Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp4545980imm; Wed, 30 May 2018 07:35:32 -0700 (PDT) X-Google-Smtp-Source: ADUXVKK/R8+DLhNGPMD+mwZvo2fwpX8MJpkxuTxn+8TjftNwk0Ur4VC3RitoxL75Wga9Kj1MhGDi X-Received: by 2002:a65:4443:: with SMTP id e3-v6mr2496804pgq.348.1527690932865; Wed, 30 May 2018 07:35:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527690932; cv=none; d=google.com; s=arc-20160816; b=cg1Fm3wdtSKvv/eimi0QktGKa60XUzYQm/fopK1LpqDJw14XDmTokM2/xIP2jNZRk0 DONJ43pUlgEFKvdoF/aciXzcwiBMGHIYCJAhUHbgW56mLNntuz2ySU010oot1WLfgBJL jCgMpWwYseeF+6WB2cKvaYwJXxP4vtbyOkJXYac1/ncMey85LcFZERJWlJOMzCLjDRmZ ohQhpIMq3W+8lA1arRsMAfsyltcgnFEdnVuv7uShA3s+9goBiq19Y3Q7vOxFNvRoeH8i BRGaPLRwhR0cEBRbf0gs4EyYs5w4oSWyHsJq3Pxn0vwxCtf64dmFbLc7WA7mQimfwzMW O44Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=gPvARQZrUOmE3rXxS1ubLjf1piAQcbJrweBBYSw9qVU=; b=EWfaps/HaAOmYtxvubj1cB8KWV85SCxvTZCvpbAX7pZygHLhFGOlDkinIEY7KymqU1 waWQ6kQh3Ys09tEdvRoYTLuFZaRBW8fsOmRE82LQaUt8EhJAqxwNPfFHiMZ3kQ9v2WFZ 0vayD6CNTv8thmNduobEnU7JZ6XaEUkiT49BSNfHy92x/+yYXCZZV9l660lKhsIkjA9i mFWorRlXeSCqOSyojElIaGZHDPtQCZETJqI05OzJpCv3m16/0csyfIMyfkzgixUX0B4v CPVnnIRdscdlOHSGiFLom481VW/EL7NOwPKtthKqrcW8LD/fb29UqoYAj+N/sf8I5gPw WrcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HC7Qo7QA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w18-v6si35188482plp.159.2018.05.30.07.35.19; Wed, 30 May 2018 07:35:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HC7Qo7QA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753738AbeE3Oe2 (ORCPT + 99 others); Wed, 30 May 2018 10:34:28 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:50593 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753121AbeE3OeU (ORCPT ); Wed, 30 May 2018 10:34:20 -0400 Received: by mail-wm0-f68.google.com with SMTP id t11-v6so48353064wmt.0 for ; Wed, 30 May 2018 07:34:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=gPvARQZrUOmE3rXxS1ubLjf1piAQcbJrweBBYSw9qVU=; b=HC7Qo7QA1XKak9/wLsczQha3OCxK68Y+NrB2Ckjfz/gVZwIRWIlYPvoGgBkmU6yd36 /k5oDYd0Qn4Xh2FpY7R55TwNPv6NGBPddKMe21kB/ljRoYqFpYPYjkhgnP4V31SOUSV/ 6aG9HYgbtTc/A7fgjc/K46hfYixYhfRar1WGg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=gPvARQZrUOmE3rXxS1ubLjf1piAQcbJrweBBYSw9qVU=; b=DUkqFk8ao45bvZLpS6GZRUE7FkqtuzqWzQ2a6qZy4Q8poE+wPNo73dSdf5iDmsYR5b HWlB+HkqpOVpT0kw/xaBym5e00jHl4Bsih8Ri1b8NVdVjIfcaJ5hFjgosOzFJdEb4IKN fY/qqTh8XnkRbRw/SyYlzRADpkJVAEUEjc/AdMlcLaf6hpRNeeamCk09LaGTqKZ6g2ff UTQXLBGs9QzO+Ka0G8vejJG251ocfTH9FBgB95uoCWs54Y1Ow+cgMv92sKR3i1H8haO3 NIrFja7sF95wwkdg3YcdwZ2fIKW67dxoJ5R8GcNBAX7CkRBFy9SutQkva4QHxUHRerqi 0Skg== X-Gm-Message-State: ALKqPwcs9BYBhqfLOGCLPqytMUyzqn9cWEX5OdkeY3jHLxJ7SeK5eOzh EC75TfZaCISvn2IuQLDHMjwf+g== X-Received: by 2002:a1c:a55:: with SMTP id 82-v6mr1814436wmk.59.1527690858598; Wed, 30 May 2018 07:34:18 -0700 (PDT) Received: from holly.lan (cpc141214-aztw34-2-0-cust773.18-1.cable.virginm.net. [86.9.19.6]) by smtp.gmail.com with ESMTPSA id h81-v6sm33963941wmd.0.2018.05.30.07.34.17 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 30 May 2018 07:34:17 -0700 (PDT) Date: Wed, 30 May 2018 15:34:15 +0100 From: Daniel Thompson To: Nick Desaulniers Cc: Arnd Bergmann , Jason Wessel , Randy Dunlap , Baolin Wang , "Eric W. Biederman" , kgdb-bugreport@lists.sourceforge.net, Linux Kernel Mailing List , ebiggers@google.com Subject: Re: [PATCH] kdb: prefer strlcpy to strncpy Message-ID: <20180530143415.ksc6fb4zo6m7xb25@holly.lan> References: <1527573427-16569-1-git-send-email-nick.desaulniers@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180512 