200.c > >@@ -1176,23 +1176,20 @@ static ssize_t debug_level_show(struct device_driver *d, char *buf) > > static ssize_t debug_level_store(struct device_driver *d, const char *buf, > > size_t count) > > { > >- char *p = (char *)buf; > >- u32 val; > >+ unsigned long *val = NULL; > > > >- if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') { > >- p++; > >- if (p[0] == 'x' || p[0] == 'X') > >- p++; > >- val = simple_strtoul(p, &p, 16); > >- } else > >- val = simple_strtoul(p, &p, 10); > >- if (p == buf) > >+ int result = kstrtoul(buf, 0, val); > > kstrtoul needs somewhere to write the value, so val need to be actually unsigned long, and a pointer passed to that: > > unsigned long val; > ... > ... kstrtoul(but, 0, &val); > > But otherwise, yeah, this looks like the right direction to me. > > >+ > >+ if (result == -EINVAL) > > printk(KERN_INFO DRV_NAME > > ": %s is not in hex or decimal form.\n", buf); > >+ else if (result == -ERANGE) > >+ printk(KERN_INFO DRV_NAME > >+ ": %s has overflowed.\n", buf); > > else > >- ipw_debug_level = val; > >+ ipw_debug_level = *val; > > > >- return strnlen(buf, count); > >+ return count;. > > It might be worth mentioning this return value change, but I think it's correct: we're communicating how much was consumed (we consumed it all). When the return value != count, this function may be called again with the "rest" of the input. As this is a sysfs interface, that kind of behavior is very rare bordering on actively unwanted. :) So, I think these should either return a negative error or count. > > -Kees > > > } > > static DRIVER_ATTR_RW(debug_level); > > > >@@ -1461,33 +1458,21 @@ static ssize_t scan_age_store(struct device *d, struct device_attribute *attr, > > { > > struct ipw_priv *priv = dev_get_drvdata(d); > > struct net_device *dev = priv->net_dev; > >- char buffer[] = "00000000"; > >- unsigned long len = > >- (sizeof(buffer) - 1) > count ? count : sizeof(buffer) - 1; > >- unsigned long val; > >- char *p = buffer; > > > > IPW_DEBUG_INFO("enter\n"); > > > >- strncpy(buffer, buf, len); > >- buffer[len] = 0; > >+ unsigned long *val = NULL; > >+ int result = kstrtoul(buf, 0, val); > > > >- if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') { > >- p++; > >- if (p[0] == 'x' || p[0] == 'X') > >- p++; > >- val = simple_strtoul(p, &p, 16); > >- } else > >- val = simple_strtoul(p, &p, 10); > >- if (p == buffer) { > >+ if (result == -EINVAL || result == -ERANGE) { > > IPW_DEBUG_INFO("%s: user supplied invalid value.\n", dev->name); > > } else { > >- priv->ieee->scan_age = val; > >+ priv->ieee->scan_age = *val; > > IPW_DEBUG_INFO("set scan_age = %u\n", priv->ieee->scan_age); > > } > > > > IPW_DEBUG_INFO("exit\n"); > >- return len; > >+ return count; > > } > > > > static DEVICE_ATTR_RW(scan_age); > > > >--- > >base-commit: 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 > >change-id: 20230801-wifi-ipw2x00-refactor-fa6deb6c67ea > > > >Best regards, > >-- > >Justin Stitt <justinstitt@google.com> > > > > > -- > Kees Cook Thanks for the feedback. v2 available here: https://lore.kernel.org/all/20230802-wifi-ipw2x00-refactor-v2-1-d33f765e9cd5@google.com/
diff --git a/drivers/net/wireless/intel/ipw2x00/ipw2200.c b/drivers/net/wireless/intel/ipw2x00/ipw2200.c index dfe0f74369e6..ac10633f593e 100644 --- a/drivers/net/wireless/intel/ipw2x00/ipw2200.c +++ b/drivers/net/wireless/intel/ipw2x00/ipw2200.c @@ -1176,23 +1176,20 @@ static ssize_t debug_level_show(struct device_driver *d, char *buf) static ssize_t debug_level_store(struct device_driver *d, const char *buf, size_t count) { - char *p = (char *)buf; - u32 val; + unsigned long *val = NULL; - if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') { - p++; - if (p[0] == 'x' || p[0] == 'X') - p++; - val = simple_strtoul(p, &p, 16); - } else - val = simple_strtoul(p, &p, 10); - if (p == buf) + int result = kstrtoul(buf, 0, val); + + if (result == -EINVAL) printk(KERN_INFO DRV_NAME ": %s is not in hex or decimal form.\n", buf); + else if (result == -ERANGE) + printk(KERN_INFO DRV_NAME + ": %s has overflowed.\n", buf); else - ipw_debug_level = val; + ipw_debug_level = *val; - return strnlen(buf, count); + return count; } static DRIVER_ATTR_RW(debug_level); @@ -1461,33 +1458,21 @@ static ssize_t scan_age_store(struct device *d, struct device_attribute *attr, { struct ipw_priv *priv = dev_get_drvdata(d); struct net_device *dev = priv->net_dev; - char buffer[] = "00000000"; - unsigned long len = - (sizeof(buffer) - 1) > count ? count : sizeof(buffer) - 1; - unsigned long val; - char *p = buffer; IPW_DEBUG_INFO("enter\n"); - strncpy(buffer, buf, len); - buffer[len] = 0; + unsigned long *val = NULL; + int result = kstrtoul(buf, 0, val); - if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') { - p++; - if (p[0] == 'x' || p[0] == 'X') - p++; - val = simple_strtoul(p, &p, 16); - } else - val = simple_strtoul(p, &p, 10); - if (p == buffer) { + if (result == -EINVAL || result == -ERANGE) { IPW_DEBUG_INFO("%s: user supplied invalid value.\n", dev->name); } else { - priv->ieee->scan_age = val; + priv->ieee->scan_age = *val; IPW_DEBUG_INFO("set scan_age = %u\n", priv->ieee->scan_age); } IPW_DEBUG_INFO("exit\n"); - return len; + return count; } static DEVICE_ATTR_RW(scan_age);
The current implementation seems to reinvent what `kstrtoul` already does in terms of functionality and error handling. Remove uses of `simple_strtoul()` in favor of `kstrtoul()`. There is the following note at `lib/vsprintf.c:simple_strtoull()` which further backs this change: | * This function has caveats. Please use kstrtoull (or kstrtoul) instead. And here, simple_str* are explicitly deprecated [3]. This patch also removes an instance of the deprecated `strncpy` which helps [2]. Link: https://lore.kernel.org/all/202308011602.3CC1C0244C@keescook/ [1] Link: https://github.com/KSPP/linux/issues/90 [2] Link: https://docs.kernel.org/process/deprecated.html#simple-strtol-simple-strtoll-simple-strtoul-simple-strtoull [3] Cc: linux-hardening@vger.kernel.org Suggested-by: Kees Cook <keescook@chromium.org> Signed-off-by: Justin Stitt <justinstitt@google.com> --- Link: https://lore.kernel.org/all/20230801-drivers-net-wireless-intel-ipw2x00-v1-1-ffd185c91292@google.com/ --- drivers/net/wireless/intel/ipw2x00/ipw2200.c | 43 +++++++++------------------- 1 file changed, 14 insertions(+), 29 deletions(-) --- base-commit: 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 change-id: 20230801-wifi-ipw2x00-refactor-fa6deb6c67ea Best regards, -- Justin Stitt <justinstitt@google.com>