linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] SUNRPC: Remove strlcpy
@ 2023-06-14  0:12 Azeem Shaikh
  2023-06-14  1:04 ` Kees Cook
  0 siblings, 1 reply; 3+ messages in thread
From: Azeem Shaikh @ 2023-06-14  0:12 UTC (permalink / raw)
  To: Chuck Lever, Jeff Layton, Kees Cook
  Cc: linux-hardening, Azeem Shaikh, Neil Brown, Olga Kornievskaia,
	Dai Ngo, Tom Talpey, linux-nfs, linux-kernel, Trond Myklebust,
	Anna Schumaker, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, netdev

strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with sysfs_emit().

Direct replacement is safe here since the getter in kernel_params_ops
handles -errno return [3].

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89
[3] https://elixir.bootlin.com/linux/v6.4-rc6/source/include/linux/moduleparam.h#L52

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
---
 net/sunrpc/svc.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index e6d4cec61e47..77326f163801 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -109,13 +109,13 @@ param_get_pool_mode(char *buf, const struct kernel_param *kp)
 	switch (*ip)
 	{
 	case SVC_POOL_AUTO:
-		return strlcpy(buf, "auto\n", 20);
+		return sysfs_emit(buf, "auto\n");
 	case SVC_POOL_GLOBAL:
-		return strlcpy(buf, "global\n", 20);
+		return sysfs_emit(buf, "global\n");
 	case SVC_POOL_PERCPU:
-		return strlcpy(buf, "percpu\n", 20);
+		return sysfs_emit(buf, "percpu\n");
 	case SVC_POOL_PERNODE:
-		return strlcpy(buf, "pernode\n", 20);
+		return sysfs_emit(buf, "pernode\n");
 	default:
 		return sprintf(buf, "%d\n", *ip);
 	}
-- 
2.41.0.162.gfafddb0af9-goog



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] SUNRPC: Remove strlcpy
  2023-06-14  0:12 [PATCH v2] SUNRPC: Remove strlcpy Azeem Shaikh
@ 2023-06-14  1:04 ` Kees Cook
  2023-06-14  1:10   ` Azeem Shaikh
  0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2023-06-14  1:04 UTC (permalink / raw)
  To: Azeem Shaikh, Chuck Lever, Jeff Layton, Kees Cook
  Cc: linux-hardening, Neil Brown, Olga Kornievskaia, Dai Ngo,
	Tom Talpey, linux-nfs, linux-kernel, Trond Myklebust,
	Anna Schumaker, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, netdev

On June 13, 2023 5:12:46 PM PDT, Azeem Shaikh <azeemshaikh38@gmail.com> wrote:
>strlcpy() reads the entire source buffer first.
>This read may exceed the destination size limit.
>This is both inefficient and can lead to linear read
>overflows if a source string is not NUL-terminated [1].
>In an effort to remove strlcpy() completely [2], replace
>strlcpy() here with sysfs_emit().
>
>Direct replacement is safe here since the getter in kernel_params_ops
>handles -errno return [3].
>
>[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
>[2] https://github.com/KSPP/linux/issues/89
>[3] https://elixir.bootlin.com/linux/v6.4-rc6/source/include/linux/moduleparam.h#L52
>
>Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
>---
> net/sunrpc/svc.c |    8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
>diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
>index e6d4cec61e47..77326f163801 100644
>--- a/net/sunrpc/svc.c
>+++ b/net/sunrpc/svc.c
>@@ -109,13 +109,13 @@ param_get_pool_mode(char *buf, const struct kernel_param *kp)
> 	switch (*ip)
> 	{
> 	case SVC_POOL_AUTO:
>-		return strlcpy(buf, "auto\n", 20);
>+		return sysfs_emit(buf, "auto\n");
> 	case SVC_POOL_GLOBAL:
>-		return strlcpy(buf, "global\n", 20);
>+		return sysfs_emit(buf, "global\n");
> 	case SVC_POOL_PERCPU:
>-		return strlcpy(buf, "percpu\n", 20);
>+		return sysfs_emit(buf, "percpu\n");
> 	case SVC_POOL_PERNODE:
>-		return strlcpy(buf, "pernode\n", 20);
>+		return sysfs_emit(buf, "pernode\n");
> 	default:
> 		return sprintf(buf, "%d\n", *ip);

Please replace the sprintf too (and then the Subject could be "use sysfs_emit" or so).

-Kees



-- 
Kees Cook

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] SUNRPC: Remove strlcpy
  2023-06-14  1:04 ` Kees Cook
@ 2023-06-14  1:10   ` Azeem Shaikh
  0 siblings, 0 replies; 3+ messages in thread
From: Azeem Shaikh @ 2023-06-14  1:10 UTC (permalink / raw)
  To: Kees Cook
  Cc: Chuck Lever, Jeff Layton, Kees Cook, linux-hardening, Neil Brown,
	Olga Kornievskaia, Dai Ngo, Tom Talpey, linux-nfs, linux-kernel,
	Trond Myklebust, Anna Schumaker, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, netdev

On Tue, Jun 13, 2023 at 9:04 PM Kees Cook <kees@kernel.org> wrote:
>
> On June 13, 2023 5:12:46 PM PDT, Azeem Shaikh <azeemshaikh38@gmail.com> wrote:
> >strlcpy() reads the entire source buffer first.
> >This read may exceed the destination size limit.
> >This is both inefficient and can lead to linear read
> >overflows if a source string is not NUL-terminated [1].
> >In an effort to remove strlcpy() completely [2], replace
> >strlcpy() here with sysfs_emit().
> >
> >Direct replacement is safe here since the getter in kernel_params_ops
> >handles -errno return [3].
> >
> >[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> >[2] https://github.com/KSPP/linux/issues/89
> >[3] https://elixir.bootlin.com/linux/v6.4-rc6/source/include/linux/moduleparam.h#L52
> >
> >Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
> >---
> > net/sunrpc/svc.c |    8 ++++----
> > 1 file changed, 4 insertions(+), 4 deletions(-)
> >
> >diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
> >index e6d4cec61e47..77326f163801 100644
> >--- a/net/sunrpc/svc.c
> >+++ b/net/sunrpc/svc.c
> >@@ -109,13 +109,13 @@ param_get_pool_mode(char *buf, const struct kernel_param *kp)
> >       switch (*ip)
> >       {
> >       case SVC_POOL_AUTO:
> >-              return strlcpy(buf, "auto\n", 20);
> >+              return sysfs_emit(buf, "auto\n");
> >       case SVC_POOL_GLOBAL:
> >-              return strlcpy(buf, "global\n", 20);
> >+              return sysfs_emit(buf, "global\n");
> >       case SVC_POOL_PERCPU:
> >-              return strlcpy(buf, "percpu\n", 20);
> >+              return sysfs_emit(buf, "percpu\n");
> >       case SVC_POOL_PERNODE:
> >-              return strlcpy(buf, "pernode\n", 20);
> >+              return sysfs_emit(buf, "pernode\n");
> >       default:
> >               return sprintf(buf, "%d\n", *ip);
>
> Please replace the sprintf too (and then the Subject could be "use sysfs_emit" or so).

Ah sorry, I missed the "replace default sprintf too" part in the
previous thread. Resending.

>
> -Kees
>
>
>
> --
> Kees Cook

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-06-14  1:11 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-14  0:12 [PATCH v2] SUNRPC: Remove strlcpy Azeem Shaikh
2023-06-14  1:04 ` Kees Cook
2023-06-14  1:10   ` Azeem Shaikh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).