Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp682665imu; Fri, 25 Jan 2019 09:06:50 -0800 (PST) X-Google-Smtp-Source: ALg8bN7P06sGDVqz168bw8a7h52nzYHjY6LzWrQbZhTTeXLc2qpPqzgSKjoz8a0uaJSbM8kT2gue X-Received: by 2002:a17:902:6bc9:: with SMTP id m9mr11581030plt.173.1548436010203; Fri, 25 Jan 2019 09:06:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548436010; cv=none; d=google.com; s=arc-20160816; b=zBdFjMLwu4cJiZMzbSJd3ZP2zcxCf/8plGJxNT600AbFfVO6kBwD28dgZX6xaxsRdM qW3i8VCA8PcnLtFxCtu44pbWY5f3KaS+Fvxe9lhtP9jHvuggzbiSU2V8L/Jmkb3sAgkZ A+zDgg0aYhGFAy+WyAZAyonAo6aypFvT7NZ9aDHN3LWpMeqLZYdsb+897OLEfAC/bRMH fHlb3M7p1BEeuiJBuZCK9I/Nu+zA3SL648u7SB8cpA4Ke0g0t81f+836rU0WvUdGGJTM JPOmfJxxE9oJrTDFC7v6TDzuYdlrMjp02GXWR/keLv7OImsZitY0OpyJxoh/FtJhknC/ MZqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=JUabPGz8yxEC1nqOm2ma+2b8lb7Wa5vt/5vpF/8V8jA=; b=MoyD/kyMSPTgXwz0iHh6+7D2ENzKouc0lUD4HS/b7pWhz/la/f69kPtapDhOruKWdO 0o+VwGu6JKwkFn4J4mBohylLZdb6kAO8CShY26aVReQd8rnLr2G49G32Cg0T41gMlMq1 dcIiiEl0oN/cIIKC8IHEj+M7StofQm1leEMJ82xnTwOTK29ybm7mH5Uyn7EkYFtplM/5 ZULYecz65psfKbJszcE/qE7SrWwYpaU3fkCCKsBE4qLcvdUuyx0bBdC4xB8G4bCYAqtq GTIPgB9deaVPT5FXUTQi1Dyor35val36zkNcV7TC7Ke8X5sgGF5m7M9/1YXZccKQh0TW 0TzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=H5x5AUP8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u69si25806070pfj.219.2019.01.25.09.06.34; Fri, 25 Jan 2019 09:06:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=H5x5AUP8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728958AbfAYRGS (ORCPT + 99 others); Fri, 25 Jan 2019 12:06:18 -0500 Received: from mail-vk1-f195.google.com ([209.85.221.195]:44675 "EHLO mail-vk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726311AbfAYRGS (ORCPT ); Fri, 25 Jan 2019 12:06:18 -0500 Received: by mail-vk1-f195.google.com with SMTP id h128so2278543vkg.11 for ; Fri, 25 Jan 2019 09:06:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JUabPGz8yxEC1nqOm2ma+2b8lb7Wa5vt/5vpF/8V8jA=; b=H5x5AUP8IWsNn7ChNxbTAS39D80wbTm3Y0ZS3bG8D5NqWjTRQg2VximVPdpjdii7WZ p/kWB3+wBZav1Hg5Uww9neGCL763af0VE4p/TN8AXtgpqkR+4zYRvFD4om1w33VNPQST V12qOHkrF4OAPb8r14y/QEB6w7CHq5A0+/yjs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JUabPGz8yxEC1nqOm2ma+2b8lb7Wa5vt/5vpF/8V8jA=; b=kn06QebRWLfILTARIE1ZZ8r9AkPZcGrbkCasHHTSPpTxVFFlRWYiGaSCVfij78Egz8 VdKT2u9uONwmLQDdTwJj++qlsgZUr2P+DMOCBcZtEtwSq8lbQ1yw3qXVFEVbjKbnRREa Tjfzl0xqfe8oIQMXrUdAdBh4OyDF14IWaJSGn+hkPiMsjzXFSk73gy0muNWYMSIxPVxE HP/Pn6cIgvVUptct7qOzdsQkN5E+2no+BjIsCOuWyQlPsq8bc+vs7dGjLb+pqw6hOO8i nMEW+O3WD6630vdKmAbZDdmzal57JGYftH0E16zMMCD8ZIfDUNl6Q7cdXm94cN5zAzA+ eyIg== X-Gm-Message-State: AJcUukeXJvoLSIoIfhfWy8TwGM6UcRCRvWcmbLRdzYbtfAte/OaqlswW rDq8LiTSJe4Qp98AgwCeuWvM4rFdkmg= X-Received: by 2002:a1f:9042:: with SMTP id s63mr4564391vkd.17.1548435976015; Fri, 25 Jan 2019 09:06:16 -0800 (PST) Received: from mail-vk1-f171.google.com (mail-vk1-f171.google.com. [209.85.221.171]) by smtp.gmail.com with ESMTPSA id a137sm28755320vsd.24.2019.01.25.09.06.14 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 25 Jan 2019 09:06:14 -0800 (PST) Received: by mail-vk1-f171.google.com with SMTP id b18so2286664vke.2 for ; Fri, 25 Jan 2019 09:06:14 -0800 (PST) X-Received: by 2002:a1f:3d10:: with SMTP id k16mr4753889vka.13.1548435973936; Fri, 25 Jan 2019 09:06:13 -0800 (PST) MIME-Version: 1.0 References: <20190118193200.32691-1-malat@debian.org> In-Reply-To: From: Kees Cook Date: Sat, 26 Jan 2019 06:06:02 +1300 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] writeback: tracing: Copy only up to 31 characters in strncpy() calls To: Mathieu Malaterre Cc: Nick Desaulniers , Steven Rostedt , Ingo