From patchwork Tue Jul 23 13:51:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joe Perches X-Patchwork-Id: 11054563 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B143F912 for ; Tue, 23 Jul 2019 13:52:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A32A32866D for ; Tue, 23 Jul 2019 13:52:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 94FB32851B; Tue, 23 Jul 2019 13:52:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id A383828673 for ; Tue, 23 Jul 2019 13:52:03 +0000 (UTC) Received: (qmail 13673 invoked by uid 550); 23 Jul 2019 13:51:57 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 13559 invoked from network); 23 Jul 2019 13:51:56 -0000 X-Session-Marker: 6A6F6540706572636865732E636F6D X-HE-Tag: silk37_83499df992928 X-Filterd-Recvd-Size: 3970 From: Joe Perches To: Linus Torvalds , linux-kernel@vger.kernel.org Cc: Jonathan Corbet , Stephen Kitt , Kees Cook , Nitin Gote , jannh@google.com, kernel-hardening@lists.openwall.com, Rasmus Villemoes , Andrew Morton Subject: [PATCH V2 1/2] string: Add stracpy and stracpy_pad mechanisms Date: Tue, 23 Jul 2019 06:51:36 -0700 Message-Id: X-Mailer: git-send-email 2.15.0 In-Reply-To: References: X-Virus-Scanned: ClamAV using ClamSMTP Several uses of strlcpy and strscpy have had defects because the last argument of each function is misused or typoed. Add macro mechanisms to avoid this defect. stracpy (copy a string to a string array) must have a string array as the first argument (dest) and uses sizeof(dest) as the count of bytes to copy. These mechanisms verify that the dest argument is an array of char or other compatible types like u8 or s8 or equivalent. A BUILD_BUG is emitted when the type of dest is not compatible. Signed-off-by: Joe Perches Signed-off-by: Stephen Kitt --- V2: Use __same_type testing char[], signed char[], and unsigned char[] Rename to, from, and size, dest, src and count Correct return of -E2BIG descriptions include/linux/string.h | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/include/linux/string.h b/include/linux/string.h index 4deb11f7976b..7572cd78cf9f 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -35,6 +35,51 @@ ssize_t strscpy(char *, const char *, size_t); /* Wraps calls to strscpy()/memset(), no arch specific code required */ ssize_t strscpy_pad(char *dest, const char *src, size_t count); +/** + * stracpy - Copy a C-string into an array of char/u8/s8 or equivalent + * @dest: Where to copy the string, must be an array of char and not a pointer + * @src: String to copy, may be a pointer or const char array + * + * Helper for strscpy(). + * Copies a maximum of sizeof(@dest) bytes of @src with %NUL termination. + * + * Returns: + * * The number of characters copied (not including the trailing %NUL) + * * -E2BIG if @dest is a zero size array or @src was truncated. + */ +#define stracpy(dest, src) \ +({ \ + size_t count = ARRAY_SIZE(dest); \ + BUILD_BUG_ON(!(__same_type(dest, char[]) || \ + __same_type(dest, unsigned char[]) || \ + __same_type(dest, signed char[]))); \ + \ + strscpy(dest, src, count); \ +}) + +/** + * stracpy_pad - Copy a C-string into an array of char/u8/s8 with %NUL padding + * @dest: Where to copy the string, must be an array of char and not a pointer + * @src: String to copy, may be a pointer or const char array + * + * Helper for strscpy_pad(). + * Copies a maximum of sizeof(@dest) bytes of @src with %NUL termination + * and zero-pads the remaining size of @dest + * + * Returns: + * * The number of characters copied (not including the trailing %NUL) + * * -E2BIG if @dest is a zero size array or @src was truncated. + */ +#define stracpy_pad(dest, src) \ +({ \ + size_t count = ARRAY_SIZE(dest); \ + BUILD_BUG_ON(!