From patchwork Wed Apr 10 02:31:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 13623472 Received: from mail-ot1-f43.google.com (mail-ot1-f43.google.com [209.85.210.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE3118F44 for ; Wed, 10 Apr 2024 02:31:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716319; cv=none; b=DTvPtX00v5F0MTpAqPHNo6ERF0q7DvMeiGJ5AA1adqBlBE89IwI2qMjdrNtTbCaQYRbkCzAENBef5RZM4Rd7HMgwejL40sYnK2I0KkEKyuPnMfufxfuvcfFzN9b+92W/bz5HFeck3HM93qcZrAYHRiSc6SL+lzTbAB2lRYVcODg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716319; c=relaxed/simple; bh=qYbI18yUD5HzoNjKR0lGr4s6EGttBI6+PzDO8Wigddw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=NZUySC5mAIPZd5DthFQsDJb52w53xaJ/yKgmXIDSRJOweuvOB4LvwhSvCzNX3lG3blOMZNul/DfVd6vDWtpJ/JyWbEjGe+2wSvdrJ1dQJ05mSljC2JW1qo1Pz/yYCiNI68lsywT08LhP7TWzevAMWASTd4BgUiLR06y+nQPCl7w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=SIMSFdFr; arc=none smtp.client-ip=209.85.210.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="SIMSFdFr" Received: by mail-ot1-f43.google.com with SMTP id 46e09a7af769-6ea0f0ba3a5so1305762a34.3 for ; Tue, 09 Apr 2024 19:31:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1712716317; x=1713321117; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oDjOHXgs0t5VffxEwXD7O3lIN0U2S1tp9J0ba2VzLZ8=; b=SIMSFdFrpV24Dh4osCye8cAKO24bfcBL8ygq21+sqtVuoIQGv5yo0hhV5V+g+mf8h2 QHxa1uxV19PVOlS4jjce98p+XTgSPYeZAdoX02Rf/caMvnDsUcvniIF0frD42hEsFs1U 0o31dhrpeqoSPjURsMSuuKH6kJ0Z/OMb5xSPY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712716317; x=1713321117; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oDjOHXgs0t5VffxEwXD7O3lIN0U2S1tp9J0ba2VzLZ8=; b=vs/d7AjiOnlHUgaWcMGL5NGwbp9VwcMjM94dMyQ++q87WvSrfX6162HSTE/Sl65kdq 8gmlf/JFvWpWC2kQ+n+ynM0tSCwN7izQ6alNX3Ayne1zafvx1qh02ko540ohA23Q38iq hR2TiCiZZuFyn1B1EeP/rUI8cRRj8EEC54er2dVg4JiLvaEcIxgCokftkRFFNcZr0wVk K4j2pseqtbHHDK5k6UqQ4duPep6B3gEApfQqQ/zrmgNL7MweTwIskcjR5dnjfhreJZ/K aFHbE8TtSpNBB2xKyAjYYelV5VW6dn7xDZbp4d+k1/UM7gAwLNBPGF9NEMKR+bzM2NVq MNpg== X-Forwarded-Encrypted: i=1; AJvYcCVn35nYnHEHpf6lGRyKiTjzJtmrikmecYkjiASw7ZsY8AX3evf/gNXfPerp90vruPcGSqNc0Lqz6fk+c5fTv/Q2t1PFzWgyrngS4rLa5jjs X-Gm-Message-State: AOJu0YwIfqnK1XKbUH0dxUyvQLiGlIhh8LuYRQNBjy9toUNNDaXBHa+u et2Qa2cpsEgKfLGX04PatdYaqa89BIB5WXtPgcRtHlQWIVgyNsSB4B1Y0o2fTg== X-Google-Smtp-Source: AGHT+IEdVhbRhVxvlZGEV8PD92wXU0c32qZIHbZHZuV68VzxpmadMn0ygTyKEdkj2djHOvXGtGGRJw== X-Received: by 2002:a05:6871:e414:b0:22d:fcf9:f771 with SMTP id py20-20020a056871e41400b0022dfcf9f771mr1454166oac.25.1712716317026; Tue, 09 Apr 2024 19:31:57 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id x6-20020a634a06000000b005dc491ccdcesm8687444pga.14.2024.04.09.19.31.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 19:31:56 -0700 (PDT) From: Kees Cook To: "Martin K . Petersen" Cc: Kees Cook , Justin Stitt , Andy Shevchenko , linux-hardening@vger.kernel.org, Charles Bertsch , Bart Van Assche , Sathya Prakash , Sreekanth Reddy , Suganath Prabu Subramani , "James E.J. Bottomley" , Kashyap Desai , Sumit Saxena , Nilesh Javali , Andrew Morton , Himanshu Madhani , linux-kernel@vger.kernel.org, MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org, mpi3mr-linuxdrv.pdl@broadcom.com, GR-QLogic-Storage-Upstream@marvell.com Subject: [PATCH 1/5] string.h: Introduce memtostr() and memtostr_pad() Date: Tue, 9 Apr 2024 19:31:50 -0700 Message-Id: <20240410023155.2100422-1-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240410021833.work.750-kees@kernel.org> References: <20240410021833.work.750-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5667; i=keescook@chromium.org; h=from:subject; bh=qYbI18yUD5HzoNjKR0lGr4s6EGttBI6+PzDO8Wigddw=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmFfoaWcXhAXAR6w2spjXqaHGKBlcFEUONxSERz FNEYkxToeaJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZhX6GgAKCRCJcvTf3G3A JvUID/4kTVp7HimIZ7tPMOmwhBcYn3WrBON4y0CkYzZF0SQ+9kN7HWBLvgWaXqggaohXQvhnpmk 6MUOm4FVqA0KREKxu5e5YJguWsoxoa373Zzo8h6cFGBiPB8flDpyfNNCIp1oS4YZb0YpbJrEOw8 19NcJ/+IyMO31sMnB0PyTCohzwwZvNK2gte6sNtQ2gIXwMrBRcYBuULnrx06FamvNCK9fxG5lCO SUcYif1jkyrQWMyeq22IkN5My6M9I78KQzakBeL0fPfGLfgCZLdC5JGxWXZn8wysSuCsKeY5zxP 5qmlP3Fox+NU59rrSOU2bI1Rz1JarVbDI2mMM5a6usTbjYaO3YEdaOSxVpn3rgoJwcw0Ph/95Ur rliHIyJdE7v11/RmAeZ9lnh4CPK7I0PUBwvIhu45VQpgrPe9MV0hp2Glh6J0APUZSOPMc4cYsGR R7Wi8KtAWxA5IXiaEJC04jnxDbtllWUipnZ8MZGr6HOvDaoqwzX2XGIW+uzfNCH8VfZiEcpws1X 535CbiDDpbwF6YoRYunW1Q41Fs7yi6MPdcloKlqQ8rC8NIW35j/JWgwa6bLMbb5sPEpDejRcqiK XMvwfsy+yQOOoAf+LYUwOFxNAKauXCOHobRw29Q60nTmUYZIIMpd5jphYrMihQqcP5BHRIEpoSl a4Lgz+lLrPXu7NQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Another