From patchwork Thu Apr 17 15:28:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mykyta Yatsenko X-Patchwork-Id: 14055808 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66564C369B2 for ; Thu, 17 Apr 2025 15:28:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 748486B02A0; Thu, 17 Apr 2025 11:28:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6F5356B02A1; Thu, 17 Apr 2025 11:28:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5E47D6B02A2; Thu, 17 Apr 2025 11:28:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 413266B02A0 for ; Thu, 17 Apr 2025 11:28:28 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 1FF60C1B26 for ; Thu, 17 Apr 2025 15:28:29 +0000 (UTC) X-FDA: 83343917538.26.BA842F9 Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com [209.85.218.45]) by imf08.hostedemail.com (Postfix) with ESMTP id 4C7E4160003 for ; Thu, 17 Apr 2025 15:28:27 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=m5XXE6RK; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf08.hostedemail.com: domain of mykyta.yatsenko5@gmail.com designates 209.85.218.45 as permitted sender) smtp.mailfrom=mykyta.yatsenko5@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1744903707; a=rsa-sha256; cv=none; b=okCSn333lM8uEQ0FJO3tp8mk5iA8LJGXV5V4j2XoY3mwAfXlULUMw4IiBEhTEI0DAyqHFM 3cmKyWllVucqBIjZnV4TJNirQH8vmO7EQse5NupfeAvOhQEm2Q+/LGJXvjN7BNu/bYQ1IP nnGGhkMz1F2iHAGWLJeHkZSM2ugQyIk= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=m5XXE6RK; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf08.hostedemail.com: domain of mykyta.yatsenko5@gmail.com designates 209.85.218.45 as permitted sender) smtp.mailfrom=mykyta.yatsenko5@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1744903707; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=1R3MRdqDkFaZ/+jwlONt3pLjf3+vGwtiCGmYLcAAREg=; b=46PdPWbWKmiu/J2rzwZui9EJ7Ru56Hn0sBHduKToQzGDGll1npN+58fyx9om567/yMTKLu 2zZfliJhPJlMqsx9M2s5ftgB+o2xBND+k+GOazdMJWk47B5eKWD3h9Q8CLZo85SLuk1yUS OXyWHs8kqTXwqRa53fiYrqEY3IeNcHI= Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-ac2c663a3daso164373566b.2 for ; Thu, 17 Apr 2025 08:28:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1744903705; x=1745508505; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=1R3MRdqDkFaZ/+jwlONt3pLjf3+vGwtiCGmYLcAAREg=; b=m5XXE6RKEi47VVtNN9PV6Twu2HeJMTW0cvaMhqKNqE5+DryGuDn7LL9EfBW8EjLWUB C0q8t+mnKxcNd3D8crTDTmzQAIKlcw45LWMzUpwofgO22TTvSgJ88n2Qvro4Faamt/JH yVSa1tf4ag9G/ROQyuPRA2tJl+z6uTKlN5PRPa4c6Q6IbuLjDA6+PuUvBpthAZ9DV/Jj WPECNvGwHL+cJlQLVLGRUfDZbCISQ3gBGH6yeBl+JmaAB2SmP49XX+TbQuwkrXwtZ22a mnxgo2S9N4j0Y3xFjTcK7krcehOo3rT0teU/BH5J6LgzJB1U53zoXDB5+sL8iUYyzGz8 A5HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744903705; x=1745508505; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1R3MRdqDkFaZ/+jwlONt3pLjf3+vGwtiCGmYLcAAREg=; b=kfABeWTQ6iQ+f/3kippEuXj5eVXCpquWks+BUYSCtTsQtraKiex7LKYH6o77B+NDPW