Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp29383imm; Tue, 5 Jun 2018 14:25:38 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKPLcm3gAw/az60ln0Lme2Ikge0LStFxOCZV7yfoT0dpqJe8Ik1CB485H4H6duQkK+rxp5l X-Received: by 2002:a17:902:301:: with SMTP id 1-v6mr284365pld.127.1528233938031; Tue, 05 Jun 2018 14:25:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528233938; cv=none; d=google.com; s=arc-20160816; b=jnKqZsEKOJjPfPbd8XmCoXhZzufuk9m2pqsdMULyJaGLxvJQtyLB98YKZw0kv1AnDH KM4oTiSP4KqXCuMjlKKiFIthT8aTEvQMgR8WV8Bz1OqKc55uWXR3DbiAPy+a0t5CDQm1 82mUizyQBWipdOzvAHMXG1HvoCNK8r8b+3b7xFXoE3W9HsJHHrTGJkhiY07EwkswWnb6 gRcvDIJ9On1v2XClLLduyvfus1xxfaaWWF4x62wYNdg/69NLQ9AnON4VzPJ+R/gviNPw UtWPuKkE0ezRR/56BA9IgkhYI+kLrtQmXGqdEBGID5zmvr3KLqW2oXDxsW8wIf8Ff0nd raUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=Un9YVE4ImcQT4TX32yvEJQYXouhAcw+C80sN9P/+3zU=; b=d7D0E4UWNLoqensW61ZuJ3P1kW5mfvoS5cKhjs8Gnv8rPiwwoIqqIfRYLwu27S9Zfz CZuTGVXlnYE3hTJxkdwRGFSDMkBUcDOMlxx9RYEPXNYpms+8/zo3ZZLJMDD1INpmIrez YJ/lUu9il8ZxBo2+H3e0DwcggQMqDN3nLoxp3JmYTubuUttiIAHy9ze1jGkwGhf/mATl h8zkU2e9MNBxKwouGwN0S+QEfPqBJNpZdXfk8cd1cqOC46xkrtncJqLuZ0oRaXwqQ7PB M/E0a+fs3XQzB6KLDbVpXztL/9ISOcuhik5ehTjZbLOvoeYd7mhGkrpKDfzopocHbJ5V /OgQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=JG3rtrgm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y9-v6si39270354pgc.601.2018.06.05.14.25.23; Tue, 05 Jun 2018 14:25:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=JG3rtrgm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752552AbeFEVXi (ORCPT + 99 others); Tue, 5 Jun 2018 17:23:38 -0400 Received: from mail-lf0-f66.google.com ([209.85.215.66]:43197 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751780AbeFEVXg (ORCPT ); Tue, 5 Jun 2018 17:23:36 -0400 Received: by mail-lf0-f66.google.com with SMTP id n15-v6so5813943lfn.10; Tue, 05 Jun 2018 14:23:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Un9YVE4ImcQT4TX32yvEJQYXouhAcw+C80sN9P/+3zU=; b=JG3rtrgmzz0HuFRzc+XTefLK+D0D/coVZU5ohZSdMiTposrFIsTKwUVVyK5ZTTTdgE l2NGea2SI2nJL3rpJoq42Jy9x65IbuKX7NA3MJivTtjD0C3eo9kr4DcpPJQANdkMIbMf wF/2ehDCtAcb7vnTTltilmBYuX+b2u6b4BOBzsmmNnxFJYTKfCzfNSdWzTOwVuYwfkgm QX4Fuu/nNByg7b3R5NKcmgQayZGuQBtn8AKk/44jAMhcPMCRiSQrxe0VXS3tcChWTrtz Z3mmyZVEVEUUgmaKHBgdcPj82YXTDnzIRUOD4AXtwUouzLVB4rQVU3VVOgHKy9igjyNp W4kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=Un9YVE4ImcQT4TX32yvEJQYXouhAcw+C80sN9P/+3zU=; b=qtgqqePNrtFr5Jt3wL2vhyUiubgMbaZ49MXMAsZbw3XC7Jqw+bXrwEhnwUh9IINpn+ 3RIcpw+/el7arYXyi+zVCMGT8drG89pNWWGvKgjcUyZf4w012Il6JOQl9gaH/9asyevl Fk6GOKxQzrMuFWKoVw3NsENmoO8SI6NtyK7Fi+eoC0eYuHyQusi38SgXWI/czI+4KYNs uwa5pe9t8S4IFpGfqNxHU1MmP1gEWBf7Y8W83gaYOgJpDzRzZq51AiWEVs/pYtJHTI1t 65FuX9pkcMKyBcZ4ZDD8v/Uuxkzz5rHxeypCvxxfdAR6vONBGdbdhXRQAFUpsfVNiJhj 7HdQ== X-Gm-Message-State: APt69E2oP1NIhpAyktUtGBvQSPS8ps5aXNqI90s3buT5dbeQR+1Z5KzU QEAOtPK0rQoBq9F8wArxkNUW/Kf123qleqjmS+M= X-Received: by 2002:a2e:40d9:: with SMTP id r86-v6mr181253lje.19.1528233814935; Tue, 05 Jun 2018 14:23:34 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a2e:56c8:0:0:0:0:0 with HTTP; Tue, 5 Jun 2018 14:23:34 -0700 (PDT) In-Reply-To: References: <20180525151421.2317292-1-arnd@arndb.de> From: Arnd Bergmann Date: Tue, 5 Jun 2018 23:23:34 +0200 X-Google-Sender-Auth: 3oy363DO9g8Hwmj7s19uzvz7g4g Message-ID: Subject: Re: [PATCH] xfs: mark sb_fname as nonstring To: Eric Sandeen Cc: "Darrick J. Wong" , linux-xfs , Eric Sandeen , Martin Sebor , Brian Foster , Dave Chinner , Dan Williams , Ross Zwisler , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 5, 2018 at 8:44 PM, Eric Sandeen wrote: > On 5/25/18 10:14 AM, Arnd Bergmann wrote: >> diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c >> index 84fbf164cbc3..eb79f2bc4dcc 100644 >> --- a/fs/xfs/xfs_ioctl.c >> +++ b/fs/xfs/xfs_ioctl.c >> @@ -1819,12 +1819,12 @@ xfs_ioc_getlabel( >> BUILD_BUG_ON(sizeof(sbp->sb_fname) > FSLABEL_MAX); >> >> spin_lock(&mp->m_sb_lock); >> - strncpy(label, sbp->sb_fname, sizeof(sbp->sb_fname)); >> + strncpy(label, sbp->sb_fname, XFSLABEL_MAX); >> spin_unlock(&mp->m_sb_lock); >> >> /* xfs on-disk label is 12 chars, be sure we send a null to user */ >> label[XFSLABEL_MAX] = '\0'; >> - if (copy_to_user(user_label, label, sizeof(sbp->sb_fname))) >> + if (copy_to_user(user_label, label, sizeof(label))) > > I /think/ this also runs the risk of copying out stack memory. > > I'll send another proposal based on this with slight modifications. I assumed it's safe since the earlier strncpy() pads the local 'label' with zero bytes up the XFSLABEL_MAX, and the last byte is explicitly set to guarantee zero padding. Using strlcpy() or strscpy() would guarantee a zero-terminated string without the explicit ='\0' assignment but would risk the data leak you were probably thinking of. Arnd