ambiguous use of strncpy() is to copy from strings that may not be NUL-terminated. These cases depend on having the destination buffer be explicitly larger than the source buffer's maximum size, having the size of the copy exactly match the source buffer's maximum size, and for the destination buffer to get explicitly NUL terminated. This usually happens when parsing protocols or hardware character arrays that are not guaranteed to be NUL-terminated. The code pattern is effectively this: char dest[sizeof(src) + 1]; strncpy(dest, src, sizeof(src)); dest[sizeof(dest) - 1] = '\0'; In practice it usually looks like: struct from_hardware { ... char name[HW_NAME_SIZE] __nonstring; ... }; struct from_hardware *p = ...; char name[HW_NAME_SIZE + 1]; strncpy(name, p->name, HW_NAME_SIZE); name[NW_NAME_SIZE] = '\0'; This cannot be replaced with: strscpy(name, p->name, sizeof(name)); because p->name is smaller and not NUL-terminated, so FORTIFY will trigger when strnlen(p->name, sizeof(name)) is used. And it cannot be replaced with: strscpy(name, p->name, sizeof(p->name)); because then "name" may contain a 1 character early truncation of p->name. Provide an unambiguous interface for converting a maybe not-NUL-terminated string to a NUL-terminated string, with compile-time buffer size checking so that it can never fail at runtime: memtostr() and memtostr_pad(). Also add KUnit tests for both. Signed-off-by: Kees Cook --- Cc: Justin Stitt Cc: Andy Shevchenko Cc: linux-hardening@vger.kernel.org --- include/linux/string.h | 49 ++++++++++++++++++++++++++++++++++++++++++ lib/strscpy_kunit.c | 26 ++++++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/include/linux/string.h b/include/linux/string.h index 793c27ad7c0d..bd42cf85a95b 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -424,6 +424,55 @@ void memcpy_and_pad(void *dest, size_t dest_len, const void *src, size_t count, memcpy(dest, src, strnlen(src, min(_src_len, _dest_len))); \ } while (0) +/** + * memtostr - Copy a possibly non-NUL-term string to a NUL-term string + * @dest: Pointer to destination NUL-terminates string + * @src: Pointer to character array (likely marked as __nonstring) + * + * This is a replacement for strncpy() uses where the source is not + * a NUL-terminated string. + * + * Note that sizes of @dest and @src must be known at compile-time. + */ +#define memtostr(dest, src) do { \ + const size_t _dest_len = __builtin_object_size(dest, 1); \ + const size_t _src_len = __builtin_object_size(src, 1); \ + const size_t _src_chars = strnlen(src, _src_len); \ + const size_t _copy_len = min(_dest_len - 1, _src_chars); \ + \ + BUILD_BUG_ON(!__builtin_constant_p(_dest_len) || \ + !__builtin_constant_p(_src_len) || \ + _dest_len == 0 || _dest_len == (size_t)-1 || \ + _src_len == 0 || _src_len == (size_t)-1); \ + memcpy(dest, src, _copy_len); \ + dest[_copy_len] = '\0'; \ +} while (0) + +/** + * memtostr_pad - Copy a possibly non-NUL-term string to a NUL-term string + * with NUL padding in the destination + * @dest: Pointer to destination NUL-terminates string + * @src: Pointer to character array (likely marked as __nonstring) + * + * This is a replacement for strncpy() uses where the source is not + * a NUL-terminated string. + * + * Note that sizes of @dest and @src must be known at compile-time. + */ +#define memtostr_pad(dest, src) do { \ + const size_t _dest_len = __builtin_object_size(dest, 1); \ + const size_t _src_len = __builtin_object_size(src, 1); \ + const size_t _src_chars = strnlen(src, _src_len); \ + const size_t _copy_len = min(_dest_len - 1, _src_chars); \ + \ + BUILD_BUG_ON(!__builtin_constant_p(_dest_len) || \ + !__builtin_constant_p(_src_len) || \ + _dest_len == 0 || _dest_len == (size_t)-1 || \ + _src_len == 0 || _src_len == (size_t)-1); \ + memcpy(dest, src, _copy_len); \ + memset(&dest[_copy_len], 0, _dest_len - _copy_len); \ +} while (0) + /** * memset_after - Set a value after a struct member to the end of a struct * diff --git a/lib/strscpy_kunit.c b/lib/strscpy_kunit.c index a6b6344354ed..ac0b5d1678b3 100644 --- a/lib/strscpy_kunit.c +++ b/lib/strscpy_kunit.c @@ -126,8 +126,34 @@ static void strscpy_test(struct kunit *test) KUNIT_EXPECT_EQ(test, strscpy(dest, "This is too long", ARRAY_SIZE(dest)), -E2BIG); } +static void memtostr_test(struct kunit *test) +{ + char nonstring[7] = { 'a', 'b', 'c', 'd', 'e', 'f', 'g' }; + char nonstring_small[3] = { 'a', 'b', 'c' }; + char dest[sizeof(nonstring) + 1]; + + /* Copy in a non-NUL-terminated string into exactly right-sized dest. */ + KUNIT_EXPECT_EQ(test, sizeof(dest), sizeof(nonstring) + 1); + memset(dest, 'X', sizeof(dest)); + memtostr(dest, nonstring); + KUNIT_EXPECT_STREQ(test, dest, "abcdefg"); + memset(dest, 'X', sizeof(dest)); + memtostr(dest, nonstring_small); + KUNIT_EXPECT_STREQ(test, dest, "abc"); + KUNIT_EXPECT_EQ(test, dest[7], 'X'); + + memset(dest, 'X', sizeof(dest)); + memtostr_pad(dest, nonstring); + KUNIT_EXPECT_STREQ(test, dest, "abcdefg"); + memset(dest, 'X', sizeof(dest)); + memtostr_pad(dest, nonstring_small); + KUNIT_EXPECT_STREQ(test, dest, "abc"); + KUNIT_EXPECT_EQ(test, dest[7], '\0'); +} + static struct kunit_case strscpy_test_cases[] = { KUNIT_CASE(strscpy_test), + KUNIT_CASE(memtostr_test), {} }; From patchwork Wed Apr 10 02:31:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 13623474 Received: from mail-oa1-f50.google.com (mail-oa1-f50.google.com [209.85.160.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A37328F3 for ; Wed, 10 Apr 2024 02:31:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716321; cv=none; b=GOVZRvyJUANkEVvYBJ5Uy0y4ghkLH4b8AeXHxjZeX7tgOV5u1L6RnSiejwC5Drp2IYE9sHGHXo2lEockMA9yHOYKWkUQJ8EDNFfK3mF+S73+JPb4OrW0wwT9Q6V7hH3fSAGMDQI4XDmFUs2BrPma+BhzkJuOlsxIQZ19hpoO5L4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716321; c=relaxed/simple; bh=JCsgCprEWa1l4SCGDGbUB8ubZ+h1Yzs/Ma0V4GeDTGk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=OLozJfTsNqY+tQRJGi+tOYBP6BepuBWnM5rqAZWPQFBPCj6ftJRBiWb/wEGl8Xp4WoqCVDRHvpmhmBZlTSmdlrsYXnJtEPTtzB1rcKHTYciEEJXCVMn6jd3MP91eEWLMDp7frdQCJAdb2++b+iZ2eT5Tl+lXhLBOJ5qOWyaUzZA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=SrjgMzCH; arc=none smtp.client-ip=209.85.160.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="SrjgMzCH" Received: by mail-oa1-f50.google.com with SMTP id 586e51a60fabf-22f078f1aecso1959627fac.3 for ; Tue, 09 Apr 2024 19:31:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1712716318; x=1713321118; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vHRtLi+awmnGIE7fYkBoAx7My8kibiodg7yHDLCH7Io=; b=SrjgMzCHjCwLVE0DmA2jtUfljAsa64Y0dpMP2DqvpSH3EgnxOYJMEf3pb0WpYXdLOl bD+jrEop+NuUU2VOGumehkgikm/fVjFqCySQvpg6xJoo6ZVGpPjnoV7RL/Aa0q/GlXct tKtz0VMN3sSs1CDv8+V86ayWric/r32NNK03w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712716318; x=1713321118; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vHRtLi+awmnGIE7fYkBoAx7My8kibiodg7yHDLCH7Io=; b=Ekd2XWC8WF0PU2iz8Qk/hahnmeDZ6RiQ+/1s7w7LnUfwzKh3pOeURHrBmSAWYmjwha yQkW53cZO3i2R6Xfe9yLeOKPvhpXwhmtoVOT59jyM99nLTd4ZtloN7nQmXbCB/OJe19L JNu1EeWR/ROClKD554efnoGcjBCYznwfQr+a2zBQOiXyGwskGpR7yaJPSqqarJhC2zk8 vzfWOLTSuj2NZbyOGiWbi/AklqGotAZ9daG3wkN+vKHMzRoHjMyi1yVrS0GGuUzYVOSn H9IrN8qcz1tKF+OPn1XhH1kCtO8E18UA1tMKBND42bSyUL06c4NkKvI5Mb/rkT11+WJ9 ozig== X-Forwarded-Encrypted: i=1; AJvYcCUIFZhQxRt42OneKNJcBqxGcBCuOmjyDNK58HmoMsRzMsBUv5L2y1Q2KCVw/GlHtkr8pNz2h1Yq9dEx+S6vYX1IN3th+fYH8HPUerd1r2Nh X-Gm-Message-State: AOJu0Yw/9KY1V7V+lM+gmptLDwV8LqAINr66pfCwpCuqC5TBgdwXl0zY cIQm3giWish7Z1Iz6BzlYzOZll8nCiFGLR5zQzCxv8zfVRMYtsk4g4P/dqa05Q== X-Google-Smtp-Source: AGHT+IFRyXg0eTdw450Vq36zHeNUtw3iCaUhs4VSlyDJfb0DpKJHBxFM33ehx65aD4AK2nBbeg7RxQ== X-Received: by 2002:a05:6870:13c9:b0:220:6edc:1fd7 with SMTP id 9-20020a05687013c900b002206edc1fd7mr1259703oat.1.1712716318261; Tue, 09 Apr 2024 19:31:58 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id p4-20020a056a000b4400b006ed06399e0csm8065458pfo.72.2024.04.09.19.31.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 19:31:56 -0700 (PDT) From: Kees Cook To: "Martin K . Petersen" Cc: Kees Cook , Charles Bertsch , Justin Stitt , Sathya Prakash , Sreekanth Reddy , Suganath Prabu Subramani , MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org, Bart Van Assche , Andy Shevchenko , "James E.J. Bottomley" , Kashyap Desai , Sumit Saxena , Nilesh Javali , Andrew Morton , Himanshu Madhani , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, mpi3mr-linuxdrv.pdl@broadcom.com, GR-QLogic-Storage-Upstream@marvell.com Subject: [PATCH 2/5] scsi: mptfusion: Avoid possible run-time warning with long manufacturer strings Date: Tue, 9 Apr 2024 19:31:51 -0700 Message-Id: <20240410023155.2100422-2-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240410021833.work.750-kees@kernel.org> References: <20240410021833.work.750-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2470; i=keescook@chromium.org; h=from:subject; bh=JCsgCprEWa1l4SCGDGbUB8ubZ+h1Yzs/Ma0V4GeDTGk=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmFfoapA0jSRgfPR1sV3aqPHMnroQNsZpklKX1t cw5ZZgf3nmJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZhX6GgAKCRCJcvTf3G3A JtFpD/9RjRSGfqMioS+VbASHaxCQLXGu+eeHR8PmV46+1XHXwlDmiB4qhXcJVPn5SxTvumjfLdX cdsWdPitwCDd1rmdkhZFQBFbApN7JZY19OPk1IznV224pMgEJ4Wr3CjGYAKwQhkLPfr+FJ4WBeQ YAZWx8wxcI9qFgauL79FwHCAksDToU5TsQTVoIjEUThMSk0bbOqxzurszTfbe0CiwGXs6ihSFvZ 6SSrzNj9YZADh+Vb25DzyScDWlEdcsnhbvjgjQUofPfR9l9VnqbnXxtUy6f/Rq26f6cL8VDnTI8 EiJbj6cZy+Os+xtOACFtn11kqXedJhygwP3STSt8nhs4vHK/ZnTEiQV+ZV9jKBXPJTuCFpcUf5n LcmgL5exH6LePjRTgbfTBxjcN2nj4Byc4uEG1InJQWdyhQW2CuHfNgLfjldBNVE2ovcAcrBVSma tj20k1udmZ3v+YmUNKx9p5idV3ouKxHF0mZQeVFPCzkdHEWZuLJp7m9oFGu/B6tTZ1tIb0HmDoQ gln22cDiz9N0izlWpnyyseCi5ph1I6BDaOMRX45SXJ956/M2yor0WSprV24qbsHQQtVNBd/qx+t PpZRkeOXgc3/6Kk6dE0eFaSgNcq51hvmrE3Gq/T7Mj+1kL1UnGf0sNdJZvXj0mLL2emiFR9g2r9 S3cIpGQntVIb/GQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 The prior strscpy() replacement of strncpy() here expected the manufacture_reply strings to be NUL-terminated, but it is possible they are not, as the code pattern here shows, e.g., edev->vendor_id being exactly 1 character larger than manufacture_reply->vendor_id, and the replaced strncpy() was copying only up to the size of the source character array. Replace this with memtostr(), which is the unambiguous way to convert a maybe not-NUL-terminated character array into a NUL-terminated string. Reported-by: Charles Bertsch Closes: https://lore.kernel.org/all/5445ba0f-3e27-4d43-a9ba-0cc22ada2fce@cox.net/ Fixes: 45e833f0e5bb ("scsi: message: fusion: Replace deprecated strncpy() with strscpy()") Signed-off-by: Kees Cook --- Cc: Justin Stitt Cc: Sathya Prakash Cc: Sreekanth Reddy Cc: Suganath Prabu Subramani Cc: MPT-FusionLinux.pdl@broadcom.com Cc: linux-scsi@vger.kernel.org --- drivers/message/fusion/mptsas.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c index 300f8e955a53..0f80c840afc3 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -2964,17 +2964,13 @@ mptsas_exp_repmanufacture_info(MPT_ADAPTER *ioc, goto out_free; manufacture_reply = data_out + sizeof(struct rep_manu_request); - strscpy(edev->vendor_id, manufacture_reply->vendor_id, - sizeof(edev->vendor_id)); - strscpy(edev->product_id, manufacture_reply->product_id, - sizeof(edev->product_id)); - strscpy(edev->product_rev, manufacture_reply->product_rev, - sizeof(edev->product_rev)); + memtostr(edev->vendor_id, manufacture_reply->vendor_id); + memtostr(edev->product_id, manufacture_reply->product_id); + memtostr(edev->product_rev, manufacture_reply->product_rev); edev->level = manufacture_reply->sas_format; if (manufacture_reply->sas_format) { - strscpy(edev->component_vendor_id, - manufacture_reply->component_vendor_id, - sizeof(edev->component_vendor_id)); + memtostr(edev->component_vendor_id, + manufacture_reply->component_vendor_id); tmp = (u8 *)&manufacture_reply->component_id; edev->component_id = tmp[0] << 8 | tmp[1]; edev->component_revision_id = From patchwork Wed Apr 10 02:31:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 13623471 Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 86AE41C0DF7 for ; Wed, 10 Apr 2024 02:31:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716319; cv=none; b=GMeHu48f3XXL92HFyW4KVtevFO0cf4caj/ezlMaDU6SdS696U1KCy9c6zdItATFlqaWNyoAn03hFQX8MFaSGQBFe33/52TYyEfdnArudXBsrVviNQ6Xu7FoAUp4wTqm8ODo0MYawQSq/cIia2bGLf0+VaL21O36d/gd036vhDKU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716319; c=relaxed/simple; bh=U04NgByTSLz3ezEZdZ9fh7Nk8N6aKk3aFVSqTRfRHjg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Gaco+hbvSJ0BKuE5lS76R83AgRQMsqoMxDOr8AqiT1+CeIIbopr4k/qHgIqFIVNq2O/lkmxYArTbyJP1zNKReuyEHYDTwVQO6o6XPFCstPPV83Y/47TTODQHmbGysOWj0g/mwCWxk/zdlwVqdKyDP6DESF2Iy4xBpxI9lAYxY58= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=RhBMpdHB; arc=none smtp.client-ip=209.85.215.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="RhBMpdHB" Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-5cf2d73a183so4922390a12.1 for ; Tue, 09 Apr 2024 19:31:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1712716317; x=1713321117; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HlPZnmbgI1osTC93HPkRH848zgm3O+BOnZN3oq69oh0=; b=RhBMpdHBSMCgij83Cs2UFmtMNeQloXFhW7aAz58ETUvP416Mn4xplkZzzpgF5ndy2O zBTm8ciEzPQ/AKq4SCyQuW8ob+mD9MB6Fj7pWwEuHeV4VvcfvLTZCbwCbxmpfl6CpWND 9NrPmpFUSDoHiBJVcFv822FYVxARwa9avku2c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712716317; x=1713321117; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HlPZnmbgI1osTC93HPkRH848zgm3O+BOnZN3oq69oh0=; b=wT0WAlQ4gD8DpeHCbB3iLo3iK+CTyL0MpjTlrqfui/NCni58v1V+tGQJc/gNe0pUmX Lo8vOMDkAved82f8j9jFXHhtuE18vkPy9SUX06mAzTlYF3jw8tRttPwMogpc8iaNcVgq MZjT7+0lyq1m/Z4re7g1IiOkNYXFu+VBY1oBATME2lOoPYVznDM8DLbZWXNyMuqK7gss