Follow the advice of the below link and prefer 'strscpy' in this
subsystem. Conversion is 1:1 because the return value is not used.
Generated by a coccinelle script.
Link: https://lore.kernel.org/r/CAHk-=wgfRnXz0W3D37d01q3JFkr_i_uTL=V6A6G1oUZcprmknw@mail.gmail.com/
Signed-off-by: Wolfram Sang <[email protected]>
---
fs/gfs2/ops_fstype.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
index 549879929c84..b57d9bf4b123 100644
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -381,8 +381,8 @@ static int init_names(struct gfs2_sbd *sdp, int silent)
if (!table[0])
table = sdp->sd_vfs->s_id;
- strlcpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
- strlcpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
+ strscpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
+ strscpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
table = sdp->sd_table_name;
while ((table = strchr(table, '/')))
@@ -1439,13 +1439,13 @@ static int gfs2_parse_param(struct fs_context *fc, struct fs_parameter *param)
switch (o) {
case Opt_lockproto:
- strlcpy(args->ar_lockproto, param->string, GFS2_LOCKNAME_LEN);
+ strscpy(args->ar_lockproto, param->string, GFS2_LOCKNAME_LEN);
break;
case Opt_locktable:
- strlcpy(args->ar_locktable, param->string, GFS2_LOCKNAME_LEN);
+ strscpy(args->ar_locktable, param->string, GFS2_LOCKNAME_LEN);
break;
case Opt_hostdata:
- strlcpy(args->ar_hostdata, param->string, GFS2_LOCKNAME_LEN);
+ strscpy(args->ar_hostdata, param->string, GFS2_LOCKNAME_LEN);
break;
case Opt_spectator:
args->ar_spectator = 1;
--
2.35.1
On 18/08/2022 22:01, Wolfram Sang wrote:
> Follow the advice of the below link and prefer 'strscpy' in this
> subsystem. Conversion is 1:1 because the return value is not used.
> Generated by a coccinelle script.
>
> Link: https://lore.kernel.org/r/CAHk-=wgfRnXz0W3D37d01q3JFkr_i_uTL=V6A6G1oUZcprmknw@mail.gmail.com/
> Signed-off-by: Wolfram Sang <[email protected]>
> ---
> fs/gfs2/ops_fstype.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
> index 549879929c84..b57d9bf4b123 100644
> --- a/fs/gfs2/ops_fstype.c
> +++ b/fs/gfs2/ops_fstype.c
> @@ -381,8 +381,8 @@ static int init_names(struct gfs2_sbd *sdp, int silent)
> if (!table[0])
> table = sdp->sd_vfs->s_id;
>
> - strlcpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
> - strlcpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
> + strscpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
> + strscpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
Perhaps the size should be changed to GFS2_LOCKNAME_LEN to match the
size of the destination, too.
With that addition, this patch fixes this syzkaller report:
https://listman.redhat.com/archives/cluster-devel/2022-August/022755.html
Andy
>
> table = sdp->sd_table_name;
> while ((table = strchr(table, '/')))
> @@ -1439,13 +1439,13 @@ static int gfs2_parse_param(struct fs_context *fc, struct fs_parameter *param)
>
> switch (o) {
> case Opt_lockproto:
> - strlcpy(args->ar_lockproto, param->string, GFS2_LOCKNAME_LEN);
> + strscpy(args->ar_lockproto, param->string, GFS2_LOCKNAME_LEN);
> break;
> case Opt_locktable:
> - strlcpy(args->ar_locktable, param->string, GFS2_LOCKNAME_LEN);
> + strscpy(args->ar_locktable, param->string, GFS2_LOCKNAME_LEN);
> break;
> case Opt_hostdata:
> - strlcpy(args->ar_hostdata, param->string, GFS2_LOCKNAME_LEN);
> + strscpy(args->ar_hostdata, param->string, GFS2_LOCKNAME_LEN);
> break;
> case Opt_spectator:
> args->ar_spectator = 1;
Hi Andy.
> > - strlcpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
> > - strlcpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
> > + strscpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
> > + strscpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
>
> Perhaps the size should be changed to GFS2_LOCKNAME_LEN to match the size of
> the destination, too.
>
> With that addition, this patch fixes this syzkaller report:
>
> https://listman.redhat.com/archives/cluster-devel/2022-August/022755.html
Linus wrote another summary about strlcpy vs. strscpy use[1]. So, the
size argument should be the size of the smaller buffer if the buffers
are of different size. GFS2_LOCKNAME_LEN is smaller, so that looks
suitable. Shall I resend the patch with the suggested change?
All the best,
Wolfram
[1] https://lore.kernel.org/lkml/CAHk-=wi+xbVq++uqW9YgWpHjyBHNB8a-xad+Xp23-B+eodLCEA@mail.gmail.com/
On 24/08/2022 21:08, Wolfram Sang wrote:
> Hi Andy.
>
>>> - strlcpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
>>> - strlcpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
>>> + strscpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
>>> + strscpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
>>
>> Perhaps the size should be changed to GFS2_LOCKNAME_LEN to match the size of
>> the destination, too.
>>
>> With that addition, this patch fixes this syzkaller report:
>>
>> https://listman.redhat.com/archives/cluster-devel/2022-August/022755.html
>
> Linus wrote another summary about strlcpy vs. strscpy use[1]. So, the
> size argument should be the size of the smaller buffer if the buffers
> are of different size. GFS2_LOCKNAME_LEN is smaller, so that looks
> suitable. Shall I resend the patch with the suggested change?
Yes, please. I can't speak for the gfs2 maintainers but I think it would
be a good plan, as the combination of strscpy and the size change fixes
a bug.
Andy
>
> All the best,
>
> Wolfram
>
> [1] https://lore.kernel.org/lkml/CAHk-=wi+xbVq++uqW9YgWpHjyBHNB8a-xad+Xp23-B+eodLCEA@mail.gmail.com/
>
Wolfram and Andy,
On Thu, Aug 25, 2022 at 11:33 AM Andrew Price <[email protected]> wrote:
> On 24/08/2022 21:08, Wolfram Sang wrote:
> > Hi Andy.
> >
> >>> - strlcpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
> >>> - strlcpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
> >>> + strscpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
> >>> + strscpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
> >>
> >> Perhaps the size should be changed to GFS2_LOCKNAME_LEN to match the size of
> >> the destination, too.
> >>
> >> With that addition, this patch fixes this syzkaller report:
> >>
> >> https://listman.redhat.com/archives/cluster-devel/2022-August/022755.html
> >
> > Linus wrote another summary about strlcpy vs. strscpy use[1]. So, the
> > size argument should be the size of the smaller buffer if the buffers
> > are of different size. GFS2_LOCKNAME_LEN is smaller, so that looks
> > suitable. Shall I resend the patch with the suggested change?
>
> Yes, please. I can't speak for the gfs2 maintainers but I think it would
> be a good plan, as the combination of strscpy and the size change fixes
> a bug.
thanks, I've fixed this in for-next now:
https://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git/commit/?h=for-next&id=204c0300c4e99707e9fb6e57840aa1127060e63f
Andreas