From patchwork Mon Feb 18 23:23:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 10818943 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C4A6613BF for ; Mon, 18 Feb 2019 23:24:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B1C9D2B74D for ; Mon, 18 Feb 2019 23:24:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A544E2B8F7; Mon, 18 Feb 2019 23:24:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id AC7492B74D for ; Mon, 18 Feb 2019 23:24:24 +0000 (UTC) Received: (qmail 26243 invoked by uid 550); 18 Feb 2019 23:24:17 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 26075 invoked from network); 18 Feb 2019 23:24:16 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=wasUhckRRwTncBVgrgQrKvaKFiFeouSK0zO9OtZYhFI=; b=yblAlgZn ihQXtnigyXi9F08dbJa3yzakSWETwT2MdTcwr2/s3wB7Z0ZVLroeZCm4b2MHnNwK Rq/3sXCEynHBhlp+rVULogpaoPScmRGxbsIlo2UnBLwudVJ+TqoACSBexKpfToZ+ n0mbRDgPe1icwVbCdciXc6PRaHX9SvVjlfl0RyEaiVoxdNxGMo1G3AR/DVlCL29l AReCzPKGb8qcppr6/ROSbsvTZa+D0/zsAWsum9jEagiA13HxeZ8rtD5KMChhqu2B +YOmqL6SKCQjgazmMyF+3hbFwGt48PTVqFB9fI/wDUySxr1Tl+1yJ4e8vgU5LH2F AfJDLk3UOS6dEg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtddvgddtjeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpedfvfhosghi nhcuvedrucfjrghrughinhhgfdcuoehtohgsihhnsehkvghrnhgvlhdrohhrgheqnecukf hppeduvddurdeggedrvddtvddrudeftdenucfrrghrrghmpehmrghilhhfrhhomhepthho sghinheskhgvrhhnvghlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: From: "Tobin C. Harding" To: Kees Cook Cc: "Tobin C. Harding" , Shuah Khan , Alexander Shishkin , Greg Kroah-Hartman , Andy Shevchenko , kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org Subject: [PATCH 1/6] lib/string: Enable string selftesting Date: Tue, 19 Feb 2019 10:23:03 +1100 Message-Id: <20190218232308.11241-2-tobin@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190218232308.11241-1-tobin@kernel.org> References: <20190218232308.11241-1-tobin@kernel.org> MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP Currently we have a test module but it is not tied into the kselftest infrastructure. In preparation for adding string manipulation functions and testing we should enable kselftest to utilize the test module. Enable string testing via kselftest infrastructure. Signed-off-by: Tobin C. Harding --- lib/Kconfig.debug | 14 ++++++++++++++ lib/Makefile | 2 +- lib/test_string.c | 4 ++-- tools/testing/selftests/lib/Makefile | 2 +- tools/testing/selftests/lib/config | 1 + tools/testing/selftests/lib/string.sh | 19 +++++++++++++++++++ 6 files changed, 38 insertions(+), 4 deletions(-) create mode 100755 tools/testing/selftests/lib/string.sh diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index d4df5b24d75e..0dca64c1d8a4 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1802,8 +1802,22 @@ config ASYNC_RAID6_TEST config TEST_HEXDUMP tristate "Test functions located in the hexdump module at runtime" +config TEST_STRING + tristate "Perform selftest on string manipulation functions" + default n + help + Enable this option to test string manipulation functions. + Currently this only tests memset_{16,32,64}. + + If unsure, say N. + config TEST_STRING_HELPERS tristate "Test functions located in the string_helpers module at runtime" + default n + help + Enable this option to unit test code in lib/string_helpers.c + + If unsure, say N. config TEST_KSTRTOX tristate "Test kstrto*() family of functions at runtime" diff --git a/lib/Makefile b/lib/Makefile index e1b59da71418..9c30e1fee27f 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -39,7 +39,7 @@ obj-y += bcd.o div64.o sort.o parser.o debug_locks.o random32.o \ bsearch.o find_bit.o llist.o memweight.o kfifo.o \ percpu-refcount.o rhashtable.o reciprocal_div.o \ once.o refcount.o usercopy.o errseq.o bucket_locks.o -obj-$(CONFIG_STRING_SELFTEST) += test_string.o +obj-$(CONFIG_TEST_STRING) += test_string.o obj-y += string_helpers.o obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o obj-y += hexdump.o diff --git a/lib/test_string.c b/lib/test_string.c index 0fcdb82dca86..a9cba442389a 100644 --- a/lib/test_string.c +++ b/lib/test_string.c @@ -111,7 +111,7 @@ static __init int memset64_selftest(void) return 0; } -static __init int string_selftest_init(void) +static __init int test_string_init(void) { int test, subtest; @@ -137,5 +137,5 @@ static __init int string_selftest_init(void) return 0; } -module_init(string_selftest_init); +module_init(test_string_init); MODULE_LICENSE("GPL v2"); diff --git a/tools/testing/selftests/lib/Makefile b/tools/testing/selftests/lib/Makefile index 70d5711e3ac8..2ee4559b277e 100644 --- a/tools/testing/selftests/lib/Makefile +++ b/tools/testing/selftests/lib/Makefile @@ -3,6 +3,6 @@ # No binaries, but make sure arg-less "make" doesn't trigger "run_tests" all: -TEST_PROGS := printf.sh bitmap.sh prime_numbers.sh +TEST_PROGS := printf.sh bitmap.sh prime_numbers.sh string.sh include ../lib.mk diff --git a/tools/testing/selftests/lib/config b/tools/testing/selftests/lib/config index 126933bcc950..2032402ad409 100644 --- a/tools/testing/selftests/lib/config +++ b/tools/testing/selftests/lib/config @@ -1,3 +1,4 @@ CONFIG_TEST_PRINTF=m CONFIG_TEST_BITMAP=m +CONFIG_TEST_STRING=m CONFIG_PRIME_NUMBERS=m diff --git a/tools/testing/selftests/lib/string.sh b/tools/testing/selftests/lib/string.sh new file mode 100755 index 000000000000..99024b6f3a6a --- /dev/null +++ b/tools/testing/selftests/lib/string.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +# Runs string manipulation tests using test_string kernel module + +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 + +if ! /sbin/modprobe -q -n test_string; then + echo "string: module test_string is not found [SKIP]" + exit $ksft_skip +fi + +if /sbin/modprobe -q test_string; then + /sbin/modprobe -q -r test_string + echo "string: ok" +else + echo "string: [FAIL]" + exit 1 +fi From patchwork Mon Feb 18 23:23:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 10818945 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 43E491399 for ; Mon, 18 Feb 2019 23:24:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2EB992B74D for ; Mon, 18 Feb 2019 23:24:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 21F162B7DC; Mon, 18 Feb 2019 23:24:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 5ECA22B74D for ; Mon, 18 Feb 2019 23:24:32 +0000 (UTC) Received: (qmail 26544 invoked by uid 550); 18 Feb 2019 23:24:20 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 26459 invoked from network); 18 Feb 2019 23:24:19 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=FNg57b3mZQ18XqGRkwxeXlfXTue/1VAjFPcRQ/di6iA=; b=HkFG0q7f Pu0O2WG+TdH1jEASZUAmFu1oOySZ7YTFPwGO/sywuOaU89tP18BFzlCaINLXDk1Z rQmyGGsE5acxTw4ANliQQ4FhEwqWhIvfyi55XOxZXdm3ryfBMSw0PEXXJ/+VeIcl 95vAzRzSrD+C4C6ooGbxCjhLP5Fd0Wtl5syu+4bnF/aDdyL4EHZzu7yK973Q02Sm 5eoiUjsBpPlNzU4Muy1t3f/FSwaDHliQ50YB5fuffy2Aw3TB2A3sh4OnxjIJrZyD bFJNKgAui4sW92LfSmzTKCvZDplh3etucmrYKgcJ9PqMlRKeYndVRbdBfk116WPU qWTrR67bBJDhQg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtddvgddtjeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpedfvfhosghi nhcuvedrucfjrghrughinhhgfdcuoehtohgsihhnsehkvghrnhgvlhdrohhrgheqnecukf hppeduvddurdeggedrvddtvddrudeftdenucfrrghrrghmpehmrghilhhfrhhomhepthho sghinheskhgvrhhnvghlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: From: "Tobin C. Harding" To: Kees Cook Cc: "Tobin C. Harding" , Shuah Khan , Alexander Shishkin , Greg Kroah-Hartman , Andy Shevchenko , kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org Subject: [PATCH 2/6] lib/string: Fix erroneous 'overflow' documentation Date: Tue, 19 Feb 2019 10:23:04 +1100 Message-Id: <20190218232308.11241-3-tobin@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190218232308.11241-1-tobin@kernel.org> References: <20190218232308.11241-1-tobin@kernel.org> MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP Current documentation uses 'overflow' to describe a situation where less data is written to a buffer than buffer size not more. 