Tq55t11NTEFuaT558stuYzm6a5xQVIN6Hf5Ccmy+IKi1Ob7Jr+xuHp45AdDgbOkypBJe 6G3oPFscClf0X7vXEMlkVeHg2LdAPz3aS44Cv3KAUW+LdkPzsihh8Ah4xQXvTFJb1S3X jjbw== X-Forwarded-Encrypted: i=1; AJvYcCXkkZjNSYzPwgG2FSqKxmJwSh1F/2XHEKNI3XXQzZ67uYvbh6vXFYlaAw3gXPfwmaljawkIGYszq+GTaNS+Mh7h1Yd4nnbvcvXSaUFHR3eF X-Gm-Message-State: AOJu0YxZOPg/NzgRhkCW0IN6AKJFrj31tqoC9U6G9HZh0AJV0/Dh/m9m ai+fWq6+f/PADFr0YUxXFzFfaEwKHIW8LKJG/Vn8D9byVCbxEMjW7VQBrcQSmg== X-Google-Smtp-Source: AGHT+IHfu78WL0uAZuDeq/rlPxqp3NVD2u7O2q3IqroeTJfRqm4Rp6+M6UwBBFdMN6WcRcmEZ3JqtA== X-Received: by 2002:a17:90a:d918:b0:29b:fb23:863e with SMTP id c24-20020a17090ad91800b0029bfb23863emr1952806pjv.17.1712716316789; Tue, 09 Apr 2024 19:31:56 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id y15-20020a17090a1f4f00b002a2b06ce909sm377923pjy.17.2024.04.09.19.31.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 19:31:56 -0700 (PDT) From: Kees Cook To: "Martin K . Petersen" Cc: Kees Cook , Justin Stitt , Sathya Prakash , Sreekanth Reddy , Suganath Prabu Subramani , "James E.J. Bottomley" , MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org, Charles Bertsch , Bart Van Assche , Andy Shevchenko , Kashyap Desai , Sumit Saxena , Nilesh Javali , Andrew Morton , Himanshu Madhani , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, mpi3mr-linuxdrv.pdl@broadcom.com, GR-QLogic-Storage-Upstream@marvell.com Subject: [PATCH 3/5] scsi: mpt3sas: Avoid possible run-time warning with long manufacturer strings Date: Tue, 9 Apr 2024 19:31:52 -0700 Message-Id: <20240410023155.2100422-3-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240410021833.work.750-kees@kernel.org> References: <20240410021833.work.750-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3122; i=keescook@chromium.org; h=from:subject; bh=U04NgByTSLz3ezEZdZ9fh7Nk8N6aKk3aFVSqTRfRHjg=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmFfoaalwyvrfJyK8QIq7jmpi8j+mOqTzMVE7Um sEjOcCl/WSJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZhX6GgAKCRCJcvTf3G3A JmufD/9ZRH3yvaQcFC4/t2XLUlydOVs8JOSZfUGQuJvfCw04zGXkb1ifJ2XBR1NnzlI8BmHEzKa GXMKW0wDvIaC6h9gSbRqVZUIr6BM5BNfW6mDoywzySg0bfALOE7RA0lEYN4SNMRIURimdHR/+x2 RKtaoqzrJRBzhQxoVBmUvM/K/HIoJrGfKjVvq9vz9asbgVPFlUKh2vtmtlF2TGM5dfJ0RvJBlXn RGfNjoCmh6HQieSmaroLtXhKPs301s7PjJzIC4KvxBro1mMf2dksl5wKXtuJGlfo05gwqaNvPVK tBG4Nb71gynpv7I9pzqPi/rviXyauLY5A8firvTXxSoYPbZrrxXDzbtbEpiVsD/7qb8H4lmKnEA PLNDtqVKSZmeDn9tJ0MZEKlP2HC6DcAuCUoKoahUv5d6vcAEc2cJ/rE48qirb9xpivUo+zhRLK3 JymNPRKUukbz45C85+u7NjdSAytO0HLyb2QZa9aVX3epJ25QZwwRNbVroRe/lq8rIYelMGoUR8g d6RpVTr/gVw+h/BYTvSC4kBwIHFEmtBKkeTqvDLc/YFjsdGzJit3yzVjRKTaucTgNn2kgyOPWf8 eoMNopJ9h7NfqQd9yx5LH/58wQl367q0F9kbBZJGKwhEKY1HDeo8Afm+ZyXX9j1Uf77yKOoYixP r8BS5P3p6k2SJtg== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 The prior strscpy() replacement of strncpy() here expected the manufacture_reply strings to be NUL-terminated, but it is possible they are not, as the code pattern here shows, e.g., edev->vendor_id being exactly 1 character larger than manufacture_reply->vendor_id, and the replaced strncpy() was copying only up to the size of the source character array. Replace this with memtostr(), which is the unambiguous way to convert a maybe not-NUL-terminated character array into a NUL-terminated string. Fixes: b7e9712a02e8 ("scsi: mpt3sas: Replace deprecated strncpy() with strscpy()") Signed-off-by: Kees Cook Tested-by: Marco Patalano Reviewed-by: Ewan D. Milne Cc: Sathya Prakash Cc: Sreekanth Reddy Cc: Suganath Prabu Subramani Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: MPT-FusionLinux.pdl@broadcom.com Cc: linux-scsi@vger.kernel.org --- drivers/scsi/mpt3sas/mpt3sas_base.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_transport.c | 14 +++++--------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c index 258647fc6bdd..1320e06727df 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_base.c +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c @@ -4774,7 +4774,7 @@ _base_display_ioc_capabilities(struct MPT3SAS_ADAPTER *ioc) char desc[17] = {0}; u32 iounit_pg1_flags; - strscpy(desc, ioc->manu_pg0.ChipName, sizeof(desc)); + memtostr(desc, ioc->manu_pg0.ChipName); ioc_info(ioc, "%s: FWVersion(%02d.%02d.%02d.