(__same_type(dest, char[]) || \ + __same_type(dest, unsigned char[]) || \ + __same_type(dest, signed char[]))); \ + \ + strscpy_pad(dest, src, count); \ +}) + #ifndef __HAVE_ARCH_STRCAT extern char * strcat(char *, const char *); #endif From patchwork Tue Jul 23 13:51:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joe Perches X-Patchwork-Id: 11054565 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C0ACA912 for ; Tue, 23 Jul 2019 13:52:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B05FC22376 for ; Tue, 23 Jul 2019 13:52:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AE8022851B; Tue, 23 Jul 2019 13:52:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id D619C2837D for ; Tue, 23 Jul 2019 13:52:11 +0000 (UTC) Received: (qmail 13892 invoked by uid 550); 23 Jul 2019 13:52:00 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 13838 invoked from network); 23 Jul 2019 13:51:58 -0000 X-Session-Marker: 6A6F6540706572636865732E636F6D X-HE-Tag: page82_83b617262f530 X-Filterd-Recvd-Size: 3984 From: Joe Perches To: Linus Torvalds , linux-kernel@vger.kernel.org Cc: Jonathan Corbet , Stephen Kitt , Kees Cook , Nitin Gote , jannh@google.com, kernel-hardening@lists.openwall.com, Rasmus Villemoes , Andrew Morton , linux-doc@vger.kernel.org Subject: [PATCH V2 2/2] kernel-doc: core-api: Include string.h into core-api Date: Tue, 23 Jul 2019 06:51:37 -0700 Message-Id: <29f998b4c1a9d69fbeae70500ba0daa4b340c546.1563889130.git.joe@perches.com> X-Mailer: git-send-email 2.15.0 In-Reply-To: References: X-Virus-Scanned: ClamAV using ClamSMTP core-api should show all the various string functions including the newly added stracpy and stracpy_pad. Miscellanea: o Update the Returns: value for strscpy o fix a defect with %NUL) Signed-off-by: Joe Perches --- V2: Correct return of -E2BIG descriptions Documentation/core-api/kernel-api.rst | 3 +++ include/linux/string.h | 5 +++-- lib/string.c | 10 ++++++---- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst index 08af5caf036d..f77de49b1d51 100644 --- a/Documentation/core-api/kernel-api.rst +++ b/Documentation/core-api/kernel-api.rst @@ -42,6 +42,9 @@ String Manipulation .. kernel-doc:: lib/string.c :export: +.. kernel-doc:: include/linux/string.h + :internal: + .. kernel-doc:: mm/util.c :functions: kstrdup kstrdup_const kstrndup kmemdup kmemdup_nul memdup_user vmemdup_user strndup_user memdup_user_nul diff --git a/include/linux/string.h b/include/linux/string.h index 7572cd78cf9f..3cf684db4bc6 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -519,8 +519,9 @@ static inline void memcpy_and_pad(void *dest, size_t dest_len, * But this can lead to bugs due to typos, or if prefix is a pointer * and not a constant. Instead use str_has_prefix(). * - * Returns: 0 if @str does not start with @prefix - strlen(@prefix) if @str does start with @prefix + * Returns: + * * strlen(@prefix) if @str starts with @prefix + * * 0 if @str does not start with @prefix */ static __always_inline size_t str_has_prefix(const char *str, const char *prefix) { diff --git a/lib/string.c b/lib/string.c index 461fb620f85f..f7bc10da4259 100644 --- a/lib/string.c +++ b/lib/string.c @@ -173,8 +173,9 @@ EXPORT_SYMBOL(strlcpy); * doesn't unnecessarily force the tail of the destination buffer to be * zeroed. If zeroing is desired please use strscpy_pad(). * - * Return: The number of characters copied (not including the trailing - * %NUL) or -E2BIG if the destination buffer wasn't big enough. + * Returns: + * * The number of characters copied (not including the trailing %NUL) + * * -E2BIG if count is 0 or @src was truncated. */ ssize_t strscpy(char *dest, const char *src, size_t count) { @@ -253,8 +254,9 @@ EXPORT_SYMBOL(strscpy); * For full explanation of why you may want to consider using the * 'strscpy' functions please see the function docstring for strscpy(). * - * Return: The number of characters copied (not including the trailing - * %NUL) or -E2BIG if the destination buffer wasn't big enough. + * Returns: + * * The number of characters copied (not including the trailing %NUL) + * * -E2BIG if count is 0 or @src was truncated. */ ssize_t strscpy_pad(char *dest, const char *src, size_t count) {