'overflow' is the wrong word here - since we don't typically say 'underflow' change the whole sentence. Fix erroneous 'overflow' documentation for under filled buffer. Signed-off-by: Tobin C. Harding --- lib/string.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/string.c b/lib/string.c index 38e4ca08e757..7f1d72db53c5 100644 --- a/lib/string.c +++ b/lib/string.c @@ -173,8 +173,8 @@ EXPORT_SYMBOL(strlcpy); * * Preferred to strncpy() since it always returns a valid string, and * doesn't unnecessarily force the tail of the destination buffer to be - * zeroed. If the zeroing is desired, it's likely cleaner to use strscpy() - * with an overflow test, then just memset() the tail of the dest buffer. + * zeroed. If the zeroing is desired, it's likely cleaner to use strscpy(), + * check the return size, then just memset() the tail of the dest buffer. */ ssize_t strscpy(char *dest, const char *src, size_t count) { From patchwork Mon Feb 18 23:23:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 10818947 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C59B11399 for ; Mon, 18 Feb 2019 23:24:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B36752B7DC for ; Mon, 18 Feb 2019 23:24:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A74FA2BCA4; Mon, 18 Feb 2019 23:24:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id D8F102B8F7 for ; Mon, 18 Feb 2019 23:24:39 +0000 (UTC) Received: (qmail 27861 invoked by uid 550); 18 Feb 2019 23:24:23 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 27778 invoked from network); 18 Feb 2019 23:24:22 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=0kNq+XPK5XlADe3A/eDfvto4Zt4XV904TM2s0F96Fgc=; b=ZpjCC5o1 OsB4/6bSqwim4cdVUAGoqN1xYEUJPAIR/yHtyLqL17nsELYX8phMATzlRuGAzXTa UABi5ATr7nwYi90w2l0byrMSxGeuyBHhHpCH1SG8rAw6a3TMfH2O/Vbjls7MThi2 pzvBy5J7JTvTwQAym/IVPuBpZ/CH5Des4M0EI6FtwGi1ylhzKDz+YYlVMdeCeKlt UAJL2lWRcQuWR7Kdtczwk1ikY2alrsCZOlRp0WmGPiabySczHqurjCtJpIu9tinq shnRZ/RptdGoTqyvFiQG0W2JU1wIOeSRZRVvqzB24WvgrAbxSp5S92CLAzPJU7lV 0V8GZ9rw874k9w== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtddvgddtjeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpedfvfhosghi nhcuvedrucfjrghrughinhhgfdcuoehtohgsihhnsehkvghrnhgvlhdrohhrgheqnecukf hppeduvddurdeggedrvddtvddrudeftdenucfrrghrrghmpehmrghilhhfrhhomhepthho sghinheskhgvrhhnvghlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: From: "Tobin C. Harding" To: Kees Cook Cc: "Tobin C. Harding" , Shuah Khan , Alexander Shishkin , Greg Kroah-Hartman , Andy Shevchenko , kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org Subject: [PATCH 3/6] lib/string: Use correct docstring format Date: Tue, 19 Feb 2019 10:23:05 +1100 Message-Id: <20190218232308.11241-4-tobin@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190218232308.11241-1-tobin@kernel.org> References: <20190218232308.11241-1-tobin@kernel.org> MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP Currently the docstring comments for strscpy() are not in the correct format. Prior to working on this file fix up the docstring. Use correct docstring format for strscpy(). Signed-off-by: Tobin C. Harding Acked-by: Kees Cook --- lib/string.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/string.c b/lib/string.c index 7f1d72db53c5..65969cf32f5d 100644 --- a/lib/string.c +++ b/lib/string.c @@ -159,11 +159,9 @@ EXPORT_SYMBOL(strlcpy); * @src: Where to copy the string from * @count: Size of destination buffer * - * Copy the string, or as much of it as fits, into the dest buffer. - * The routine returns the number of characters copied (not including - * the trailing NUL) or -E2BIG if the destination buffer wasn't big enough. - * The behavior is undefined if the string buffers overlap. - * The destination buffer is always NUL terminated, unless it's zero-sized. + * Copy the string, or as much of it as fits, into the dest buffer. The + * behavior is undefined if the string buffers overlap. The destination + * buffer is always NUL terminated, unless it's zero-sized. * * Preferred to strlcpy() since the API doesn't require reading memory * from the src string beyond the specified "count" bytes, and since @@ -175,6 +173,9 @@ EXPORT_SYMBOL(strlcpy); * doesn't unnecessarily force the tail of the destination buffer to be * zeroed. If the zeroing is desired, it's likely cleaner to use strscpy(), * check the return size, then just memset() the tail of the dest buffer. + * + * Return: The number of characters copied (not including the trailing + * NUL) or -E2BIG if the destination buffer wasn't big enough. */ ssize_t strscpy(char *dest, const char *src, size_t count) { From patchwork Mon Feb 18 23:23:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 10818949 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E9D0F13BF for ; Mon, 18 Feb 2019 23:24:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D87572B7DC for ; Mon, 18 Feb 2019 23:24:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CC85A2BD84; Mon, 18 Feb 2019 23:24:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id B65412B7DC for ; Mon, 18 Feb 2019 23:24:47 +0000 (UTC) Received: (qmail 28306 invoked by uid 550); 18 Feb 2019 23:24:27 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 28167 invoked from network); 18 Feb 2019 23:24:26 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=w3SU4u4HWNHuX1tPAKs+oZt1jVykzBguylycKMLAXFA=; b=PW9yqsvk 9dfYbiIsTA3bZ4rwBOGtN1aQbQlZtA3WK/1OyFTFoPRJWkb07JqHmTpvkx5THvc+ 0I3GjPHCMk1weivf7uIWrUp5c1QSSpxJTDqdq1UhsDeynhcBm1SUldc1/R8ENYvz YDx7PjKYBhUeBfWTt1TiLc6VXwcI77hAjKvXPKrHX663Zm89Pe5feGaFhCdMexHb b2bf9xN1haJLsbarBBoCdm1Q9aUJxPtDwz0KtZbBbk44Te8+GI56/qKhkHr+1GMn gdlxninAwzOzqovaxsf20Y9DhrUOsO1iYClbx6TAZRPm7l+xdH4o74ell1H5Yvdl P+/WsjbEUI2nng== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtddvgddtjeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpedfvfhosghi nhcuvedrucfjrghrughinhhgfdcuoehtohgsihhnsehkvghrnhgvlhdrohhrgheqnecukf hppeduvddurdeggedrvddtvddrudeftdenucfrrghrrghmpehmrghilhhfrhhomhepthho sghinheskhgvrhhnvghlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: From: "Tobin C. Harding" To: Kees Cook Cc: "Tobin C. Harding" , Shuah Khan , Alexander Shishkin , Greg Kroah-Hartman , Andy Shevchenko , kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org Subject: [PATCH 4/6] lib/string: Add string copy/zero function Date: Tue, 19 Feb 2019 10:23:06 +1100 Message-Id: <20190218232308.11241-5-tobin@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190218232308.11241-1-tobin@kernel.org> References: <20190218232308.11241-1-tobin@kernel.org> MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP We have a function to copy strings safely and we have a function to copy strings _and_ zero the tail of the destination (if source string is shorter than destination buffer) but we do not have a function to do both at once. This means developers must write this themselves if they desire this functionality. This is a chore, and also leaves us open to off by one errors unnecessarily. Add a function that calls strscpy() then memset()s the tail to zero if the source string is shorter than the destination buffer. Add testing via kselftest. Signed-off-by: Tobin C. Harding --- include/linux/string.h | 4 ++++ lib/Kconfig.debug | 2 +- lib/string.c | 30 ++++++++++++++++++++++++++++-- lib/test_string.c | 31 +++++++++++++++++++++++++++++++ 4 files changed, 64 insertions(+), 3 deletions(-) diff --git a/include/linux/string.h b/include/linux/string.h index 7927b875f80c..695a5e6a31e3 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -31,6 +31,10 @@ size_t strlcpy(char *, const char *, size_t); #ifndef __HAVE_ARCH_STRSCPY ssize_t strscpy(char *, const char *, size_t); #endif + +/* Wrapper function, no arch specific code required */ +ssize_t strscpy_zeroed(char *dest, const char *src, size_t count); + #ifndef __HAVE_ARCH_STRCAT extern char * strcat(char *, const char *); #endif diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 0dca64c1d8a4..faa15ff47c4f 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1807,7 +1807,7 @@ config TEST_STRING default n help Enable this option to test string manipulation functions. - Currently this only tests memset_{16,32,64}. + Currently this only tests memset_{16,32,64} and strscpy_zeroed(). If unsure, say N. diff --git a/lib/string.c b/lib/string.c index 65969cf32f5d..ff5106e8249f 100644 --- a/lib/string.c +++ b/lib/string.c @@ -171,8 +171,7 @@ EXPORT_SYMBOL(strlcpy); * * Preferred to strncpy() since it always returns a valid string, and * doesn't unnecessarily force the tail of the destination buffer to be - * zeroed. If the zeroing is desired, it's likely cleaner to use strscpy(), - * check the return size, then just memset() the tail of the dest buffer. + * zeroed. If the zeroing is desired use strscpy_zeroed(). * * Return: The number of characters copied (not including the trailing * NUL) or -E2BIG if the destination buffer wasn't big enough. @@ -238,6 +237,33 @@ ssize_t strscpy(char *dest, const char *src, size_t count) EXPORT_SYMBOL(strscpy); #endif +/** + * strscopy_zeroed() - Copy a C-string into a sized buffer + * @dest: Where to copy the string to + * @src: Where to copy the string from + * @count: Size of destination buffer + * + * If the source string is shorter than the destination buffer, zeros + * the tail of the destination buffer. + * + * Return: The number of characters copied (not including the trailing + * NUL) or -E2BIG if the destination buffer wasn't big enough. + */ +ssize_t strscpy_zeroed(char *dest, const char *src, size_t count) +{ + ssize_t written; + + written = strscpy(dest, src, count); + if (written < 0) + return written; + + if (written < count) + memset(dest + written, 0, count - written); + + return written; +} +EXPORT_SYMBOL(strscpy_zeroed); + #ifndef __HAVE_ARCH_STRCAT /** * strcat - Append one %NUL-terminated string to another diff --git a/lib/test_string.c b/lib/test_string.c index a9cba442389a..cc4eef51a395 100644 --- a/lib/test_string.c +++ b/lib/test_string.c @@ -111,6 +111,32 @@ static __init int memset64_selftest(void) return 0; } +static __init int strscpy_zeroed_selftest(void) +{ + char buf[6]; + int written; + + memset(buf, 'a', sizeof(buf)); + + written = strscpy_zeroed(buf, "bb", 4); + if (written != 2) + return 1; + + /* Copied correctly */ + if (buf[0] != 'b' || buf[1] != 'b') + return 2; + + /* Zeroed correctly */ + if (buf[2] != '\0' || buf[3] != '\0') + return 3; + + /* Only touched what it was supposed to */ + if (buf[4] != 'a' || buf[5] != 'a') + return 4; + + return 0; +} + static __init int test_string_init(void) { int test, subtest; @@ -130,6 +156,11 @@ static __init int test_string_init(void) if (subtest) goto fail; + test = 4; + subtest = strscpy_zeroed_selftest(); + if (subtest) + goto fail; + pr_info("String selftests succeeded\n"); return 0; fail: From patchwork Mon Feb 18 23:23:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 10818951 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 07E2413BF for ; Mon, 18 Feb 2019 23:24:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E8DF42BD84 for ; Mon, 18 Feb 2019 