* [PATCH] bpf: replace deprecated strncpy with strscpy
@ 2024-04-02 23:52 Justin Stitt
2024-04-03 3:06 ` Ratheesh Kannoth
2024-04-03 15:10 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 4+ messages in thread
From: Justin Stitt @ 2024-04-02 23:52 UTC (permalink / raw)
To: Alexei Starovoitov, Daniel Borkmann, John Fastabend,
Andrii Nakryiko, Martin KaFai Lau, Eduard Zingerman, Song Liu,
Yonghong Song, KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa,
Nathan Chancellor, Nick Desaulniers, Bill Wendling
Cc: bpf, linux-kernel, llvm, linux-hardening, Justin Stitt
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.
bpf sym names get looked up and compared/cleaned with various string
apis. This suggests they need to be NUL-terminated (strncpy() suggests
this but does not guarantee it).
| static int compare_symbol_name(const char *name, char *namebuf)
| {
| cleanup_symbol_name(namebuf);
| return strcmp(name, namebuf);
| }
| static void cleanup_symbol_name(char *s)
| {
| ...
| res = strstr(s, ".llvm.");
| ...
| }
Use strscpy() as this method guarantees NUL-termination on the
destination buffer.
This patch also replaces two uses of strncpy() used in log.c. These are
simple replacements as postfix has been zero-initialized on the stack
and has source arguments with a size less than the destination's size.
Note that this patch uses the new 2-argument version of strscpy
introduced in Commit e6584c3964f2f ("string: Allow 2-argument
strscpy()").
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
kernel/bpf/core.c | 4 ++--
kernel/bpf/log.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 696bc55de8e8..8c9078f4549c 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -747,7 +747,7 @@ const char *__bpf_address_lookup(unsigned long addr, unsigned long *size,
unsigned long symbol_start = ksym->start;
unsigned long symbol_end = ksym->end;
- strncpy(sym, ksym->name, KSYM_NAME_LEN);
+ strscpy(sym, ksym->name, KSYM_NAME_LEN);
ret = sym;
if (size)
@@ -813,7 +813,7 @@ int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
if (it++ != symnum)
continue;
- strncpy(sym, ksym->name, KSYM_NAME_LEN);
+ strscpy(sym, ksym->name, KSYM_NAME_LEN);
*value = ksym->start;
*type = BPF_SYM_ELF_TYPE;
diff --git a/kernel/bpf/log.c b/kernel/bpf/log.c
index 2a243cf37c60..4bd8f17a9f24 100644
--- a/kernel/bpf/log.c
+++ b/kernel/bpf/log.c
@@ -467,9 +467,9 @@ const char *reg_type_str(struct bpf_verifier_env *env, enum bpf_reg_type type)
if (type & PTR_MAYBE_NULL) {
if (base_type(type) == PTR_TO_BTF_ID)
- strncpy(postfix, "or_null_", 16);
+ strscpy(postfix, "or_null_");
else
- strncpy(postfix, "_or_null", 16);
+ strscpy(postfix, "_or_null");
}
snprintf(prefix, sizeof(prefix), "%s%s%s%s%s%s%s",
---
base-commit: 026e680b0a08a62b1d948e5a8ca78700bfac0e6e
change-id: 20240402-strncpy-kernel-bpf-core-c-4d8297f95e18
Best regards,
--
Justin Stitt <justinstitt@google.com>
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] bpf: replace deprecated strncpy with strscpy
2024-04-02 23:52 [PATCH] bpf: replace deprecated strncpy with strscpy Justin Stitt
@ 2024-04-03 3:06 ` Ratheesh Kannoth
2024-04-03 14:55 ` Daniel Borkmann
2024-04-03 15:10 ` patchwork-bot+netdevbpf
1 sibling, 1 reply; 4+ messages in thread
From: Ratheesh Kannoth @ 2024-04-03 3:06 UTC (permalink / raw)
To: Justin Stitt
Cc: Alexei Starovoitov, Daniel Borkmann, John Fastabend,
Andrii Nakryiko, Martin KaFai Lau, Eduard Zingerman, Song Liu,
Yonghong Song, KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa,
Nathan Chancellor, Nick Desaulniers, Bill Wendling, bpf,
linux-kernel, llvm, linux-hardening
On 2024-04-03 at 05:22:50, Justin Stitt (justinstitt@google.com) wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> bpf sym names get looked up and compared/cleaned with various string
> apis. This suggests they need to be NUL-terminated (strncpy() suggests
> this but does not guarantee it).