%02d), ChipRevision(0x%02x)\n", desc, (ioc->facts.FWVersion.Word & 0xFF000000) >> 24, diff --git a/drivers/scsi/mpt3sas/mpt3sas_transport.c b/drivers/scsi/mpt3sas/mpt3sas_transport.c index 76f9a9177198..d84413b77d84 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_transport.c +++ b/drivers/scsi/mpt3sas/mpt3sas_transport.c @@ -458,17 +458,13 @@ _transport_expander_report_manufacture(struct MPT3SAS_ADAPTER *ioc, goto out; manufacture_reply = data_out + sizeof(struct rep_manu_request); - strscpy(edev->vendor_id, manufacture_reply->vendor_id, - sizeof(edev->vendor_id)); - strscpy(edev->product_id, manufacture_reply->product_id, - sizeof(edev->product_id)); - strscpy(edev->product_rev, manufacture_reply->product_rev, - sizeof(edev->product_rev)); + memtostr(edev->vendor_id, manufacture_reply->vendor_id); + memtostr(edev->product_id, manufacture_reply->product_id); + memtostr(edev->product_rev, manufacture_reply->product_rev); edev->level = manufacture_reply->sas_format & 1; if (edev->level) { - strscpy(edev->component_vendor_id, - manufacture_reply->component_vendor_id, - sizeof(edev->component_vendor_id)); + memtostr(edev->component_vendor_id, + manufacture_reply->component_vendor_id); tmp = (u8 *)&manufacture_reply->component_id; edev->component_id = tmp[0] << 8 | tmp[1]; edev->component_revision_id = From patchwork Wed Apr 10 02:31:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 13623475 Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 787D4BA49 for ; Wed, 10 Apr 2024 02:32:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716322; cv=none; b=UStyzOoruBM0/3DoGA06yA8QGw5tQCoKfyDKR0baaXmZ9+i+Q01VY9zt86a+jWnwviSMzj/IWKOOo+4Y6I9IR4EhcdVQFvLUK+v3qKyfCOgXSLoNiYx7r06T5tzu9iOdiIcvjDeXiuxKyUDAM8vzfkyaZywsZgKtgEz+rcgxUR4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716322; c=relaxed/simple; bh=wOiV2yfTENWLRGydHWukSXwdaF1bD6b3ubfyN5UQxMo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=He3nBlUlBowmedUp0ddpNxbznlqI5fenEoMw6uC1dmPD8NUbsMLC8vso2OWeK74AYc4epawj3tyNkOnab36o3gbPc67LZv5veIH/f82tQHlFJ5yssux5Xw7R0tq+8Ga6CEDgOy0n2U/b8d0LyoVEe+jahvFcEgAW95rxAFtaH7M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=dlV/75FZ; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="dlV/75FZ" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1e424bd30fbso20064315ad.0 for ; Tue, 09 Apr 2024 19:32:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1712716320; x=1713321120; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=r6X8WYL7fXMONqNFFELPH+FGxt8D533JimXjm1OqHfE=; b=dlV/75FZDkfL8NtgnkEK3zWH5uTbet9pNBEktSugJ0hvB+cOHj8UwlYWQbHy4s+a2y L/ZgOwkLOozi+tFwj13epg4QQEoSkPuxmnZwQtvXJPUbPz2LBGGOYPTBOFlBQO+Eju2D UJmDWzoSGPH7C1peLHOe2XBI8FvMPdQ0ONrbU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712716320; x=1713321120; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=r6X8WYL7fXMONqNFFELPH+FGxt8D533JimXjm1OqHfE=; b=nCumEStVMrSn7pR0FxL7A3Jl5gDCBCEAOUqJzU1Zl7IEThVQWO6aJLKeuOp4mhf0YG wtpU4lK85iHWcs1slQP1UImvqUnDXJpWSvDOeDVr7NLUez4VTk5NW8vs9xbl1hN76peZ 3TiF0+sH2tK22NrgsppV8OQIQycF9rkM6zyhAsK19yjaPutzwckDfqnEeF6HpitfZb2S NOJDwJI/nJUxIuOu9Dn1pC+gF+ojV9cv3DL2kwAa9iscHrh5sv6a7YUZRbV62zEp3aZl g/xTy6FMSdakcEovhA6iIvmjVsTEvye8/2Z9rrfsRtbgwyvfOpCr1dU5a5jza1oSEKQK Y8Sw== X-Forwarded-Encrypted: i=1; AJvYcCV+63t711Rz75xaIFjPR6VhoK+zhU4BfhSNOIoAzjrlk4pC1nwbBLP1IH//ROM/fXpvrvvz9Q34ZL6zMnohzD7Z9x9nn+rUOZ1LO2+uz2IH X-Gm-Message-State: AOJu0Yzn99QDuzYEBCbZMEQy3Lv+cczEz250cqbJ0Z8nIDL4FucMATli ASF5y4UOOCI9efB47eQrPhb3NvjOlWSZmeUDcQsEXoye7Elb5iXIspcvNFrtmg== X-Google-Smtp-Source: AGHT+IEJI6UyNneK9SdMEc4oHZG0B61XTOkfsKSOPKOyL7mCh8bSG+wOr83riq+WpD5i+5tSc0uekA== X-Received: by 2002:a17:903:11cd:b0:1e4:b1c7:9a7a with SMTP id q13-20020a17090311cd00b001e4b1c79a7amr2229577plh.22.1712716319727; Tue, 09 Apr 2024 19:31:59 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id c17-20020a170902d49100b001e1071cf0bbsm6453240plg.302.2024.04.09.19.31.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 19:31:58 -0700 (PDT) From: Kees Cook To: "Martin K . Petersen" Cc: Kees Cook , Sreekanth Reddy , Sathya Prakash Veerichetty , Kashyap Desai , Sumit Saxena , "James E.J. Bottomley" , mpi3mr-linuxdrv.pdl@broadcom.com, linux-scsi@vger.kernel.org, Charles Bertsch , Justin Stitt , Bart Van Assche , Andy Shevchenko , Suganath Prabu Subramani , Nilesh Javali , Andrew Morton , Himanshu Madhani , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, MPT-FusionLinux.pdl@broadcom.com, GR-QLogic-Storage-Upstream@marvell.com Subject: [PATCH 4/5] scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings Date: Tue, 9 Apr 2024 19:31:53 -0700 Message-Id: <20240410023155.2100422-4-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240410021833.work.750-kees@kernel.org> References: <20240410021833.work.750-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2372; i=keescook@chromium.org; h=from:subject; bh=wOiV2yfTENWLRGydHWukSXwdaF1bD6b3ubfyN5UQxMo=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmFfoaOu7l1waaK4FQgneueH0+sHylFwmR30Rnw