23:24:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DD0542BE65; Mon, 18 Feb 2019 23:24:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 1DF432BD84 for ; Mon, 18 Feb 2019 23:24:56 +0000 (UTC) Received: (qmail 28639 invoked by uid 550); 18 Feb 2019 23:24:30 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 28536 invoked from network); 18 Feb 2019 23:24:29 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=gQ2Czs+WwskYJcjsHIvDj3HILOy3Yi9CMACq5Mkjk6M=; b=s3SkqYzK qoYIQ+tXK2mW/fEbmxAeKKHiSiwVU30gDfQwFTycwqsktR4zjxTOAX2D7Ay9T5/0 DIumXjLBvx0VMPAQaprY3m9DKOP2zX02ZZyMVi0SknSzE+qFn+JC9kHsEZ3HrQKO o+No+KC0jl0qNVl4JRm0pu/xobIK1xbmORjdHMqEOyctnumbuwLVESyk0tyvHJG6 gBfuwFybx2ucLLI9bDhiP6HgDMdFZd5Dnu4vacSFs2lho433lxgo7wGr6hqiWugD G14ZqZxy6l92NNiY0PEaXsxPL6ak8iLeHr85LcHuuM4Wnoabm6vlT/7EFdtV21n9 xeEn0QaaPV2ziQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtddvgddtjeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpedfvfhosghi nhcuvedrucfjrghrughinhhgfdcuoehtohgsihhnsehkvghrnhgvlhdrohhrgheqnecukf hppeduvddurdeggedrvddtvddrudeftdenucfrrghrrghmpehmrghilhhfrhhomhepthho sghinheskhgvrhhnvghlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: From: "Tobin C. Harding" To: Kees Cook Cc: "Tobin C. Harding" , Shuah Khan , Alexander Shishkin , Greg Kroah-Hartman , Andy Shevchenko , kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org Subject: [PATCH 5/6] lib: Fix function documentation for strncpy_from_user Date: Tue, 19 Feb 2019 10:23:07 +1100 Message-Id: <20190218232308.11241-6-tobin@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190218232308.11241-1-tobin@kernel.org> References: <20190218232308.11241-1-tobin@kernel.org> MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP Current function documentation for strncpy_from_user() is incorrect. If @count (size of destination buffer) is less than the length of the user string the function does _not_ return @count but rather returns -EFAULT. Document correctly the function return value, also add note that string may be left non-null terminated. Signed-off-by: Tobin C. Harding --- lib/strncpy_from_user.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c index 58eacd41526c..11fe9a4a00fd 100644 --- a/lib/strncpy_from_user.c +++ b/lib/strncpy_from_user.c @@ -82,22 +82,19 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, long } /** - * strncpy_from_user: - Copy a NUL terminated string from userspace. + * strncpy_from_user() - Copy a NUL terminated string from userspace. * @dst: Destination address, in kernel space. This buffer must be at * least @count bytes long. * @src: Source address, in user space. - * @count: Maximum number of bytes to copy, including the trailing NUL. + * @count: Maximum number of bytes to copy, including the trailing %NUL. * * Copies a NUL-terminated string from userspace to kernel space. * - * On success, returns the length of the string (not including the trailing - * NUL). - * - * If access to userspace fails, returns -EFAULT (some data may have been - * copied). - * - * If @count is smaller than the length of the string, copies @count bytes - * and returns @count. + * Return: If access to userspace fails, returns -EFAULT. Otherwise, + * return the number of characters copied excluding the trailing + * %NUL, if the length of the user string exceeds @count return + * -EFAULT (in which case @dst will be left without a %NUL + * terminator). */ long strncpy_from_user(char *dst, const char __user *src, long count) { From patchwork Mon Feb 18 23:23:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 10818953 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 86EC71399 for ; Mon, 18 Feb 2019 23:25:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 710292BD84 for ; Mon, 18 Feb 2019 23:25:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 53ED22BE65; Mon, 