drivers/crypto/hisilicon/qm.c:1579:2: warning: 'strncpy' specified bound 64 equals destination size

drivers/crypto/hisilicon/qm.c:1579:2: warning: 'strncpy' specified bound 64 equals destination size

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 2964 bytes --]

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   d6f9469a03d832dcd17041ed67774ffb5f3e73b3
commit: 9e00df7156e45e42c695ffc596b4bf1328d00516 crypto: hisilicon - register zip engine to uacce
date:   3 months ago
config: ia64-randconfig-r026-20200603 (attached as .config)
compiler: ia64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        git checkout 9e00df7156e45e42c695ffc596b4bf1328d00516
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=ia64 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>, old ones prefixed by <<):

In function 'qm_alloc_uacce',
inlined from 'hisi_qm_init' at drivers/crypto/hisilicon/qm.c:1660:8:
>> drivers/crypto/hisilicon/qm.c:1579:2: warning: 'strncpy' specified bound 64 equals destination size [-Wstringop-truncation]
1579 |  strncpy(interface.name, pdev->driver->name, sizeof(interface.name));
|  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

vim +/strncpy +1579 drivers/crypto/hisilicon/qm.c

  1567	
  1568	static int qm_alloc_uacce(struct hisi_qm *qm)
  1569	{
  1570		struct pci_dev *pdev = qm->pdev;
  1571		struct uacce_device *uacce;
  1572		unsigned long mmio_page_nr;
  1573		unsigned long dus_page_nr;
  1574		struct uacce_interface interface = {
  1575			.flags = UACCE_DEV_SVA,
  1576			.ops = &uacce_qm_ops,
  1577		};
  1578	
> 1579		strncpy(interface.name, pdev->driver->name, sizeof(interface.name));
  1580	
  1581		uacce = uacce_alloc(&pdev->dev, &interface);
  1582		if (IS_ERR(uacce))
  1583			return PTR_ERR(uacce);
  1584	
  1585		if (uacce->flags & UACCE_DEV_SVA) {
  1586			qm->use_sva = true;
  1587		} else {
  1588			/* only consider sva case */
  1589			uacce_remove(uacce);
  1590			qm->uacce = NULL;
  1591			return -EINVAL;
  1592		}
  1593	
  1594		uacce->is_vf = pdev->is_virtfn;
  1595		uacce->priv = qm;
  1596		uacce->algs = qm->algs;
  1597	
  1598		if (qm->ver == QM_HW_V1) {
  1599			mmio_page_nr = QM_DOORBELL_PAGE_NR;
  1600			uacce->api_ver = HISI_QM_API_VER_BASE;
  1601		} else {
  1602			mmio_page_nr = QM_DOORBELL_PAGE_NR +
  1603				QM_DOORBELL_SQ_CQ_BASE_V2 / PAGE_SIZE;
  1604			uacce->api_ver = HISI_QM_API_VER2_BASE;
  1605		}
  1606	
  1607		dus_page_nr = (PAGE_SIZE - 1 + qm->sqe_size * QM_Q_DEPTH +
  1608			       sizeof(struct qm_cqe) * QM_Q_DEPTH) >> PAGE_SHIFT;
  1609	
  1610		uacce->qf_pg_num[UACCE_QFRT_MMIO] = mmio_page_nr;
  1611		uacce->qf_pg_num[UACCE_QFRT_DUS]  = dus_page_nr;
  1612	
  1613		qm->uacce = uacce;
  1614	
  1615		return 0;
  1616	}
  1617	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 37110 bytes --]

[PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Zhangfei Gao]

Use strlcpy to fix the warning
warning: 'strncpy' specified bound 64 equals destination size
         [-Wstringop-truncation]

Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
 drivers/crypto/hisilicon/qm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
index f795fb5..224f3e2 100644
--- a/drivers/crypto/hisilicon/qm.c
+++ b/drivers/crypto/hisilicon/qm.c
@@ -1574,7 +1574,7 @@ static int qm_alloc_uacce(struct hisi_qm *qm)
 		.ops = &uacce_qm_ops,
 	};
 
-	strncpy(interface.name, pdev->driver->name, sizeof(interface.name));
+	strlcpy(interface.name, pdev->driver->name, sizeof(interface.name));
 
 	uacce = uacce_alloc(&pdev->dev, &interface);
 	if (IS_ERR(uacce))
-- 
2.7.4

Re: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Herbert Xu]