>
> | static int compare_symbol_name(const char *name, char *namebuf)
> | {
> | cleanup_symbol_name(namebuf);
> | return strcmp(name, namebuf);
> | }
>
> | static void cleanup_symbol_name(char *s)
> | {
> | ...
> | res = strstr(s, ".llvm.");
> | ...
> | }
>
> Use strscpy() as this method guarantees NUL-termination on the
> destination buffer.
>
> This patch also replaces two uses of strncpy() used in log.c. These are
> simple replacements as postfix has been zero-initialized on the stack
> and has source arguments with a size less than the destination's size.
>
> Note that this patch uses the new 2-argument version of strscpy
> introduced in Commit e6584c3964f2f ("string: Allow 2-argument
> strscpy()").
>
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Justin Stitt <justinstitt@google.com>
> ---
> Note: build-tested only.
>
> Found with: $ rg "strncpy\("
> ---
> kernel/bpf/core.c | 4 ++--
> kernel/bpf/log.c | 4 ++--
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
> index 696bc55de8e8..8c9078f4549c 100644
> --- a/kernel/bpf/core.c
> +++ b/kernel/bpf/core.c
> @@ -747,7 +747,7 @@ const char *__bpf_address_lookup(unsigned long addr, unsigned long *size,
> unsigned long symbol_start = ksym->start;
> unsigned long symbol_end = ksym->end;
>
> - strncpy(sym, ksym->name, KSYM_NAME_LEN);
> + strscpy(sym, ksym->name, KSYM_NAME_LEN);
You dont have to check return value of strscpy for errors ?
>
> ret = sym;
> if (size)
> @@ -813,7 +813,7 @@ int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
> if (it++ != symnum)
> continue;
>
> - strncpy(sym, ksym->name, KSYM_NAME_LEN);
> + strscpy(sym, ksym->name, KSYM_NAME_LEN);
>
> *value = ksym->start;
> *type = BPF_SYM_ELF_TYPE;
> diff --git a/kernel/bpf/log.c b/kernel/bpf/log.c
> index 2a243cf37c60..4bd8f17a9f24 100644
> --- a/kernel/bpf/log.c
> +++ b/kernel/bpf/log.c
> @@ -467,9 +467,9 @@ const char *reg_type_str(struct bpf_verifier_env *env, enum bpf_reg_type type)
>
> if (type & PTR_MAYBE_NULL) {
> if (base_type(type) == PTR_TO_BTF_ID)
> - strncpy(postfix, "or_null_", 16);
> + strscpy(postfix, "or_null_");
> else
> - strncpy(postfix, "_or_null", 16);
> + strscpy(postfix, "_or_null");
> }
>
> snprintf(prefix, sizeof(prefix), "%s%s%s%s%s%s%s",
>
> ---
> base-commit: 026e680b0a08a62b1d948e5a8ca78700bfac0e6e
> change-id: 20240402-strncpy-kernel-bpf-core-c-4d8297f95e18
>
> Best regards,
> --
> Justin Stitt <justinstitt@google.com>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] bpf: replace deprecated strncpy with strscpy
2024-04-03 3:06 ` Ratheesh Kannoth
@ 2024-04-03 14:55 ` Daniel Borkmann
0 siblings, 0 replies; 4+ messages in thread
From: Daniel Borkmann @ 2024-04-03 14:55 UTC (permalink / raw)
To: Ratheesh Kannoth, Justin Stitt
Cc: Alexei Starovoitov, John Fastabend, Andrii Nakryiko,
Martin KaFai Lau, Eduard Zingerman, Song Liu, Yonghong Song,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa,
Nathan Chancellor, Nick Desaulniers, Bill Wendling, bpf,
linux-kernel, llvm, linux-hardening
On 4/3/24 5:06 AM, Ratheesh Kannoth wrote:
> On 2024-04-03 at 05:22:50, Justin Stitt (justinstitt@google.com) wrote:
>> strncpy() is deprecated for use on NUL-terminated destination strings
>> [1] and as such we should prefer more robust and less ambiguous string
>> interfaces.