irc5WiWS+mJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZhX6GgAKCRCJcvTf3G3A JuqBD/0aNjp+oEmj3j6I7sA8SUQFNKh6JfV/vEkMWHazs0KZ7epk6NGADFi94OJ4cuV+UpObs33 XdDhWdBGcLn2wHww3mVMp9FJb4wNdQpakLtRGDWqe5TFnSsww/KaDz/Fn/Z5q0AJULeOzZx9g2K vq9x87rN8jftZpBBvwsyJWOWQTqhqKdq1fGs7BD2D1BhG4dODBImgCD+Q+mpsaTB9DvuB3rGFNy gNkf9XgfrExDmJ8NmnbQhinqyc90rjZnIY8WNSR14gXLOdF63G83KE+lEqnVZ8eAfcP1kAHBI2r WPorcRhLLYv2hQm3hT7gX5UJim+X4BzVtKpkfc7mMQu4S0W8OL88MNp0+Ve/36sodn61bOgahYg xpiT9iU5DnOfJagWv0i3oa5uf1LoVx8yqoeffTlzzBH+YWFQBiHeD19ixC+PpOfj+jcaStLV+iY PlTiLmzMtz/L4FYH6Q966l6Qwhq5O8un5Gg+RqFkxBx1y5bP09JMxahmLL/yLykoH4EfklPHVIF C8PHlUG0XRzpQGxqDOLG8gIc8ifaYb0H5oRg9BMMq5ymAaFMsUdKbeB6VBU0hf6/b28hj9bpW02 ZQbNSpbuRCl6IQDnWP0OixUHzM4l7mgT5hjlUuqXsdep0o2Vj56Zw/uFcewnqeXya5cQp1mabaT zBjzfoS88J/NUfA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 The prior use of strscpy() here expected the manufacture_reply strings to be NUL-terminated, but it is possible they are not, as the code pattern here shows, e.g., edev->vendor_id being exactly 1 character larger than manufacture_reply->vendor_id, and the strscpy() was copying only up to the size of the source character array. Replace this with memtostr(), which is the unambiguous way to convert a maybe not-NUL-terminated character array into a NUL-terminated string. Fixes: 2bd37e284914 ("scsi: mpi3mr: Add framework to issue MPT transport cmds") Signed-off-by: Kees Cook --- Cc: Sreekanth Reddy Cc: Sathya Prakash Veerichetty Cc: Kashyap Desai Cc: Sumit Saxena Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: mpi3mr-linuxdrv.pdl@broadcom.com Cc: linux-scsi@vger.kernel.org --- drivers/scsi/mpi3mr/mpi3mr_transport.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr_transport.c b/drivers/scsi/mpi3mr/mpi3mr_transport.c index dabb91f0f75d..3caceddb864a 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_transport.c +++ b/drivers/scsi/mpi3mr/mpi3mr_transport.c @@ -211,17 +211,13 @@ static int mpi3mr_report_manufacture(struct mpi3mr_ioc *mrioc, goto out; } - strscpy(edev->vendor_id, manufacture_reply->vendor_id, - SAS_EXPANDER_VENDOR_ID_LEN); - strscpy(edev->product_id, manufacture_reply->product_id, - SAS_EXPANDER_PRODUCT_ID_LEN); - strscpy(edev->product_rev, manufacture_reply->product_rev, - SAS_EXPANDER_PRODUCT_REV_LEN); + memtostr(edev->vendor_id, manufacture_reply->vendor_id); + memtostr(edev->product_id, manufacture_reply->product_id); + memtostr(edev->product_rev, manufacture_reply->product_rev); edev->level = manufacture_reply->sas_format & 1; if (edev->level) { - strscpy(edev->component_vendor_id, - manufacture_reply->component_vendor_id, - SAS_EXPANDER_COMPONENT_VENDOR_ID_LEN); + memtostr(edev->component_vendor_id, + manufacture_reply->component_vendor_id); tmp = (u8 *)&manufacture_reply->component_id; edev->component_id = tmp[0] << 8 | tmp[1]; edev->component_revision_id = From patchwork Wed Apr 10 02:31:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 13623476 Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B3559BE66 for ; Wed, 10 Apr 2024 02:32:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716322; cv=none; b=skHpRl/htdnjvr/37KMhfLFEWIir+YtwFech4P637i6lAdSX/zwDBbgHZPDuSc7p5kUF7y/i6HHcvennnKP1KHIr3jJl4l/YBTZ/Plib3nzxRpIbGbvj53QH1uJZhHOUb/F4I2vtIKk+fDk6kEAwCTn3ZlNUO2FarVVk0QrCJfE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716322; c=relaxed/simple; bh=YjgtW4O6D2pXnUbiSWCX6yFlJl3/FlPx89ObJDsmd4s=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=oUuyuF+rrcaMGij1Vzk3uoqym9zRsm25cJKd0nQKPk5iHE4BLu4OqJw861ez7nqgPC9iGkVRa1dQQ+cgpW01UUDidsJZC7F4TvYFPeFNlGVbt5oRmvjRQs0uFv4zGKq+46Mxa0m3tB76KTxG+y48doWru2W3t7BUhzP+MLUMalY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=fjU7UDT3; arc=none smtp.client-ip=209.85.214.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="fjU7UDT3" Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1e2232e30f4so55401555ad.2 for ; Tue, 09 Apr 2024 19:32:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1712716320; x=1713321120; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0KD7JtgThpycUE0Aoq39Xz82TRgRPhpFUOyCtv6+6to=; b=fjU7UDT3MoWobcYGAgSKElcFxd34Vf0Pvi0Em5Uq9q0giX/FL1fw5F4KXEJt+abLlo 5ZDn47jZzpL10MEQmnz8BFiu08y2Xn5vdH/1HvU7Myo9StvcomJvaahHSGrOij2O0nRI vIl+xK9pNWKBXMmCdmiPHTJyRloA/JEGcCLHk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712716320; x=1713321120; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0KD7JtgThpycUE0Aoq39Xz82TRgRPhpFUOyCtv6+6to=; b=LbMw58uZVExMrIYi1T3QGixh/MchCJOoav2KqjBg1ypnD/KnFYdnKhm7tmMkI9IG2t 