On Thu, Jun 04, 2020 at 11:32:04AM +0800, Zhangfei Gao wrote:
> Use strlcpy to fix the warning
> warning: 'strncpy' specified bound 64 equals destination size
>          [-Wstringop-truncation]
> 
> Reported-by: kernel test robot <lkp@intel.com>
> Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
> ---
>  drivers/crypto/hisilicon/qm.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
> index f795fb5..224f3e2 100644
> --- a/drivers/crypto/hisilicon/qm.c
> +++ b/drivers/crypto/hisilicon/qm.c
> @@ -1574,7 +1574,7 @@ static int qm_alloc_uacce(struct hisi_qm *qm)
>  		.ops = &uacce_qm_ops,
>  	};
>  
> -	strncpy(interface.name, pdev->driver->name, sizeof(interface.name));
> +	strlcpy(interface.name, pdev->driver->name, sizeof(interface.name));

Should this even allow truncation? Perhaps it'd be better to fail
in case of an overrun?

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Zhangfei Gao]

On 2020/6/4 上午11:39, Herbert Xu wrote:
> On Thu, Jun 04, 2020 at 11:32:04AM +0800, Zhangfei Gao wrote:
>> Use strlcpy to fix the warning
>> warning: 'strncpy' specified bound 64 equals destination size
>>           [-Wstringop-truncation]
>>
>> Reported-by: kernel test robot <lkp@intel.com>
>> Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
>> ---
>>   drivers/crypto/hisilicon/qm.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
>> index f795fb5..224f3e2 100644
>> --- a/drivers/crypto/hisilicon/qm.c
>> +++ b/drivers/crypto/hisilicon/qm.c
>> @@ -1574,7 +1574,7 @@ static int qm_alloc_uacce(struct hisi_qm *qm)
>>   		.ops = &uacce_qm_ops,
>>   	};
>>   
>> -	strncpy(interface.name, pdev->driver->name, sizeof(interface.name));
>> +	strlcpy(interface.name, pdev->driver->name, sizeof(interface.name));
> Should this even allow truncation? Perhaps it'd be better to fail
> in case of an overrun?
I think we do not need consider overrun, since it at most copy size-1 
bytes to dest.
 From the manual: strlcpy()
        This  function  is  similar  to  strncpy(), but it copies at 
most size-1 bytes to dest, always adds a terminating null
        byte,
And simple tested with smaller SIZE of interface.name,  only SIZE-1 is 
copied, so it is safe.
-#define UACCE_MAX_NAME_SIZE    64
+#define UACCE_MAX_NAME_SIZE    4

Thanks

Re: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Herbert Xu]

On Thu, Jun 04, 2020 at 02:10:37PM +0800, Zhangfei Gao wrote:
>
> > Should this even allow truncation? Perhaps it'd be better to fail
> > in case of an overrun?
> I think we do not need consider overrun, since it at most copy size-1 bytes
> to dest.
> From the manual: strlcpy()
>        This  function  is  similar  to  strncpy(), but it copies at most
> size-1 bytes to dest, always adds a terminating null
>        byte,
> And simple tested with smaller SIZE of interface.name,  only SIZE-1 is
> copied, so it is safe.
> -#define UACCE_MAX_NAME_SIZE    64
> +#define UACCE_MAX_NAME_SIZE    4

That's not what I meant.  As it is if you do exceed the limit the
name is silently truncated.  Wouldn't it be better to fail the
allocation instead?

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Zhangfei Gao]

On 2020/6/4 下午2:18, Herbert Xu wrote:
> On Thu, Jun 04, 2020 at 02:10:37PM +0800, Zhangfei Gao wrote:
>>> Should this even allow truncation? Perhaps it'd be better to fail
>>> in case of an overrun?
>> I think we do not need consider overrun, since it at most copy size-1 bytes
>> to dest.
>>  From the manual: strlcpy()
>>         This  function  is  similar  to  strncpy(), but it copies at most
>> size-1 bytes to dest, always adds a terminating null
>>         byte,
>> And simple tested with smaller SIZE of interface.name,  only SIZE-1 is
>> copied, so it is safe.
>> -#define UACCE_MAX_NAME_SIZE    64
>> +#define UACCE_MAX_NAME_SIZE    4
> That's not what I meant.  As it is if you do exceed the limit the
> name is silently truncated.  Wouldn't it be better to fail the
> allocation instead?
I think it is fine.
1. Currently the name size is 64, bigger enough.
Simply grep in driver name, 64 should be enough.
We can make it larger when there is a request.
2. it does not matter what the name is, since it is just an interface.
cat /sys/class/uacce/hisi_zip-0/flags
cat /sys/class/uacce/his-0/flags
should be both fine to app only they can be distinguished.
3. It maybe a hard restriction to fail just because of a long name.

What do you think.