18 Feb 2019 23:25:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 722AD2BD84 for ; Mon, 18 Feb 2019 23:25:07 +0000 (UTC) Received: (qmail 30045 invoked by uid 550); 18 Feb 2019 23:24:34 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 29951 invoked from network); 18 Feb 2019 23:24:33 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=GesfR975C7GXSJuXJWymo3Fhv9NK44xbOlcyXlyCbOk=; b=xgx287FH AMLAl4CUQUxjIcz2psOOAw5omubl//MhTw4uG6dJGsqEV++XoO6ZP9YSlUGXEt16 B20pUZ3ZoDcpEW28JWWFmCK/wH7y7STITc0PEfViZ631UsTh/+PmzHPiYEZgtWjJ iUiYh8mW2KvNtmqs4Ib03TEwQH+CFpPadEoGuFCIU0igdLBcHmBKkthFyLd+EBIZ ukQKC3xEfWHeX6QB/AUw7XgC8snS94pWkBaRvi6N2q/9wpBn0I/q8BtNiYtD8/hP b3xjdYD8kCkw86ATJndWaIUYd31HzQ9Z9Brsr7MhDwgIzf6KLsaWeTRGLokr3h1M W3E8LwgW8zE9wA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtddvgddtjeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpedfvfhosghi nhcuvedrucfjrghrughinhhgfdcuoehtohgsihhnsehkvghrnhgvlhdrohhrgheqnecukf hppeduvddurdeggedrvddtvddrudeftdenucfrrghrrghmpehmrghilhhfrhhomhepthho sghinheskhgvrhhnvghlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: From: "Tobin C. Harding" To: Kees Cook Cc: "Tobin C. Harding" , Shuah Khan , Alexander Shishkin , Greg Kroah-Hartman , Andy Shevchenko , kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org Subject: [PATCH 6/6] lib: Add function strscpy_from_user() Date: Tue, 19 Feb 2019 10:23:08 +1100 Message-Id: <20190218232308.11241-7-tobin@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190218232308.11241-1-tobin@kernel.org> References: <20190218232308.11241-1-tobin@kernel.org> MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP Currently we have strncpy_from_userspace(). If the user string is longer than the destination kernel buffer we get an error code -EFAULT. We are unable to recover from here because this is the same error returned if the access to userspace fails totally. There is no reason we cannot continue execution with the user string truncated. Add a function strscpy_from_user() that guarantees the string written is null-terminated. If user string is longer than destination buffer truncates the string. Returns the number of characters written excluding the null-terminator. Signed-off-by: Tobin C. Harding --- lib/strncpy_from_user.c | 43 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c index 11fe9a4a00fd..6bd603ccec7a 100644 --- a/lib/strncpy_from_user.c +++ b/lib/strncpy_from_user.c @@ -120,3 +120,46 @@ long strncpy_from_user(char *dst, const char __user *src, long count) return -EFAULT; } EXPORT_SYMBOL(strncpy_from_user); + +/** + * strscpy_from_user() - Copy a NUL terminated string from userspace. + * @dst: Destination address, in kernel space. This buffer must be at + * least @count bytes long. + * @src: Source address, in user space. + * @count: Maximum number of bytes to copy, including the trailing %NUL. + * + * Copies a NUL-terminated string from userspace to kernel space. When + * the function returns @dst is guaranteed to be null terminated. + * + * Return: If access to userspace fails, returns -EFAULT. Otherwise, + * return the number of characters copied excluding the trailing + * %NUL. + */ +long strscpy_from_user(char *dst, const char __user *src, long count) +{ + unsigned long max_addr, src_addr; + + if (unlikely(count <= 0)) + return 0; + + max_addr = user_addr_max(); + src_addr = (unsigned long)src; + if (likely(src_addr < max_addr)) { + unsigned long max = max_addr - src_addr; + long retval; + + kasan_check_write(dst, count); + check_object_size(dst, count, false); + if (user_access_begin(src, max)) { + retval = do_strncpy_from_user(dst, src, count, max); + user_access_end(); + if (retval == -EFAULT) { + dst[count-1] = '\0'; + return count - 1; + } + return retval; + } + } + return -EFAULT; +} +EXPORT_SYMBOL(strscpy_from_user);