Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752570AbdLLQCm (ORCPT ); Tue, 12 Dec 2017 11:02:42 -0500 Received: from mail-eopbgr30117.outbound.protection.outlook.com ([40.107.3.117]:51712 "EHLO EUR03-AM5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750853AbdLLQCk (ORCPT ); Tue, 12 Dec 2017 11:02:40 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=aryabinin@virtuozzo.com; Subject: Re: [PATCH] lib/string: avoid reading beyond src buffer in strscpy To: David Laight , Kees Cook , Dmitry Vyukov Cc: Eryu Guan , LKML , Andrew Morton , Chris Metcalf , Alexander Potapenko , Linus Torvalds References: <20171207113324.24388-1-eguan@redhat.com> <9f0a9cf6-51f7-cd1f-5dc6-6d510a7b8ec4@virtuozzo.com> <46584b52-f2f2-a602-1ae6-cfa0e321324a@virtuozzo.com> <2a9ca72e28ba44198f07f4e412970ad9@AcuMS.aculab.com> From: Andrey Ryabinin Message-ID: Date: Tue, 12 Dec 2017 19:06:12 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <2a9ca72e28ba44198f07f4e412970ad9@AcuMS.aculab.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [195.214.232.6] X-ClientProxiedBy: HE1P190CA0019.EURP190.PROD.OUTLOOK.COM (2603:10a6:3:bc::29) To VI1PR08MB2829.eurprd08.prod.outlook.com (2603:10a6:802:19::26) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8331e8ba-139e-4ce0-c7f1-08d54179c355 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(5600026)(4604075)(4534020)(4602075)(7168020)(4627115)(201703031133081)(201702281549075)(2017052603307);SRVR:VI1PR08MB2829; X-Microsoft-Exchange-Diagnostics: 1;VI1PR08MB2829;3:ida9P5JaNnYH57LTKfFm82yljD+M47XE/YiIaY9Zo+PZiCDfmz5OTEm2laYGRjOgC743qZntcp6JE6tHIPjZ0N04Vu6ZgTP4bj8+Q0O8604LcKjWUNgUl9ke6+QwVhxK/OQ85v2Huk48I224qoAFzJdZfIc+f8vOQwMDCl7QDS4Ev8hwE2dDpwZXC0qjZBZdAyL+eGVsE559r3/XtO/jd7HR8HQSAvmemdavJz4Bwwmdo2mPqyPkUdXib70cEwlS;25:pXF2OzzxMdgqfkZfP5oA+O8/wHbwFQC/O0dYcHlnkqiOziCqrd6MI1PLlCDT30akdIHom7AMkYXBAz7hSUTq9LrA0azPalxMFqodwXsRsaxT1Mpfr66HZjzkPneDTMz2NQOAAHMn13VNNf866KaLZMUP4tOZfhWx6HTM8JhIjLb9vZNy/UztOUS/V0uzHE47ROC6eiE0FcYFTtHp+LRlyH7MJMATYnGusThWkwsvN9ppf1xlKk7+6TGC/WT5fVZO1e5sG3U+1OZASZVkPqoRgRELDFyIeS7bsbmP8osBoNo8tqQxi0WT5ZmNdyX8lmPccWRzWrVwYOgI9WJkAHYiqA==;31:yzrh67SKuP2bbkmre1TWpwVdRw89fJqq6PWZAuVhWOVDIdGQQhxC+r4ZYgLj02mrqDUl7hYGEaW7P5hpfkBj1HOs6xjM0EG8aAt49sU54g4QA29JgTlttnozwDqHZbf0qdBzAx3Obkc4jM3JldHQtGjZsQ9i2WRSd5lJzFEqNeYYpuXo8WLWKTWTSNX8xHNXC0f/irv67D2RuJFfwE5PXR+1e/szQLO/aqJZEu9If8U= X-MS-TrafficTypeDiagnostic: VI1PR08MB2829: X-Microsoft-Exchange-Diagnostics: 1;VI1PR08MB2829;20:p/puq9G5lAAjy+tBWrent1xlVI2c/aqxr/IDma87BGinn6ylqMe/6UurHT9pngu5NR9MzsP3YlTzV0/B2dIrYQf00Q43ISzrakTvg906GZ/hd/l83zTUAl5rCL5kAJOnyXWqBHIi2npOOZH9xuxneVrJj0doxQzzGOb8RixPId+V8i6RCfxTz9MAn90RykVNXvccy7AWi/nSc1uMbH9Ngr51/UN6/T5sl88fvZyDkQmvdPNCywdlKz5WCLK3H1kAPqbNjIQXWqFG33RIFj1esobb+oWtzg1CZeLv6+0b/l4cOQYcjq7yKg7paWnRFqGVcoXKs66dCph70lEB+oekY0FvcfaSJ/xmN44FGbv/XFvK5VZqZ8LGvGIVwSnMcgCdaEXcArbd7gljiV34MWqkUIj2YlubcRQGVvNWuaS0hkY=;4:Y69cBIAjoJUSdfkxrg6urxZDQ2RUAHGBXwP221esi+3at87Tub9eOXHcqEvRry5wgTPANbOnzdSgDBMQhQdt+HK6yKzlXftPKGF2RjMQB1Axr0S1GiMK/ZaV09S0R4Q4G2VEC5om8JUVtVbh16aL79lAay8RAia8WxzTgTqLC894RwxpN0t0rghjYXbcb2/DfEnSWmNrtaIXu3gnosNlAiqssYNTS9ouPDoI58l6cMvL3y/8vHZFJplX+himPSXHEmaM/C+YTStPnX8dPo5zbw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231023)(3002001)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123555025)(20161123562025)(6072148)(201708071742011);SRVR:VI1PR08MB2829;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:VI1PR08MB2829; X-Forefront-PRVS: 051900244E X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(6049001)(346002)(376002)(366004)(24454002)(199004)(189003)(52116002)(2906002)(316002)(16576012)(2486003)(478600001)(55236003)(93886005)(64126003)(50466002)(23676004)(66066001)(52146003)(25786009)(65806001)(65956001)(110136005)(58126008)(47776003)(53546010)(54906003)(229853002)(6486002)(16526018)(36756003)(76176011)(77096006)(7736002)(6116002)(8936002)(3846002)(230700001)(68736007)(53936002)(305945005)(6246003)(31686004)(5660300001)(4326008)(86362001)(97736004)(83506002)(81166006)(2950100002)(8676002)(65826007)(81156014)(106356001)(6666003)(105586002)(31696002)(129583001)(51014002)(156123004);DIR:OUT;SFP:1102;SCL:1;SRVR:VI1PR08MB2829;H:[172.16.25.12];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtWSTFQUjA4TUIyODI5OzIzOmFoZWViQVV4SkZaMnhhQVQyakl2UmlnUlVV?= =?utf-8?B?QkZZTHFTbER2WnFPbjlWYTB3SGtLblZjZ3ZFeGN6WFhzZU1NSTVobXF2SDN0?