LmVvkFPlSjmWQRZaHFlKY8fMmNp0NCbZstU6+7NEP46cC7SqGKIeAcV6vw5sDcGJ3enk wxSUi66X0Udk2gTO/fh6hppRIiR6fwrW20hdPjCFpr1YAjsBn2F70Be/fhLuXUWkCCXu 05vV/l5oP940ZdgVI59fxjxFfPcXwpKtDpcEEzkr+q1IGKVm+/6At4G2nj2HGN2SuEi0 sJkSWwl4jYRgMCNfsERfPBsDkSbtrO2YMukJa0awlRptvZbeCNdAbGZWnSO+uI45ls6f 55+Q== X-Forwarded-Encrypted: i=1; AJvYcCWOMm6RC50/yi0+P91HJO1mJNasdeHWM/6hkPNGvLdEITIlkMs4Esm+vl6Ni+GkJDyf/diZhbSLNA==@kvack.org X-Gm-Message-State: AOJu0YwQbvd3qJUDjQE0giwR3raHERxwDDzgyN29qHL+Ebdonp9Ds0Dl Eu9VR/a1JZedF2VIKzDvYAx5FPBCkjDZETKzeNqtjxsztgXxEsMq X-Gm-Gg: ASbGncv+PlUMxU8a2zfFx12/HrnuKg4Js5mLVawBG6rktdIhZtWx8rOdTZqFHPpvQhk DthPyTNw1vHSsOLevqokOmFNFgvAa2qY9yRkVo0QH4nACb26w4u8eOW6iCmSz365TUEpPtdXROZ E8NhdULz5lDnxe8yqQVRXfJp498PRiHTb5lTitxvZTm1LjnBwDX1zWFt+mmLUYJYnp9INlnzDEh R3YHdY4OmUMpg3VjysNgXSw0wh8xVc/1WtjUuJvBP9mGVTW1SQEAPpz4XCIsNfYm3vy7LxzlCYE lhwdrPFUAEFuMlzglmyL2Xzc4VBl9UPZDcl2UzutfsLuj+sn13fqrir/QvQ358pi X-Google-Smtp-Source: AGHT+IGlMBrgycpi1/fb1mZCCK/6eKD0DYDLOq4bTQigeaSrlDJxeMxzczXh9uBZMb46tEVT9shE1w== X-Received: by 2002:a17:907:6d1c:b0:acb:34b2:851 with SMTP id a640c23a62f3a-acb42c047acmr509493366b.44.1744903705286; Thu, 17 Apr 2025 08:28:25 -0700 (PDT) Received: from msi-laptop.thefacebook.com ([2620:10d:c092:500::7:4ad]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-acb6ef475d7sm7154666b.135.2025.04.17.08.28.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Apr 2025 08:28:24 -0700 (PDT) From: Mykyta Yatsenko To: akpm@linux-foundation.org, linux-mm@kvack.org, rostedt@goodmis.org, mhiramat@kernel.org, andrii@kernel.org, kernel-team@meta.com, linux-kernel@vger.kernel.org Cc: Mykyta Yatsenko Subject: [PATCH mm] maccess: fix strncpy_from_user_nofault empty string handling Date: Thu, 17 Apr 2025 16:28:08 +0100 Message-ID: <20250417152808.722409-1-mykyta.yatsenko5@gmail.com> X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 4C7E4160003 X-Stat-Signature: 1cc9k3crn5n8du5iu5451r811w4yaug8 X-Rspam-User: X-HE-Tag: 1744903707-426350 X-HE-Meta: U2FsdGVkX1/i2Kf9pmoPRhibB8yaEi+C+wX6RdCFJCY+hBugtw41oNix7bRroOCP4GSQ/+cFdU5eTcOQBvoCRgPzW+zNJNeQ2R/76bGrdehUh0+e95/Z74RpkTEUBwRwvP4dBEWolKYm/jEj9xFyopVE65VjhXyWIqCS+aL7YCkGlzhzeCNcW87rH73GCuTcpwFQq4omUnfRIV+4bGKShwX1WpmpAjVHVgVnMFSAo5q6eymBbkb8SV6hEx0ZwVGWgPiWPFvS9MMZQRkUrg6NnY5jko3hXBU6iDTDpw+s66ChVHIQ8njqoaSwFYHtZpVJyubJD0p85oTuBqtGk2AhGKPVRF/c5cQ101vvIYhoVwj9YoIAou87lcr1IktItkO09pqOPN4VRPb5P+HBHj3uaj4hthEP8ZztgAuG9ffzBhfjikLLfmIsK9OXrDAQ4v4mP83RtJt4sgOjERlEbJj/loWcIJAp7hnqOX1vcWV/cOeMzIW7UvNhCNPRMYq0UY8wZZG+SrymTzpEk/rhtlS5jT4WjrRucrR573QxZMB1aiV2s9LpRuDolGtVeQbnUvXypTiE4zKQOGPQS8ALFHPHMJjmSFhpg8+sHanAhhK+UBwJX5g5wgqymCURlK33RzlqH7lsLMzM/103MG3RceIOmeE0tYv0exP49er7V2yevySgND81wtr2838S0HRqnqCF9kRXserCDDr9wSdW6XhOUpzsPOJEChogMf6hKrbdqnRkMQzWGdndrNJp28T1aoiGalnP5YohFfEeelTxi3KmryIr3XOfRGS1E2DUxIRAK8wllTpBaMixYcxStYTvB43vsPWTsro6t3lWRk7g9raiKDtYcy6uT+ocRP+91Ug09g0YjwJsDWCSdoZscjNkin8+FzZnQngWgnn1TKs+ccgplb9VoC5r3hZdka9Xo1XjwTzzB1JbUmXe95ycpco4VxIveKXscA/auwDYwZiCBxD