Thanks

Re: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Herbert Xu]

On Thu, Jun 04, 2020 at 02:44:16PM +0800, Zhangfei Gao wrote:
>
> I think it is fine.
> 1. Currently the name size is 64, bigger enough.
> Simply grep in driver name, 64 should be enough.
> We can make it larger when there is a request.
> 2. it does not matter what the name is, since it is just an interface.
> cat /sys/class/uacce/hisi_zip-0/flags
> cat /sys/class/uacce/his-0/flags
> should be both fine to app only they can be distinguished.
> 3. It maybe a hard restriction to fail just because of a long name.

I think we should err on the side of caution.  IOW, unless you
know that you need it to succeed when it exceeds the limit, then
you should just make it fail.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Zhou Wang]

On 2020/6/4 14:50, Herbert Xu wrote:
> On Thu, Jun 04, 2020 at 02:44:16PM +0800, Zhangfei Gao wrote:
>>
>> I think it is fine.
>> 1. Currently the name size is 64, bigger enough.
>> Simply grep in driver name, 64 should be enough.
>> We can make it larger when there is a request.
>> 2. it does not matter what the name is, since it is just an interface.
>> cat /sys/class/uacce/hisi_zip-0/flags
>> cat /sys/class/uacce/his-0/flags
>> should be both fine to app only they can be distinguished.
>> 3. It maybe a hard restriction to fail just because of a long name.
> 
> I think we should err on the side of caution.  IOW, unless you
> know that you need it to succeed when it exceeds the limit, then
> you should just make it fail.

Yes. We need make it fail to avoid silent truncation.

> 
> Thanks,
> 

Re: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Zhangfei Gao]

On 2020/6/4 下午2:50, Herbert Xu wrote:
> On Thu, Jun 04, 2020 at 02:44:16PM +0800, Zhangfei Gao wrote:
>> I think it is fine.
>> 1. Currently the name size is 64, bigger enough.
>> Simply grep in driver name, 64 should be enough.
>> We can make it larger when there is a request.
>> 2. it does not matter what the name is, since it is just an interface.
>> cat /sys/class/uacce/hisi_zip-0/flags
>> cat /sys/class/uacce/his-0/flags
>> should be both fine to app only they can be distinguished.
>> 3. It maybe a hard restriction to fail just because of a long name.
> I think we should err on the side of caution.  IOW, unless you
> know that you need it to succeed when it exceeds the limit, then
> you should just make it fail.
Thanks Herbert
Will add a check after the copy.

         strlcpy(interface.name, pdev->driver->name, 
sizeof(interface.name));
         if (strlen(pdev->driver->name) != strlen(interface.name))
                 return -EINVAL;

Will resend the fix after rc1 is open.

Thanks

Re: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Herbert Xu]

On Fri, Jun 05, 2020 at 05:34:32PM +0800, Zhangfei Gao wrote:
> Will add a check after the copy.
> 
>         strlcpy(interface.name, pdev->driver->name, sizeof(interface.name));
>         if (strlen(pdev->driver->name) != strlen(interface.name))
>                 return -EINVAL;

You don't need to do strlen.  The function strlcpy returns the
length of the source string.

Better yet use strscpy which will even return an error for you.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Zhangfei Gao]

On 2020/6/5 下午8:17, Herbert Xu wrote:
> On Fri, Jun 05, 2020 at 05:34:32PM +0800, Zhangfei Gao wrote:
>> Will add a check after the copy.
>>
>>          strlcpy(interface.name, pdev->driver->name, sizeof(interface.name));
>>          if (strlen(pdev->driver->name) != strlen(interface.name))
>>                  return -EINVAL;
> You don't need to do strlen.  The function strlcpy returns the
> length of the source string.
>
> Better yet use strscpy which will even return an error for you.
>
>
Yes, good idea, we can use strscpy.

+       int ret;

-       strncpy(interface.name, pdev->driver->name, sizeof(interface.name));
+       ret = strscpy(interface.name, pdev->driver->name, 
sizeof(interface.name));
+       if (ret < 0)
+               return ret;

Will resend later, thanks Herbert.