= =?utf-8?B?R3BEOEtRbFpnUithVk01TytxTDlnaVJRcnlwRkRDeXd6RnNPZ3pJM3ZWZUtZ?= =?utf-8?B?VzIwOWlXelYxRmFFanlESFhOdHN6dk9nSWFMUGVDZWtqOThNdElMLzdxajAv?= =?utf-8?B?b1QwSGhvemZUMGhTMlA4alRod3ZONlcvR0NMREpqUHpjcUJjeVFNd05iblRF?= =?utf-8?B?YnVybDhJUU1IOWpQanQveHB4WGlNcExPeWtod0ZpNHl2eUFtclA2TUFRbTJR?= =?utf-8?B?dHgzZ1RUVm1qOFg5QVpkaElWZkV0QlBzekZSczFSeGYrSkZ5bXV0ZmRiOUQ2?= =?utf-8?B?QStuRjBxMDhOV3JGY2IzSGx5NnRRNWhGcUhWREswWGgyVlBZaTQ2TGFVU2VB?= =?utf-8?B?cGpLMDIxUXQ2OVY4cW9IS244ckVMRGFPLzY0TXRZNHpvdUhpR0p0WG4rblNF?= =?utf-8?B?bjdUNGRtdGF1VFhXYnV6M25yNldTTUNuY2lpM1ZFS1hMMXlDUHRuNDZ1ZGtj?= =?utf-8?B?YTczbGFnQmVjelhPQ2ExbG0xWGVYbXE4OXNGL3hWeXc5eG1nZ01CT1BMNXVC?= =?utf-8?B?WmhzWVBBRG11MzdCRUxEZENMMHN6VHM4RXFheXBaTWVKc1Q5Mlh5TnlhVHBt?= =?utf-8?B?Q3dJTGF1bVVoSDJHYUNjWDltN2ppejUxMUpzUXJndVd5emQxY29UR1E0cFEx?= =?utf-8?B?NDBDT0Rlb1RWaDMrRTQ4cFJBbzIrdUpUNEhwdFpkc201MVpoVDBZSmE5bXZY?= =?utf-8?B?YTNBclpGdm1LRnIvVVdWK21hNS9pbWxES2FwanpCVVQwWXlwS291K3NTS240?= =?utf-8?B?Q29VRTZDUGtmMUZMRnpIUWVsZUNPeHJhMklrQjJKdnZDNkR1ZDJFZUg2MmY2?= =?utf-8?B?TTk3VDRrejZZUDVkbVlPQnIrSUw2UDBZS3RJSnZ0UXZ3NS94WVdLdjVFK2lt?= =?utf-8?B?L0dKaG1mVG8yUlA3ZGpzVWtHRnEvWUQyUnd1TmRwc3Z5NVRMSkNuNnF4amtF?= =?utf-8?B?RjE1d3dlQUFjSzVwME5IWEIvcERWUFNieFVNektiRGV5L2dBdzlTMHZjaWlB?= =?utf-8?B?RlE2ZFB5cnBYd3F3Mi9MZmVDOEVabUZPS1VLbytUckxhQUxOVTNGNmhQNFQ3?= =?utf-8?B?cE1aVHc3Q3NETHNnN2NlQnhkZVRhWG8zRkUrZytIRFQxWU5acno0MFpjb3FO?= =?utf-8?B?b2cwZEVQeWJRYnBjWmNPRXNQVG5YZnhtclczM01CSkMxYzl0NDNOeW9xczVM?= =?utf-8?B?NER3NU85dG14S2FQeGRtTmt0OWdBdWFCeElRMkprRmlUK2F2aTJjZ25iSXIw?= =?utf-8?B?TnlWT0FVZkRENHE5ZExYUVM2eTZoSmx3bDRXdFNGY1E1d3NGUGp0MUxzTVE5?= =?utf-8?B?dXk0SkVNOTJob3dCTEVxRDlsR3o2NjdLY3g3c1kwN1pvK01VL0lzbm1DL3RC?= =?utf-8?B?SU80VE5sQURHUjNJbjBEaG1yL1BmOWFVdGhMSThTSDhIWVJGNWtncjJNdUJ5?= =?utf-8?B?TlZxNjJlUWJZV3F4azVwRWhFNDJYUjBianlMNks1ZTBHMlZkYS9GRHdjdlV1?= =?utf-8?B?TDNBeElZN0xGU2d6R3NYU2l4T3VIa0dKNXJoWmovSXZSWVYzQ0lsK0lvazMx?= =?utf-8?B?a3h5Y3E1UkNNZm1kaVo2RmFMcmlSeXpBMUE3R1hESG5kNXg2Q1pzbGI4eThx?= =?utf-8?B?RXR4NmVRQVA1SHNtV2tVczJLNi9OemdqSWZYcm9MclJ5KzFCRHU3eDA5eXpH?= =?utf-8?B?NjB0WDk3SGpseHRGbzk3cmxMOCtGOFRjZGxYdERtbitITlpwcDBxVkg5dDIz?= =?utf-8?Q?vLzanqF7B3ntMwD/t+yHDAPrh2uhmH0L?