BY5vYC5v FW1VfLl67UQmqBwDNylMn+J3YDN9ZjhvU/onfVbdk/IRJxpH2A3a0h+LUrpupNON1nCTz7y5iukjab/hKw3ZT7RwQt0hcdgcsHEmUeGURokgf4M4u4ZbxvAO3qcQBRIMQhTQLW7hR8yg0sRI+NovyapjCImOroLjwxDtkR/EoBcRGVy0//woVBX/m8BateDW3b9OaQiNnlg6KHushtP9oaMSylsAX6o32sFDugI26IxcJ+TKdgqzObHFjSt1Fq+7Y5vcsHjAkVcadBUE+5/sPwbF3pbNbD84invhi3nEtpndU/G4INMfSHRbVW36OSMt+1gUJ//Jhs96YAT4rKUmW/2N5IMj5uuxfF1VtGrDOrf8G96UfZjES5qGFJZPyh2Wfj+o+RMaZvPDPn5pzIDGpgsVZrJfTV1lkYUDSvryZG5Lz2z8+gD6As9/EsfJBjMp1+Qzim/EKJQPavkVoYAo7znN5ogL8xxNeUL2GjjnYs+kU5n/BPUNhW8G3IeCSH1V9+x5xDY0kAybTOj1XIkAQOgSzNA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.253794, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Mykyta Yatsenko strncpy_from_user_nofault should return the length of the copied string including the trailing NUL, but if the argument unsafe_addr points to an empty string ({'\0'}), the return value is 0. This happens as strncpy_from_user copies terminal symbol into dst and returns 0 (as expected), but strncpy_from_user_nofault does not modify ret as it is not equal to count and not greater than 0, so 0 is returned, which contradicts the contract. Signed-off-by: Mykyta Yatsenko Reviewed-by: Andrii Nakryiko --- kernel/trace/trace_events_filter.c | 10 ++++++++-- mm/maccess.c | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c index 0993dfc1c5c1..86b7e5a4e235 100644 --- a/kernel/trace/trace_events_filter.c +++ b/kernel/trace/trace_events_filter.c @@ -800,6 +800,7 @@ static __always_inline char *test_string(char *str) { struct ustring_buffer *ubuf; char *kstr; + int cnt; if (!ustring_per_cpu) return NULL; @@ -808,7 +809,9 @@ static __always_inline char *test_string(char *str) kstr = ubuf->buffer; /* For safety, do not trust the string pointer */ - if (!strncpy_from_kernel_nofault(kstr, str, USTRING_BUF_SIZE)) + cnt = strncpy_from_kernel_nofault(kstr, str, USTRING_BUF_SIZE); + /* Return null if empty string or error */ + if (cnt <= 1) return NULL; return kstr; } @@ -818,6 +821,7 @@ static __always_inline char *test_ustring(char *str) struct ustring_buffer *ubuf; char __user *ustr; char *kstr; + int cnt; if (!ustring_per_cpu) return NULL; @@ -827,7 +831,9 @@ static __always_inline char *test_ustring(char *str) /* user space address? */ ustr = (char __user *)str; - if (!strncpy_from_user_nofault(kstr, ustr, USTRING_BUF_SIZE)) + cnt = strncpy_from_user_nofault(kstr, ustr, USTRING_BUF_SIZE); + /* Return null if empty string or error */ + if (cnt <= 1) return NULL; return kstr; diff --git a/mm/maccess.c b/mm/maccess.c index 8f0906180a94..831b4dd7296c 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -196,7 +196,7 @@ long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr, if (ret >= count) { ret = count; dst[ret - 1] = '\0'; - } else if (ret > 0) { + } else if (ret >= 0) { ret++; }