Re: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Eric Biggers]

On Fri, Jun 05, 2020 at 11:26:20PM +0800, Zhangfei Gao wrote:
> 
> 
> On 2020/6/5 下午8:17, Herbert Xu wrote:
> > On Fri, Jun 05, 2020 at 05:34:32PM +0800, Zhangfei Gao wrote:
> > > Will add a check after the copy.
> > > 
> > >          strlcpy(interface.name, pdev->driver->name, sizeof(interface.name));
> > >          if (strlen(pdev->driver->name) != strlen(interface.name))
> > >                  return -EINVAL;
> > You don't need to do strlen.  The function strlcpy returns the
> > length of the source string.
> > 
> > Better yet use strscpy which will even return an error for you.
> > 
> > 
> Yes, good idea, we can use strscpy.
> 
> +       int ret;
> 
> -       strncpy(interface.name, pdev->driver->name, sizeof(interface.name));
> +       ret = strscpy(interface.name, pdev->driver->name,
> sizeof(interface.name));
> +       if (ret < 0)
> +               return ret;

You might want to use -ENAMETOOLONG instead of the strscpy return value of
-E2BIG.

Re: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Zhangfei Gao]

On 2020/6/5 下午11:49, Eric Biggers wrote:
> On Fri, Jun 05, 2020 at 11:26:20PM +0800, Zhangfei Gao wrote:
>>
>> On 2020/6/5 下午8:17, Herbert Xu wrote:
>>> On Fri, Jun 05, 2020 at 05:34:32PM +0800, Zhangfei Gao wrote:
>>>> Will add a check after the copy.
>>>>
>>>>           strlcpy(interface.name, pdev->driver->name, sizeof(interface.name));
>>>>           if (strlen(pdev->driver->name) != strlen(interface.name))
>>>>                   return -EINVAL;
>>> You don't need to do strlen.  The function strlcpy returns the
>>> length of the source string.
>>>
>>> Better yet use strscpy which will even return an error for you.
>>>
>>>
>> Yes, good idea, we can use strscpy.
>>
>> +       int ret;
>>
>> -       strncpy(interface.name, pdev->driver->name, sizeof(interface.name));
>> +       ret = strscpy(interface.name, pdev->driver->name,
>> sizeof(interface.name));
>> +       if (ret < 0)
>> +               return ret;
> You might want to use -ENAMETOOLONG instead of the strscpy return value of
> -E2BIG.
Yes, make sense, thanks Eric

RE: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[David Laight]

From: Herbert Xu
> Sent: 05 June 2020 13:17
...
> Better yet use strscpy which will even return an error for you.

It really ought to return the buffer length on truncation.
Then you can loop:
	while(...)
		buf += strxxxcpy(buf, src, buf_end - buf);
and only check right at the end.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Re: [PATCH] crypto: hisilicon - fix strncpy warning with strlcpy

[Eric Biggers]

On Sun, Jun 07, 2020 at 01:03:45PM +0000, David Laight wrote:
> From: Herbert Xu
> > Sent: 05 June 2020 13:17
> ...
> > Better yet use strscpy which will even return an error for you.
> 
> It really ought to return the buffer length on truncation.
> Then you can loop:
> 	while(...)
> 		buf += strxxxcpy(buf, src, buf_end - buf);
> and only check right at the end.
> 
> 	David

scnprintf() can be used for that.

But that doesn't seem relevant to this patch.

- Eric

[PATCH v2] crypto: hisilicon - fix strncpy warning with strscpy

[Zhangfei Gao]

Use strscpy to fix the warning
warning: 'strncpy' specified bound 64 equals destination size

Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
v2: Use strscpy instead of strlcpy since better truncation handling
    suggested by Herbert
    Rebase to 5.8-rc1

 drivers/crypto/hisilicon/qm.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
index 9bb263cec6c3..8ac293afa8ab 100644
--- a/drivers/crypto/hisilicon/qm.c
+++ b/drivers/crypto/hisilicon/qm.c
@@ -2179,8 +2179,12 @@ static int qm_alloc_uacce(struct hisi_qm *qm)
 		.flags = UACCE_DEV_SVA,
 		.ops = &uacce_qm_ops,
 	};
+	int ret;
 
-	strncpy(interface.name, pdev->driver->name, sizeof(interface.name));
+	ret = strscpy(interface.name, pdev->driver->name,
+		      sizeof(interface.name));
+	if (ret < 0)
+		return -ENAMETOOLONG;
 
 	uacce = uacce_alloc(&pdev->dev, &interface);
 	if (IS_ERR(uacce))
-- 
2.23.0

Re: [PATCH v2] crypto: hisilicon - fix strncpy warning with strscpy

[Herbert Xu]

On Mon, Jun 15, 2020 at 11:38:37AM +0800, Zhangfei Gao wrote:
> Use strscpy to fix the warning
> warning: 'strncpy' specified bound 64 equals destination size
> 
> Reported-by: kernel test robot <lkp@intel.com>
> Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
> ---
> v2: Use strscpy instead of strlcpy since better truncation handling
>     suggested by Herbert
>     Rebase to 5.8-rc1
> 
>  drivers/crypto/hisilicon/qm.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt