From: Romain Perier <romain.perier@gmail.com>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Kees Cook <keescook@chromium.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
Ingo Molnar <mingo@redhat.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 16/20] tracing/probe: Manual replacement of the deprecated strlcpy() with return values
Date: Thu, 25 Feb 2021 09:38:48 +0100 [thread overview]
Message-ID: <CABgxDo+P4WqdzUz_OY1cVvcScnzZA3b7+Opz53aTf=A-9ZZBtw@mail.gmail.com> (raw)
In-Reply-To: <20210222124936.03103585@gandalf.local.home>
[-- Attachment #1: Type: text/plain, Size: 1746 bytes --]
Le lun. 22 févr. 2021 à 18:49, Steven Rostedt <rostedt@goodmis.org> a
écrit :
> > - if (unlikely(!maxlen))
> > - return -ENOMEM;
>
> Don't remove the above. You just broke the else side.
>
> > -
> > - if (addr == FETCH_TOKEN_COMM)
> > - ret = strlcpy(dst, current->comm, maxlen);
> > - else
> > + if (addr == FETCH_TOKEN_COMM) {
> > + ret = strscpy(dst, current->comm, maxlen);
> > + if (ret == -E2BIG)
> > + return -ENOMEM;
>
> I'm not sure the above is what we want. current->comm is always nul
> terminated, and not only that, it will never be bigger than TASK_COMM_LEN.
> If the "dst" location is smaller than comm (maxlen < TASK_COMM_LEN), it is
> still OK to copy a partial string. It should not return -ENOMEM which looks
> to be what happens with this patch.
>
> In other words, it looks like this patch breaks the current code in more
> ways than one.
>
> -- Steve
>
Hello,
Mhhh, *I think* that I had an issue during rebase, I don't remember to have
removed the " if (unlikely(!maxlen))" (sorry for that).
Well, strscpy always returns a truncated string even in case of possible
overflow, the function copies what it can in "dst", it will just return
-E2BIG when
it does not fit or when "count" has a bad value (zero or > INT_MAX). We
have just to make a difference between "-E2BIG, data has been copied to dst
and it is truncated" and "-E2BIG, possible wrong size passed as argument".
I agree that it needs at least to work like before, and I think we can
preserve the old behaviour even with strscpy (we just need to adapt the
error handling accordingly).
I will fix this in v2.
Thanks,
Romain
[-- Attachment #2: Type: text/html, Size: 2415 bytes --]
next prev parent reply other threads:[~2021-02-25 8:39 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-22 15:12 [PATCH 00/20] Manual replacement of all strlcpy in favor of strscpy Romain Perier
2021-02-22 15:12 ` Romain Perier
2021-02-22 15:12 ` Romain Perier
2021-02-22 15:12 ` Romain Perier
2021-02-22 15:12 ` [PATCH 01/20] cgroup: Manual replacement of the deprecated strlcpy() with return values Romain Perier
2021-02-23 16:13 ` Michal Koutný
2021-02-23 16:13 ` Michal Koutný
2021-02-23 17:49 ` Romain Perier
2021-02-22 15:12 ` [PATCH 02/20] crypto: " Romain Perier
2021-03-04 4:37 ` Herbert Xu
2021-03-04 10:08 ` Romain Perier
2021-02-22 15:12 ` [PATCH 03/20] devlink: " Romain Perier
2021-02-23 0:56 ` Jakub Kicinski
2021-02-22 15:12 ` [PATCH 04/20] dma-buf: " Romain Perier
2021-02-22 15:12 ` Romain Perier
2021-02-22 15:12 ` [PATCH 05/20] kobject: " Romain Perier
2021-02-22 15:12 ` [PATCH 06/20] ima: " Romain Perier
2021-03-02 13:29 ` Mimi Zohar
2021-02-22 15:12 ` [PATCH 07/20] SUNRPC: " Romain Perier
2021-03-01 18:25 ` Chuck Lever
2021-03-01 18:25 ` Chuck Lever
2021-03-02 6:43 ` Romain Perier
2021-02-22 15:12 ` [PATCH 08/20] kernfs: " Romain Perier
2021-02-22 15:12 ` [PATCH 09/20] m68k/atari: " Romain Perier
2021-02-22 15:12 ` [PATCH 10/20] module: " Romain Perier
2021-02-22 15:12 ` [PATCH 11/20] hwmon: " Romain Perier
2021-02-22 15:46 ` Guenter Roeck
2021-02-23 9:43 ` Romain Perier
2021-02-28 11:50 ` Joe Perches
2021-02-28 11:50 ` Joe Perches
2021-02-22 15:12 ` [PATCH 12/20] s390/hmcdrv: " Romain Perier
2021-02-22 15:12 ` [PATCH 13/20] scsi: zfcp: " Romain Perier
2021-02-22 16:04 ` Benjamin Block
2021-02-22 15:12 ` [PATCH 14/20] target: " Romain Perier
2021-02-22 16:00 ` Bodo Stroesser
2021-02-22 18:09 ` kernel test robot
2021-02-22 18:09 ` kernel test robot
2021-02-22 15:12 ` [PATCH 15/20] ALSA: usb-audio: " Romain Perier
2021-02-22 15:12 ` Romain Perier
2021-02-22 15:39 ` Takashi Iwai
2021-02-22 15:39 ` Takashi Iwai
2021-02-22 15:12 ` [PATCH 16/20] tracing/probe: " Romain Perier
2021-02-22 17:49 ` Steven Rostedt
2021-02-25 8:38 ` Romain Perier [this message]
2021-02-22 15:12 ` [PATCH 17/20] vt: " Romain Perier
2021-02-26 9:49 ` Jiri Slaby
2021-02-26 15:09 ` Romain Perier
2021-02-22 15:12 ` [PATCH 18/20] usb: gadget: f_midi: " Romain Perier
2021-02-22 15:12 ` [PATCH 19/20] usbip: usbip_host: " Romain Perier
2021-02-22 16:21 ` Shuah Khan
2021-02-28 9:03 ` Sergei Shtylyov
2021-02-28 16:00 ` Andy Shevchenko
2021-02-22 15:12 ` [PATCH 20/20] s390/watchdog: " Romain Perier
2021-02-22 15:55 ` Guenter Roeck
2021-02-22 16:36 ` [PATCH 00/20] Manual replacement of all strlcpy in favor of strscpy Shuah Khan
2021-02-22 16:36 ` Shuah Khan
2021-02-22 16:36 ` Shuah Khan
2021-02-22 16:36 ` Shuah Khan
2021-02-23 9:31 ` Romain Perier
2021-02-23 9:31 ` Romain Perier
2021-02-23 9:31 ` Romain Perier
2021-02-23 9:31 ` Romain Perier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABgxDo+P4WqdzUz_OY1cVvcScnzZA3b7+Opz53aTf=A-9ZZBtw@mail.gmail.com' \
--to=romain.perier@gmail.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.