Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752025AbbD3QBf (ORCPT ); Thu, 30 Apr 2015 12:01:35 -0400 Received: from mail-am1on0090.outbound.protection.outlook.com ([157.56.112.90]:5554 "EHLO emea01-am1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750823AbbD3QBb (ORCPT ); Thu, 30 Apr 2015 12:01:31 -0400 Authentication-Results: spf=fail (sender IP is 12.216.194.146) smtp.mailfrom=ezchip.com; vger.kernel.org; dkim=none (message not signed) header.d=none; From: Chris Metcalf To: Linus Torvalds CC: Chris Metcalf , Al Viro , Fabian Frederick , Randy Dunlap , Rickard Strandqvist , , Peter Zijlstra , "David S. Miller" , Frederic Weisbecker , Andrew Morton , Sam Ravnborg , Stephen Rothwell , "Theodore Ts'o" , "Grant Likely" , Linux Kernel Mailing List , Subject: [PATCH 0/3] add new strscpy() API for string copy Date: Thu, 30 Apr 2015 12:01:14 -0400 Message-ID: <1430409677-13284-1-git-send-email-cmetcalf@ezchip.com> X-Mailer: git-send-email 2.1.2 In-Reply-To: X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:12.216.194.146;CTRY:US;IPV:NLI;EFV:NLI;SFV:NSPM;SFS:(10009020)(6009001)(339900001)(199003)(189002)(47776003)(46102003)(86362001)(77156002)(62966003)(42186005)(5001960100002)(36756003)(50986999)(87936001)(85426001)(2950100001)(50226001)(15975445007)(110136002)(19580395003)(6806004)(104016003)(50466002)(48376002)(92566002)(105606002)(33646002)(106466001)(229853001)(21314002);DIR:OUT;SFP:1101;SCL:1;SRVR:DB5PR02MB0773;H:ld-1.internal.tilera.com;FPR:;SPF:Fail;MLV:sfv;A:1;MX:1;LANG:en; MIME-Version: 1.0 Content-Type: text/plain X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB5PR02MB0773; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(5005006)(3002001);SRVR:DB5PR02MB0773;BCL:0;PCL:0;RULEID:;SRVR:DB5PR02MB0773; X-Forefront-PRVS: 056297E276 X-OriginatorOrg: ezchip.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2015 16:01:27.4299 (UTC) X-MS-Exchange-CrossTenant-Id: 0fc16e0a-3cd3-4092-8b2f-0a42cff122c3 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0fc16e0a-3cd3-4092-8b2f-0a42cff122c3;Ip=[12.216.194.146];Helo=[ld-1.internal.tilera.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR02MB0773 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3441 Lines: 81 This patch series addresses limitations in strncpy() and strlcpy(); both the old APIs are unpleasant, as Linus nicely summarized here a couple of days ago: https://lkml.org/lkml/2015/4/28/570 and of course as other folks (Greg K-H and Linus again) said last year: https://plus.google.com/+gregkroahhartman/posts/1amLbuhWbh5 The proposed new API (strscpy(), for "s"afe string copy) has an easy-to-use API for detecting buffer overflow, avoids unsafe truncation by default, and isn't subject to thread-safety attacks like the current strlcpy implementation. See patch 2/3 for more on why strscpy() is a good thing. To make strscpy() work more efficiently I did the minimum tweaking necessary to allow to work on all architectures, though of course individual maintainers can still make their versions more efficient as needed. It's likely not necessary for per-architecture implementations of strscpy() to be written, but I stuck with the standard __HAVE_ARCH_XXX model just for consistency with the rest of . I tested the implementation with a simple user-space harness, so I believe it is correct for the corner cases I could think of. In particular I pairwise-tested all the unaligned values of source and dest, and tested the restriction on src page-crossing at all unaligned offsets approaching the page boundary. This builds on an earlier version of strscpy() submitted as a file-static method in the arch/tile/gxio tree last year, after an attempt to gather interest in a new generic strscpy failed: https://lkml.org/lkml/2014/8/7/368 The patch series is available to be pulled from git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile.git strscpy Chris Metcalf (3): Make asm/word-at-a-time.h available on all architectures string: provide strscpy() and strscpy_truncate() tile: use global strscpy() rather than private copy arch/arc/include/asm/Kbuild | 1 + arch/avr32/include/asm/Kbuild | 1 + arch/blackfin/include/asm/Kbuild | 1 + arch/c6x/include/asm/Kbuild | 1 + arch/cris/include/asm/Kbuild | 1 + arch/frv/include/asm/Kbuild | 1 + arch/hexagon/include/asm/Kbuild | 1 + arch/ia64/include/asm/Kbuild | 1 + arch/m32r/include/asm/Kbuild | 1 + arch/metag/include/asm/Kbuild | 1 + arch/microblaze/include/asm/Kbuild | 1 + arch/mips/include/asm/Kbuild | 1 + arch/mn10300/include/asm/Kbuild | 1 + arch/nios2/include/asm/Kbuild | 1 + arch/powerpc/include/asm/Kbuild | 1 + arch/s390/include/asm/Kbuild | 1 + arch/score/include/asm/Kbuild | 1 + arch/tile/gxio/mpipe.c | 33 ++--------- arch/tile/include/asm/Kbuild | 1 + arch/um/include/asm/Kbuild | 1 + arch/unicore32/include/asm/Kbuild | 1 + arch/xtensa/include/asm/Kbuild | 1 + include/asm-generic/word-at-a-time.h | 80 ++++++++++++++++++++++--- include/linux/string.h | 6 ++ lib/string.c | 109 +++++++++++++++++++++++++++++++++++ 25 files changed, 212 insertions(+), 37 deletions(-) -- 2.1.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/