Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp32092imm; Tue, 5 Jun 2018 14:29:10 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKEV49XygIKB0qScPyRSj33OM5vVxDIUu3tNbXNtTSJ2lVVvOjrvdHdsx8yRXCvi17dFlBV X-Received: by 2002:a62:d0c5:: with SMTP id p188-v6mr279227pfg.101.1528234150037; Tue, 05 Jun 2018 14:29:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528234150; cv=none; d=google.com; s=arc-20160816; b=X5t8Remxuayfs5TCrp8Xenoh7sN8eaFrkJds4jbvbCcNfzTQ7LYujcfSYz7YowUCPj M0gGRxnQA7M7jwPjpDqBTlESbegCEINx7PTA4WX46t2BTylfuo8bDhMvEOMM5oYP2bs0 4i8eNx5OFH+US8xbcaSrvfdfb76Dmljbm8lIsYNls+f0sBq8H/cR5zWnJInrUdto9min Wu30odgh9fqT5ReYJMnyP7+HIsCKf9BaSTAYb6TKrTgzxvTLNlhm/BL0lQTnslXzYI05 9s7cuCfUsbYbJopwSofkSBS4B46TtAl1OPtkc9x1dMwkVoxMC3h4bZrTK++1C6nfj28Y GHCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:cc:references:to :subject:dkim-signature:arc-authentication-results; bh=XCiaUmOtfvSmPVZ3fFdcsj+69DU8hVBbAXnEbKqZgTQ=; b=wRVY08aHkhkcYZdrpYWTtr5YXAdhT62PxYjLVVAKrLoLp5J7VvHTvisdMXYjTc6d+t fO8Sr6pDhiBIh/I7AbqEsJUh3t47kQ/MTa5sqWMp1I8Kp/FNqb9XLl2SdnLMDsRZK4cI OwuLVP8H8yGEKWdVMxfdhuVHrfSyBEMsBupACS4cT8D0TpGIc6PaSSLNQIe4Gbvx7Jm3 n7qMByd5uzEMCJS0K0MgIROcG9MHob6Uslz1ts7qoQWeEak+ILBs0S6RRHvSA2kKXz0M UzuPOJoY9D0ZK2Zi6XlGshIXJX+EZ3GugIOW1+7bYDuhVndStt47gjFS6MzcrCeGex5S WnyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Z8oyTA6o; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q8-v6si1172389pgr.549.2018.06.05.14.28.55; Tue, 05 Jun 2018 14:29:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Z8oyTA6o; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752213AbeFEV21 (ORCPT + 99 others); Tue, 5 Jun 2018 17:28:27 -0400 Received: from mail-oi0-f65.google.com ([209.85.218.65]:33717 "EHLO mail-oi0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751689AbeFEV2Z (ORCPT ); Tue, 5 Jun 2018 17:28:25 -0400 Received: by mail-oi0-f65.google.com with SMTP id c6-v6so2386268oiy.0; Tue, 05 Jun 2018 14:28:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=XCiaUmOtfvSmPVZ3fFdcsj+69DU8hVBbAXnEbKqZgTQ=; b=Z8oyTA6oXCyifFYyYzyYAT5ASMaRfVl/m8vOjHER/n8Mvbt85u/SKAR2hbaPkP0dZs knxWGy8W+e60lwhJhPWuBk3g75w7hHgmkepegOrooe60B2tRCUpWIZQjXu5qUbtOpI+u gwu/A9XgkNbipJp9Vrp8kUeFbJqM7osYu2cE+HLhhekKNrBiwJ6cFy4Ax7dun9/fgzVn YXu983hvyPkyGzhrJELIsiTjKyCQPOAc3jD3Ds3lpgQh2Y3O2n2hQ9rBd7OtEHxL6rqX 1uAq9/JqAyER4snMrxdq724WY0zjqwYXoOkF91sOaWv06/IsrVCTKJgXSKapyec+lkN6 OWaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=XCiaUmOtfvSmPVZ3fFdcsj+69DU8hVBbAXnEbKqZgTQ=; b=C6qPdSR32bbjmjYtMDYfwiSLCzeDw8UFP+L+Nrt5Q5E0uZXBhfIIKCR54Toe+lJbJE 2ybnIqlS9Fx6BSRtTOeHZyoEoyBtZ/X47saAJBK9qoL0G1s+gBfyIQGYa1/npVK6nvA0 y0sYmcU7iJp2jMVqx63fW7UkXXOuLDjW+9MqUbhlYmxA24PH0KyR/La0Gz+Y5Ar9Nb6L PF6S3CBOlpm+O2Vy18updE1euIqgrhzLC8qpVwjN3sjr4bKtmahz4s3n75bw39Jh6GUc Zf8zKARs3Bm90WeutfRQjM+LSb+POkzgsS6tqHYjdPTJpvzyJlF13d1mhAZiJw/YbDP5 T+Ow== X-Gm-Message-State: APt69E1y8ftTIIf9aeGeABt3cFrgQLX26U4hQuVS4cpBG0XYRmgF190g IeFZNr8z+0IphkJxilrMVCsPpA== X-Received: by 2002:aca:ce03:: with SMTP id e3-v6mr195368oig.340.1528234104431; Tue, 05 Jun 2018 14:28:24 -0700 (PDT) Received: from localhost.localdomain (75-166-107-65.hlrn.qwest.net. [75.166.107.65]) by smtp.gmail.com with ESMTPSA id v8-v6sm7931988oti.35.2018.06.05.14.28.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Jun 2018 14:28:23 -0700 (PDT) Subject: Re: [PATCH V2] xfs: fix string handling in get/set functions To: Eric Sandeen , Arnd Bergmann , "Darrick J. Wong" , linux-xfs@vger.kernel.org References: <20180525151421.2317292-1-arnd@arndb.de> <7aad9fc3-ed65-a016-d477-5d830e31cb43@sandeen.net> Cc: Eric Sandeen , Brian Foster , Dave Chinner , Dan Williams , Ross Zwisler , linux-kernel@vger.kernel.org From: Martin Sebor Message-ID: <3623eb64-1549-f3ad-d50b-dfe98781b119@gmail.com> Date: Tue, 5 Jun 2018 15:28:21 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <7aad9fc3-ed65-a016-d477-5d830e31cb43@sandeen.