From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 References: <20190218232308.11241-1-tobin@kernel.org> <20190218232308.11241-6-tobin@kernel.org> In-Reply-To: From: Kees Cook Date: Thu, 21 Feb 2019 14:52:22 -0800 Message-ID: Subject: Re: [PATCH 5/6] lib: Fix function documentation for strncpy_from_user Content-Type: text/plain; charset="UTF-8" To: Jann Horn Cc: "Tobin C. Harding" , Shuah Khan , Alexander Shishkin , Greg Kroah-Hartman , Andy Shevchenko , Kernel Hardening , kernel list , Andy Lutomirski , Rasmus Villemoes , Daniel Micay List-ID: On Thu, Feb 21, 2019 at 6:28 AM Jann Horn wrote: > On Thu, Feb 21, 2019 at 2:05 AM Kees Cook wrote: > > On Mon, Feb 18, 2019 at 4:52 PM Jann Horn wrote: > > > AFAICS the byte_at_a_time loop exits when max==0 is reached, and then > > > if `res >= count` (in other words, if we've copied as many bytes as > > > requested, haven't encountered a null byte so far, and haven't reached > > > the end of the address space), we return `res`, which is the same as > > > `count`. Are you sure? > > > > Oh, whew, there is only 1 arch-specific implementation of this. I > > thought you meant there was multiple implementations. > > Not sure what you're talking about. Are you talking about > implementations of strncpy_from_user()? Ah, I used a bad match. But it seems it's only about half (and not x86, arm, powerpc). -- Kees Cook