9D1Hbv4uHAp+izqrxnWE3j9zJyOWak5IFh42qi3QENypXJSPaoD6cF0/RwfNYsvZxLcI z8iu2jCQ0jEiUyShGp5LPuy92gB+k+tI7a7Pa7RG4tg/0eQfi0ZBoHpFrrGS52GHSvdl 8IMk83D8Y5ku3HO7IEXuWQuioBfyEajZS+3njP+eO/pfpcYUgaLxuHoK78NOyUQs5Rlg Nh1tnekpYEABN1ZcZax/OxmbSEIEvQVBmsuNExqV+VTq/brRvLuab3Z7Z5trV98fdzTi jCKQ== X-Forwarded-Encrypted: i=1; AJvYcCXIbjtABXIrYY0anq8q8W4TQrVYdxDDzagsZqEHZMjuQFTaERwgraGXWXU4kLC/AFrrYuO3J/hMUt7FIG6PScKdmCft6oH8+beC88zKehIG X-Gm-Message-State: AOJu0YyFD9p71567DLtBYqaDPApuyiZXplndPtosLkWpUxQncRVDBCq6 mFEw1yDADcvylFqp/j6cjltm1Th1dhqehFkXtcayiBXUTfwdrfVWf+q2SVu8pg== X-Google-Smtp-Source: AGHT+IGK5+IVt9ffYwPxvjBBeO6J4R3cyKBA+dTzAWvukG+Y4c/pPGLemMX+MoytVkvXxRVdvhZjGQ== X-Received: by 2002:a17:902:c40b:b0:1e3:cce4:bfe8 with SMTP id k11-20020a170902c40b00b001e3cce4bfe8mr1604177plk.65.1712716320011; Tue, 09 Apr 2024 19:32:00 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id l9-20020a170903120900b001e469386fddsm3402718plh.40.2024.04.09.19.31.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 19:31:58 -0700 (PDT) From: Kees Cook To: "Martin K . Petersen" Cc: Kees Cook , Bart Van Assche , Nilesh Javali , GR-QLogic-Storage-Upstream@marvell.com, "James E.J. Bottomley" , linux-scsi@vger.kernel.org, Charles Bertsch , Justin Stitt , Andy Shevchenko , Sathya Prakash , Sreekanth Reddy , Suganath Prabu Subramani , Kashyap Desai , Sumit Saxena , Andrew Morton , Himanshu Madhani , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, MPT-FusionLinux.pdl@broadcom.com, mpi3mr-linuxdrv.pdl@broadcom.com Subject: [PATCH 5/5] scsi: qla2xxx: Avoid possible run-time warning with long model_num Date: Tue, 9 Apr 2024 19:31:54 -0700 Message-Id: <20240410023155.2100422-5-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240410021833.work.750-kees@kernel.org> References: <20240410021833.work.750-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1992; i=keescook@chromium.org; h=from:subject; bh=YjgtW4O6D2pXnUbiSWCX6yFlJl3/FlPx89ObJDsmd4s=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmFfoafjIE7L1Xkdq4ShmgZE4CB2Na7WaiwJOSS I9Jcsw3XHuJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZhX6GgAKCRCJcvTf3G3A JhtmD/9shMgZv7rVK+0Mwdq8ecrDZWaUePVJYR1eQqMEaRcD2YKHpUX3PXy0NKn0/DijSgeXsoF PYlUwU+BXXwfykEox5jZsEjNMxNDr3rnSxW8OaaSRQK+ZC9iawBZlCM257vLD9I35JGr88LnN34 ER1rAXVQaFRhM/6FD6zDgQmp37vJwZtGJcODZV2g17MQXMSCEyFKrrNWw5YDjG64WofATwOS+HI aThrvEabIPgDEG9i9IsnprEz9GuQnMes9MM+OzmeDxjL8Xc99JO2Fs0L9WN6Tj5KmUPTKCBlf+U WS3qDIbVz3GTzLs14JNnm0vZIR3knFZwaNXE4y6XddzWFf2TBGsZ9wQY1vyWJsEu/V1ysb65/LG RU6RyNmr5XUGOMKBUqGHqas+GBA854pMpyue5ny8qiRW+ZIVwDWj662+w0C4CCwSHwq24fAgCll 1rlUTo1TXclEKPELVV3nYd7+ArsRzpl+BuHP8c92XGuZTQ7r4xwEo5YK3w4XpkPQbItCCc0hjF6 jj992WUyLhiTMhPv5zcMEJWCDjcLpbFWhKDyOlrfXKWt8OZSZUImTG44ACawfksi4j7CphlfT3T VcYuCjQ7gmoYkYytfyB3KJW4TsuGHSrIWRT+8EbTlWys+nRFuCoqHnWpYPof+NikrvnggJQQF8H kXcrrYQNc/4FBwA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 The prior strlcpy() replacement of strncpy() here (which was later replaced with strscpy()) expected pinfo->model_num (and pinfo->model_description) to be NUL-terminated, but it is possible it was not, as the code pattern here shows vha->hw->model_number (and vha->hw->model_desc) being exactly 1 character larger, and the replaced strncpy() was copying only up to the size of the source character array. Replace this with memtostr(), which is the unambiguous way to convert a maybe not-NUL-terminated character array into a NUL-terminated string. Fixes: 527e9b704c3d ("scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy()") Signed-off-by: Kees Cook --- Cc: Bart Van Assche Cc: Nilesh Javali Cc: GR-QLogic-Storage-Upstream@marvell.com Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-scsi@vger.kernel.org --- drivers/scsi/qla2xxx/qla_mr.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/qla2xxx/qla_mr.c b/drivers/scsi/qla2xxx/qla_mr.c index 083f94e43fba..82a7e21ddc83 100644 --- a/drivers/scsi/qla2xxx/qla_mr.c +++ b/drivers/scsi/qla2xxx/qla_mr.c @@ -1909,10 +1909,8 @@ qlafx00_fx_disc(scsi_qla_host_t *vha, fc_port_t *fcport, uint16_t fx_type) if (fx_type == FXDISC_GET_CONFIG_INFO) { struct config_info_data *pinfo = (struct config_info_data *) fdisc->u.fxiocb.rsp_addr; - strscpy(vha->hw->model_number, pinfo->model_num, - ARRAY_SIZE(vha->hw->model_number)); - strscpy(vha->hw->model_desc, pinfo->model_description, - ARRAY_SIZE(vha->hw->model_desc)); + memtostr(vha->hw->model_number, pinfo->model_num); + memtostr(vha->hw->model_desc, pinfo->model_description); memcpy(&vha->hw->mr.symbolic_name, pinfo->symbolic_name, sizeof(vha->hw->mr.symbolic_name)); memcpy(&vha->hw->mr.serial_num, pinfo->serial_num,