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/05/2018 01:49 PM, Eric Sandeen wrote: > From: Arnd Bergmann > > [sandeen: fix subject, avoid copy-out of uninit data in getlabel] > > gcc-8 reports two warnings for the newly added getlabel/setlabel code: > > fs/xfs/xfs_ioctl.c: In function 'xfs_ioc_getlabel': > fs/xfs/xfs_ioctl.c:1822:38: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] > strncpy(label, sbp->sb_fname, sizeof(sbp->sb_fname)); > ^ > In function 'strncpy', > inlined from 'xfs_ioc_setlabel' at /git/arm-soc/fs/xfs/xfs_ioctl.c:1863:2, > inlined from 'xfs_file_ioctl' at /git/arm-soc/fs/xfs/xfs_ioctl.c:1918:10: > include/linux/string.h:254:9: error: '__builtin_strncpy' output may be truncated copying 12 bytes from a string of length 12 [-Werror=stringop-truncation] > return __builtin_strncpy(p, q, size); > > In both cases, part of the problem is that one of the strncpy() > arguments is a fixed-length character array with zero-padding rather > than a zero-terminated string. In the first one case, we also get an > odd warning about sizeof-pointer-memaccess, which doesn't seem right > (the sizeof is for an array that happens to be the same as the second > strncpy argument). > > To work around the bogus warning, I use a plain 'XFSLABEL_MAX' for > the strncpy() length when copying the label in getlabel. For setlabel(), > using memcpy() with the correct length that is already known avoids > the second warning and is slightly simpler. > > In a related issue, it appears that we accidentally skip the trailing > \0 when copying a 12-character label back to user space in getlabel(). > Using the correct sizeof() argument here copies the extra character. > > Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85602 > Fixes: f7664b31975b ("xfs: implement online get/set fs label") > Cc: Eric Sandeen > Cc: Martin Sebor > Signed-off-by: Arnd Bergmann > Signed-off-by: Eric Sandeen > --- > > diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c > index 82f7c83c1dad..596e176c19a6 100644 > --- a/fs/xfs/xfs_ioctl.c > +++ b/fs/xfs/xfs_ioctl.c > @@ -1828,13 +1828,13 @@ xfs_ioc_getlabel( > /* Paranoia */ > BUILD_BUG_ON(sizeof(sbp->sb_fname) > FSLABEL_MAX); > > + /* 1 larger than sb_fname, so this ensures a trailing NUL char */ > + memset(label, 0, sizeof(label)); > spin_lock(&mp->m_sb_lock); > - strncpy(label, sbp->sb_fname, sizeof(sbp->sb_fname)); > + strncpy(label, sbp->sb_fname, XFSLABEL_MAX); > spin_unlock(&mp->m_sb_lock); I don't see this code in my copy of the kernel so I may be missing some context but assuming label is at least one byte larger than sb_fname then the following would be how GCC expects strncpy to be used in this case: char label[sizeof sbp->sb_fname + 1]; strncpy (label, sbp->sb_fname, sizeof label - 1); label[sizeof label - 1] = '\0'; Since strncpy() zeroes out the destination past the first nul this should also obviate the call to memset() above that GCC unfortunately doesn't eliminate (I just opened bug 86061 to add this optimization). Martin > > - /* xfs on-disk label is 12 chars, be sure we send a null to user */ > - label[XFSLABEL_MAX] = '\0'; > - if (copy_to_user(user_label, label, sizeof(sbp->sb_fname))) > + if (copy_to_user(user_label, label, sizeof(label))) > return -EFAULT; > return 0; > } > @@ -1870,7 +1870,7 @@ xfs_ioc_setlabel( > > spin_lock(&mp->m_sb_lock); > memset(sbp->sb_fname, 0, sizeof(sbp->sb_fname)); > - strncpy(sbp->sb_fname, label, sizeof(sbp->sb_fname)); > + memcpy(sbp->sb_fname, label, len); > spin_unlock(&mp->m_sb_lock); > > /* >