All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] nvme: fix string_matches() helper
@ 2017-06-13 13:07 Christoph Hellwig
  2017-06-13 15:42 ` Andy Lutomirski
  2017-06-15  9:16 ` Sagi Grimberg
  0 siblings, 2 replies; 5+ messages in thread
From: Christoph Hellwig @ 2017-06-13 13:07 UTC (permalink / raw)


NVMe "ASCII" strings are not nul-terminated and can use up every single
byte in the field.  Thus use strnlen to determine the match length instead
of possibly overrunning the field.

Signed-off-by: Christoph Hellwig <hch at lst.de>
---
 drivers/nvme/host/core.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 434b18863895..2658a3a3cbb5 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -1581,9 +1581,7 @@ static bool string_matches(const char *idstr, const char *match, size_t len)
 	if (!match)
 		return true;
 
-	matchlen = strlen(match);
-	WARN_ON_ONCE(matchlen > len);
-
+	matchlen = strnlen(match, len);
 	if (memcmp(idstr, match, matchlen))
 		return false;
 
-- 
2.11.0

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PATCH] nvme: fix string_matches() helper
  2017-06-13 13:07 [PATCH] nvme: fix string_matches() helper Christoph Hellwig
@ 2017-06-13 15:42 ` Andy Lutomirski
  2017-06-14  6:38   ` Christoph Hellwig
  2017-06-15  9:16 ` Sagi Grimberg
  1 sibling, 1 reply; 5+ messages in thread
From: Andy Lutomirski @ 2017-06-13 15:42 UTC (permalink / raw)


On Tue, Jun 13, 2017@6:07 AM, Christoph Hellwig <hch@lst.de> wrote:
> NVMe "ASCII" strings are not nul-terminated and can use up every single
> byte in the field.  Thus use strnlen to determine the match length instead
> of possibly overrunning the field.
>
> Signed-off-by: Christoph Hellwig <hch at lst.de>
> ---
>  drivers/nvme/host/core.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> index 434b18863895..2658a3a3cbb5 100644
> --- a/drivers/nvme/host/core.c
> +++ b/drivers/nvme/host/core.c
> @@ -1581,9 +1581,7 @@ static bool string_matches(const char *idstr, const char *match, size_t len)
>         if (!match)
>                 return true;
>
> -       matchlen = strlen(match);
> -       WARN_ON_ONCE(matchlen > len);
> -
> +       matchlen = strnlen(match, len);

"match" refers to the string in the quirk table, which should be a
plain C string.  Are you hitting this in practice?

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PATCH] nvme: fix string_matches() helper
  2017-06-13 15:42 ` Andy Lutomirski
@ 2017-06-14  6:38   ` Christoph Hellwig
  2017-06-15 17:22     ` Andy Lutomirski
  0 siblings, 1 reply; 5+ messages in thread
From: Christoph Hellwig @ 2017-06-14  6:38 UTC (permalink / raw)


On Tue, Jun 13, 2017@08:42:59AM -0700, Andy Lutomirski wrote:
> On Tue, Jun 13, 2017@6:07 AM, Christoph Hellwig <hch@lst.de> wrote:
> > NVMe "ASCII" strings are not nul-terminated and can use up every single
> > byte in the field.  Thus use strnlen to determine the match length instead
> > of possibly overrunning the field.
> >
> > Signed-off-by: Christoph Hellwig <hch at lst.de>
> > ---
> >  drivers/nvme/host/core.c | 4 +---
> >  1 file changed, 1 insertion(+), 3 deletions(-)
> >
> > diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> > index 434b18863895..2658a3a3cbb5 100644
> > --- a/drivers/nvme/host/core.c
> > +++ b/drivers/nvme/host/core.c
> > @@ -1581,9 +1581,7 @@ static bool string_matches(const char *idstr, const char *match, size_t len)
> >         if (!match)
> >                 return true;
> >
> > -       matchlen = strlen(match);
> > -       WARN_ON_ONCE(matchlen > len);
> > -
> > +       matchlen = strnlen(match, len);
> 
> "match" refers to the string in the quirk table, which should be a
> plain C string.  Are you hitting this in practice?

No, but I've just written some other code that deals with NVMe
strings, and took extra care of bounds protection.

But yes, given the strlen is on the match we should be ok as long
as the WARN_ON_ONCE also does an early return.  Does that sound ok
to you?

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PATCH] nvme: fix string_matches() helper
  2017-06-13 13:07 [PATCH] nvme: fix string_matches() helper Christoph Hellwig
  2017-06-13 15:42 ` Andy Lutomirski
@ 2017-06-15  9:16 ` Sagi Grimberg
  1 sibling, 0 replies; 5+ messages in thread
From: Sagi Grimberg @ 2017-06-15  9:16 UTC (permalink / raw)


This looks fine to me,

Reviewed-by: Sagi Grimberg <sagi at grimberg.me

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PATCH] nvme: fix string_matches() helper
  2017-06-14  6:38   ` Christoph Hellwig
@ 2017-06-15 17:22     ` Andy Lutomirski
  0 siblings, 0 replies; 5+ messages in thread
From: Andy Lutomirski @ 2017-06-15 17:22 UTC (permalink / raw)


On Tue, Jun 13, 2017@11:38 PM, Christoph Hellwig <hch@lst.de> wrote:
> On Tue, Jun 13, 2017@08:42:59AM -0700, Andy Lutomirski wrote:
>> On Tue, Jun 13, 2017@6:07 AM, Christoph Hellwig <hch@lst.de> wrote:
>> > NVMe "ASCII" strings are not nul-terminated and can use up every single
>> > byte in the field.  Thus use strnlen to determine the match length instead
>> > of possibly overrunning the field.
>> >
>> > Signed-off-by: Christoph Hellwig <hch at lst.de>
>> > ---
>> >  drivers/nvme/host/core.c | 4 +---
>> >  1 file changed, 1 insertion(+), 3 deletions(-)
>> >
>> > diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
>> > index 434b18863895..2658a3a3cbb5 100644
>> > --- a/drivers/nvme/host/core.c
>> > +++ b/drivers/nvme/host/core.c
>> > @@ -1581,9 +1581,7 @@ static bool string_matches(const char *idstr, const char *match, size_t len)
>> >         if (!match)
>> >                 return true;
>> >
>> > -       matchlen = strlen(match);
>> > -       WARN_ON_ONCE(matchlen > len);
>> > -
>> > +       matchlen = strnlen(match, len);
>>
>> "match" refers to the string in the quirk table, which should be a
>> plain C string.  Are you hitting this in practice?
>
> No, but I've just written some other code that deals with NVMe
> strings, and took extra care of bounds protection.
>
> But yes, given the strlen is on the match we should be ok as long
> as the WARN_ON_ONCE also does an early return.  Does that sound ok
> to you?

Sounds good to me.

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-06-15 17:22 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-13 13:07 [PATCH] nvme: fix string_matches() helper Christoph Hellwig
2017-06-13 15:42 ` Andy Lutomirski
2017-06-14  6:38   ` Christoph Hellwig
2017-06-15 17:22     ` Andy Lutomirski
2017-06-15  9:16 ` Sagi Grimberg

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.