= X-Microsoft-Exchange-Diagnostics: 1;VI1PR08MB2829;6:eHdobJvsi2IME/Cyvcm9FzzDmw5CETbfUw+ZpnU4qJOplJZSzwP76LYOMeTSo5+yrwN72ZZYqlcAPk2/eNiA6lk+mZnJb87BaM1s0qAy2EDW5dixy8Vlg+aAdwW4+nd/eqAi1SuAgweO+40jXEEIDwDOJMZC8AGmkA0PS7MH8iiKC4pPLQFk45I02oM53mB6vKLa6UBt5xHnP+gBE5CKCbhGQR1acpuoC3Lo0qPxY1o4vAWL/Lhz2OCTsv6+oYjpAhcefBzbBSHyGEALRUKpeqV1VpLfUgV6qF9FfTwc0MOb1U/CMarW/Iad1cLVYWbqGnwjt+urSjK+1nztZ1qvFKZ/7OoxEenXP6DYkxhsx7A=;5:3ekP/XshsmjM4nI1czeOO1Qy9prd9+O955ZQleMiYGryqb045UAuvUsiwUeHr5VogZbWWqR4Hit1/Zq6aiExfO723YeHYVoOOKBlAFX8rfMVkk/brSehFjU4t2B8qkFuCxpB8eVJVTeMAL2rHdNWmInnc6tv1VE7Tf/ivWacS1g=;24:84MiXPG9phcOFSBqD9GOZGsNbrtcWADGyRtcXqU9QfvmG7YYcCbw5pfjHRaLAbG+hTTMe8Sf9bUF4jwHuUzi3/YDJMXHrMKl9W/akcfki1M=;7:Cqf1ofR5kp4GrCZCjpW+K9Lnw8QbYDjpLZqH4l7e3lIib3puvoJKH7wT4KNoS94JSnZZDbDwZgcn5ywvvSukhNcnIdsPVj4wHEVyJ2wG2nbZJF9nmiDLNIPMiqb0dNVU44zbAkYhW37YBE65vHWZI2xdF8DRxOqJK/0Zpzz0ncFMA558zK8DR0uzMnmKFRowmo218Y11d5IfS0lI3Q1FZmD7sL1cxJdEdXtAyVzOtwUUZMeHyYtWAFqa+N5RtoBg SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;VI1PR08MB2829;20:xVhBdtoZbw+L0vHey1uD26KnUxXAJYxk6jZsuvTafJ9JFr9JdXOHI7GFiVVtYpy2+QYt4m5aYFaH28fdFu1qMbPe4mtg0w7qH5tsbmbgUVmH+uLnU9bdVZJYx0UkRpNlDhoAFJfBO3WySupQxl92vv8FR5v9v119NdAqVDVo8IU= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2017 16:02:35.8226 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8331e8ba-139e-4ce0-c7f1-08d54179c355 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2829 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 664 Lines: 19 On 12/12/2017 01:19 PM, David Laight wrote: > From: Andrey Ryabinin >> Sent: 11 December 2017 16:44 > ... >> I suppose that depends on which one strscpy() caller you'd want to test. >> Briefly looking at all current users, it doesn't look like they process huge amounts >> of data through strscpy(), thus we shouldn't suffer from a slight >> performance degradation of strscpy(). > > Don't most of the fast string functions use the same kind of > optimisations. > strlen() is very likely to do 64 bit reads and then shifts (etc) > to determine whether any of the bytes are zero. > See for yourself, strscpy() is the only sting function doing this. > David >