Molnar , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 25, 2019 at 9:18 PM Mathieu Malaterre wrote: > > On Fri, Jan 25, 2019 at 5:26 AM Nick Desaulniers > wrote: > > > > On Fri, Jan 18, 2019 at 11:32 AM Mathieu Malaterre wrote: > > > > > > In the past an attempt was made to remove a set of warnings triggered by > > > gcc 8.x and W=1 by changing calls to strncpy() into strlcpy(). This was > > > rejected as one of the desired behavior is to keep initializing the rest > > > of the destination string whenever the source string is less than the > > > size. > > > > > > However the code makes it clear that this is not a desired behavior to > > > copy the entire 32 characters into the destination buffer, since it is > > > expected that the string is NUL terminated. So change the maximum number > > > of characters to be copied to be the size of the destination buffer > > > minus 1. > > > > > > Break long lines and make this patch go through `checkpatch --strict` with > > > no errors. > > > > > > This commit removes the following warnings: > > > > > > include/trace/events/writeback.h:69:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation] > > > include/trace/events/writeback.h:99:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation] > > > include/trace/events/writeback.h:179:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation] > > > include/trace/events/writeback.h:223:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation] > > > include/trace/events/writeback.h:277:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation] > > > include/trace/events/writeback.h:299:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation] > > > include/trace/events/writeback.h:324:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation] > > > include/trace/events/writeback.h:375:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation] > > > include/trace/events/writeback.h:586:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation] > > > include/trace/events/writeback.h:660:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation] > > > > > > Cc: Nick Desaulniers > > > Link: https://lore.kernel.org/patchwork/patch/910830/ > > > Signed-off-by: Mathieu Malaterre > > > --- > > > include/trace/events/writeback.h | 30 ++++++++++++++++++++---------- > > > 1 file changed, 20 insertions(+), 10 deletions(-) > > > > > > diff --git a/include/trace/events/writeback.h b/include/trace/events/writeback.h > > > index 32db72c7c055..7bc58980f84f 100644 > > > --- a/include/trace/events/writeback.h > > > +++ b/include/trace/events/writeback.h > > > @@ -67,7 +67,8 @@ TRACE_EVENT(writeback_dirty_page, > > > > > > TP_fast_assign( > > > strncpy(__entry->name, > > > - mapping ? dev_name(inode_to_bdi(mapping->host)->dev) : "(unknown)", 32); > > > + mapping ? dev_name(inode_to_bdi(mapping->host)->dev) : > > > + "(unknown)", sizeof(__entry->name) - 1); > > > > Does strncpy guarantee that destination will be NULL terminated if > > (sizeof(src) > sizeof(dst)) || (32 > sizeof(dst))? > > No, that's the point here: > > https://www.kernel.org/doc/htmldocs/kernel-api/API-strncpy.html > > ... > The result is not NUL-terminated if the source exceeds count bytes. > > In the case where the length of src is less than that of count, the > remainder of dest will be padded with NUL. > ... > > One should use strlcpy for the use case you describe: > > https://www.kernel.org/doc/htmldocs/kernel-api/API-strlcpy.html Please use strspy() -- strlcpy() will read the source beyond the length limit. https://www.kernel.org/doc/htmldocs/kernel-api/API-strscpy.html -- Kees Cook