>>
>> bpf sym names get looked up and compared/cleaned with various string
>> apis. This suggests they need to be NUL-terminated (strncpy() suggests
>> this but does not guarantee it).
>>
>> | static int compare_symbol_name(const char *name, char *namebuf)
>> | {
>> | cleanup_symbol_name(namebuf);
>> | return strcmp(name, namebuf);
>> | }
>>
>> | static void cleanup_symbol_name(char *s)
>> | {
>> | ...
>> | res = strstr(s, ".llvm.");
>> | ...
>> | }
>>
>> Use strscpy() as this method guarantees NUL-termination on the
>> destination buffer.
>>
>> This patch also replaces two uses of strncpy() used in log.c. These are
>> simple replacements as postfix has been zero-initialized on the stack
>> and has source arguments with a size less than the destination's size.
>>
>> Note that this patch uses the new 2-argument version of strscpy
>> introduced in Commit e6584c3964f2f ("string: Allow 2-argument
>> strscpy()").
>>
>> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
>> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
>> Link: https://github.com/KSPP/linux/issues/90
>> Cc: linux-hardening@vger.kernel.org
>> Signed-off-by: Justin Stitt <justinstitt@google.com>
>> ---
>> Note: build-tested only.
>>
>> Found with: $ rg "strncpy\("
>> ---
>> kernel/bpf/core.c | 4 ++--
>> kernel/bpf/log.c | 4 ++--
>> 2 files changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
>> index 696bc55de8e8..8c9078f4549c 100644
>> --- a/kernel/bpf/core.c
>> +++ b/kernel/bpf/core.c
>> @@ -747,7 +747,7 @@ const char *__bpf_address_lookup(unsigned long addr, unsigned long *size,
>> unsigned long symbol_start = ksym->start;
>> unsigned long symbol_end = ksym->end;
>>
>> - strncpy(sym, ksym->name, KSYM_NAME_LEN);
>> + strscpy(sym, ksym->name, KSYM_NAME_LEN);
> You dont have to check return value of strscpy for errors ?
That would be overkill, it can be easily audited that both pointers are
of size KSYM_NAME_LEN, as is the count arg.
Thanks,
Daniel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] bpf: replace deprecated strncpy with strscpy
2024-04-02 23:52 [PATCH] bpf: replace deprecated strncpy with strscpy Justin Stitt
2024-04-03 3:06 ` Ratheesh Kannoth
@ 2024-04-03 15:10 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-04-03 15:10 UTC (permalink / raw)
To: Justin Stitt
Cc: ast, daniel, john.fastabend, andrii, martin.lau, eddyz87, song,
yonghong.song, kpsingh, sdf, haoluo, jolsa, nathan, ndesaulniers,
morbo, bpf, linux-kernel, llvm, linux-hardening
Hello:
This patch was applied to bpf/bpf-next.git (master)
by Daniel Borkmann <daniel@iogearbox.net>:
On Tue, 02 Apr 2024 23:52:50 +0000 you wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> bpf sym names get looked up and compared/cleaned with various string
> apis. This suggests they need to be NUL-terminated (strncpy() suggests
> this but does not guarantee it).
>
> [...]
Here is the summary with links:
- bpf: replace deprecated strncpy with strscpy
https://git.kernel.org/bpf/bpf-next/c/2e114248e086
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-04-03 15:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-02 23:52 [PATCH] bpf: replace deprecated strncpy with strscpy Justin Stitt
2024-04-03 3:06 ` Ratheesh Kannoth
2024-04-03 14:55 ` Daniel Borkmann
2024-04-03 15:10 ` patchwork-bot+netdevbpf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.