Received: by 2002:ac0:b08d:0:0:0:0:0 with SMTP id l13csp4685091imc; Mon, 25 Feb 2019 09:07:56 -0800 (PST) X-Google-Smtp-Source: AHgI3IZ1vty7H/IxtPIkzUlg07QscOE0F+gSLX++M+n4JTcKhO7iNgw6NaYT2wUCPgR9mwnQUf6v X-Received: by 2002:aa7:8847:: with SMTP id k7mr20923470pfo.99.1551114476638; Mon, 25 Feb 2019 09:07:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551114476; cv=none; d=google.com; s=arc-20160816; b=rQhHvFIbz4wFnHMsXds1jwiurKKuRCjedKYS3oE+D4abCfmo1iOqQ/LLTS78zNwmC/ BbW34vQCoLxGHpm+QYQKYiUbYHiawsQ8/YRsLwlNoHQcgSgNFD85Zj7ND9bD87jWGOow tJ0MIStim1YEXRE0pFY593Uqz9DETRmeVCM7sQgwuTAfXO3TVMYwxMXOmILY0i1p8s84 San/9uBzrvV03+h2dImLuGsKnlEQuqdDMzhdCYUXVyjC6Up+Hu44+680ks2/XYYnfiM3 0ua3IuQqFq7DTOQ+YAMf3yWriAaYL1J9R4Z4/n0GZ/bPelRSooyF7mrY4zNigujbf3Jj jKwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=VGrG0c4LCo2Ok2zh+rPj7/ynCvqIdVeBdBz8/T+Z01I=; b=se9xIAvJbpMhpzVxAlB1PPfRm6QeHdsxx2jVeMR7sl6ot34RbXryuPSFIDbuQPoIsu cduzMPdVMTbe7sqfJ3i2CqXzP2l6s2ZOHFR4LVF9fWbWMxa3aFLC26q4nXyaMKuS/pjY Of4k4tapIqAIBYgE8x6WNUpMOtHBOB5f01zh2Hy3nTTE01WZQDA2DDycJMxup/qIzvw9 JjVowvgv6vFdxi4vBFKCLHCWMlHha+NmtMmboe6il2U34YTr6uMI8CfRJzwwHhsmMj8p tFgqeIJa7zxPavk6tc+xp59LsW6B8hmvzZd7qCET4BaTcfp7EANACA9jFioAfvv4LFDL 0NAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=GXtBAyP8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b9si10636448plb.350.2019.02.25.09.07.40; Mon, 25 Feb 2019 09:07:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=GXtBAyP8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728436AbfBYRHL (ORCPT + 99 others); Mon, 25 Feb 2019 12:07:11 -0500 Received: from mail-vk1-f195.google.com ([209.85.221.195]:33238 "EHLO mail-vk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728028AbfBYRHL (ORCPT ); Mon, 25 Feb 2019 12:07:11 -0500 Received: by mail-vk1-f195.google.com with SMTP id l62so2287507vkh.0 for ; Mon, 25 Feb 2019 09:07:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VGrG0c4LCo2Ok2zh+rPj7/ynCvqIdVeBdBz8/T+Z01I=; b=GXtBAyP8gtN2ST5K7velqc1rOZQRDeSK3Goz7EER0M04+yeSzHeJRjuqtL2SqL2IHa +hrjOyhyUO1ad82KWZj6660dm0FLgRswhAb9eBARs9FPBA8Ns1baVre5I4qj2M9Twiii xdNhlRC21Qg0u4EyBrVutt+s3sImYl1UAvgLM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VGrG0c4LCo2Ok2zh+rPj7/ynCvqIdVeBdBz8/T+Z01I=; b=ZdTLlwDiYAt4juWcY2++btg/h4RUOk2bvAho3X6g3bvfrBcMX9jfMd9XdTq4Er04uR 4HTj2R7lAXGHzpTfy/F28OuFmaZlGz9VQ70Tx/TuXcXwURIkbQHimlSTcf+UU3ry0zbv YPJAcX1n7zQcbG4Hx1ZUWe7T4yBzvTG8PWgnjyBVTdEZt5EWLHrZxSPk+m9pQlojo7U7 1tqObNYYU2P0jkZLnJOJ7ya3e8B3M8etYDbXjffuqpbR0GPSoGY3sLST2tBbFVPkTbpq DccrCPHWOi1khxi/vta2MSwEd0tn0/OzRuEwuqwZ0EISBWNvUBp5M5A1V686w3gnEPYY BsbQ== X-Gm-Message-State: AHQUAuaiMUEoJvmSNK3FoRXH/e7lumiGHEg21ge/99N4fm5jvSAjiZpe cemepXSHvwZDhwdEIVdQMzEzFKA0FJE= X-Received: by 2002:a1f:2ccb:: with SMTP id s194mr9942171vks.20.1551114429058; Mon, 25 Feb 2019 09:07:09 -0800 (PST) Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com. [209.85.222.49]) by smtp.gmail.com with ESMTPSA id a64sm2083996uaa.1.2019.02.25.09.07.07 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 25 Feb 2019 09:07:08 -0800 (PST) Received: by mail-ua1-f49.google.com with SMTP id z24so9023484ual.8 for ; Mon, 25 Feb 2019 09:07:07 -0800 (PST) X-Received: by 2002:a9f:2709:: with SMTP id a9mr9544336uaa.10.1551114427263; Mon, 25 Feb 2019 09:07:07 -0800 (PST) MIME-Version: 1.0 References: <155110348217.21156.3874419272673328527.stgit@devbox> <155110354092.21156.13871336589042178985.stgit@devbox> In-Reply-To: <155110354092.21156.13871336589042178985.stgit@devbox> From: Kees Cook Date: Mon, 25 Feb 2019 09:06:55 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH 2/4] uaccess: Add non-pagefault user-space read functions To: Masami Hiramatsu Cc: Steven Rostedt , Linus Torvalds , LKML , Andy Lutomirski , Ingo Molnar , Andrew Morton , Changbin Du , Jann Horn , Andy Lutomirski , Alexei Starovoitov , Nadav Amit , Peter Zijlstra Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 25, 2019 at 6:06 AM Masami Hiramatsu wrote: > +static __always_inline long strncpy_from_unsafe_common(char *dst, > + const char __user *unsafe_addr, long count) > +{ > + const char __user *src = unsafe_addr; > + int ret; > + > + pagefault_disable(); > + do { > + ret = __get_user(*dst++, src++); > + } while (dst[-1] && ret == 0 && src - unsafe_addr < count); > + dst[-1] = '\0'; > + pagefault_enable(); > + > + return ret ? -EFAULT : src - unsafe_addr; > +} I'm all for always NUL-truncating, but this isn't "strncpy" (which has the buggy maybe-I-didn't-NUL-terminate behavior). Can we call this strscpy_...() instead? -- Kees Cook