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 29, 2018 at 07:01:35PM -0700, Nick Desaulniers wrote: > On Tue, May 29, 2018 at 12:57 AM, Arnd Bergmann wrote: > > On Tue, May 29, 2018 at 7:57 AM, Nick Desaulniers > > wrote: > >> Fixes stringop-truncation and stringop-overflow warnings from gcc-8. > > > > That patch description should really explain whether gcc is right or not. What's > > the worst thing that could happen here? > > > > I would also recommend citing the exact warning you got. > > > >> diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c > >> index ed5d349..b5dfff1 100644 > >> --- a/kernel/debug/kdb/kdb_io.c > >> +++ b/kernel/debug/kdb/kdb_io.c > >> @@ -443,7 +443,7 @@ static char *kdb_read(char *buffer, size_t bufsize) > >> char *kdb_getstr(char *buffer, size_t bufsize, const char *prompt) > >> { > >> if (prompt && kdb_prompt_str != prompt) > >> - strncpy(kdb_prompt_str, prompt, CMD_BUFLEN); > >> + strlcpy(kdb_prompt_str, prompt, CMD_BUFLEN); > >> kdb_printf(kdb_prompt_str); > >> kdb_nextline = 1; /* Prompt and input resets line number */ > >> return kdb_read(buffer, bufsize); > >> diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c > >> index e405677..c30a0d8 100644 > >> --- a/kernel/debug/kdb/kdb_main.c > >> +++ b/kernel/debug/kdb/kdb_main.c > >> @@ -1103,12 +1103,12 @@ static int handle_ctrl_cmd(char *cmd) > >> case CTRL_P: > >> if (cmdptr != cmd_tail) > >> cmdptr = (cmdptr-1) % KDB_CMD_HISTORY_COUNT; > >> - strncpy(cmd_cur, cmd_hist[cmdptr], CMD_BUFLEN); > >> + strlcpy(cmd_cur, cmd_hist[cmdptr], CMD_BUFLEN); > >> return 1; > >> case CTRL_N: > >> if (cmdptr != cmd_head) > >> cmdptr = (cmdptr+1) % KDB_CMD_HISTORY_COUNT; > >> - strncpy(cmd_cur, cmd_hist[cmdptr], CMD_BUFLEN); > >> + strlcpy(cmd_cur, cmd_hist[cmdptr], CMD_BUFLEN); > >> return 1; > >> } > >> return 0; > > > > Those three all look good. > > > >> diff --git a/kernel/debug/kdb/kdb_support.c b/kernel/debug/kdb/kdb_support.c > >> index 990b3cc..dcfbf8f 100644 > >> --- a/kernel/debug/kdb/kdb_support.c > >> +++ b/kernel/debug/kdb/kdb_support.c > >> @@ -236,7 +236,7 @@ int kallsyms_symbol_next(char *prefix_name, int flag) > >> > >> while ((name = kdb_walk_kallsyms(&pos))) { > >> if (strncmp(name, prefix_name, prefix_len) == 0) { > >> - strncpy(prefix_name, name, strlen(name)+1); > >> + strlcpy(prefix_name, name, prefix_len); > >> return 1; > >> } > > > > I don't know what this does, but you are changing the behavior: the previous > > 'strlen(name)+1' argument was the size of the source string (which makes > > the strncpy() behave the same as a plain strcpy()), the new one means > > we only copy at most as many bytes as the previous length of the destination > > string. > > > > Is that intended? If yes, better explain it in the patch description. > > > > Arnd > > Eric points out that this will leak kernel memory if size is less than > sizeof src. Don't quite understand what this means (there's no allocation here, how can there be a leak?) but the symbol completion certainly won't work if we truncate the copy here. My understanding is that the only way to make this overflow safe is to change the signature of kallsyms_symbol_next() so it takes a max_len argument similar to what is done for kallsyms_symbol_complete(). It might even be worth using strscpy() here and propagating the -E2BIG to the caller. That allows the caller to print the partial symbol and an elipsis to show the user that the symbol has been truncated. Daniel.