Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp156680img; Mon, 25 Feb 2019 20:08:08 -0800 (PST) X-Google-Smtp-Source: AHgI3IaeyZGTxJu1vH6IBhN2XZYxesJeTBRdwO0Rx08Mo7z4kvf+mgYxg7qeyGEk7yFloG9w7Y/+ X-Received: by 2002:a62:5444:: with SMTP id i65mr24459609pfb.193.1551154088524; Mon, 25 Feb 2019 20:08:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551154088; cv=none; d=google.com; s=arc-20160816; b=ySiobBsJ7Ln0hzRZJevGkBdHy5wvnJReYoaj+kPP0BvUEMfuIdWXLQNhGBxOCl412R bI+yOAixhgYcWfDBLzhlmsCJBmTma9UeSkI7ZqKQHQYe4n6fhqbsz3keaQt1rhAOIJX4 8Mec7LM7BOJmeuG+2AMHfwr7quHxhegjPtj7ulaH0eQAsY43TsaaYv6/PMoZUqCartT6 V02Ju46aLh/LVnvxz9902lOTQ4gwlCIt8+4IfpEy1+zy9CHotaFJsFwgkl/4UWV9em5k XygKuOsdvPex12oj1w219SBMaGC6NA8VIXBiGYi7tANTNIulBH5uoIRw8WtvlPs9oZW4 RuVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=0Fk+RbRiX+o6rlsmdXtkd0g7lpEH0R+i/ypKGs1UOjA=; b=vzGkTGFCwFzyL2zUY6gnPcAO/YsdZhmp0Jp9lG1fYJFH2L21EniZmkUv4ecxV8Mwui AKUt/6iopkFYVER8xUbyd+ZtGulpd0gYOk9TS4OVFWoeJV1thSimlpczXXg7+MqB2p08 +tmoq/xf6kwQYispzoZQvW9a62PoEkc0f4aTyOflaamwqXFImbbGzih+aXNMHRyB1j8Y nZ97SIVDu8C1G0ZJkhOahXQD806wxBpgqVBtS8YxutjQQ+BWKXE3DdsyeSS3La6O579n G5TszjqUyBXNszM0qBc2Kmj0s0ZTViZsQwx9xXWd47KKlxyD4zMagEfy+Q7jGVV1zQwN y/bA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=KqTmpqhF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d186si11857413pfg.50.2019.02.25.20.07.53; Mon, 25 Feb 2019 20:08:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=KqTmpqhF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726037AbfBZEHZ (ORCPT + 99 others); Mon, 25 Feb 2019 23:07:25 -0500 Received: from mail.kernel.org ([198.145.29.99]:33608 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725877AbfBZEHZ (ORCPT ); Mon, 25 Feb 2019 23:07:25 -0500 Received: from devnote (NE2965lan1.rev.em-net.ne.jp [210.141.244.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 58F7A217F5; Tue, 26 Feb 2019 04:07:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1551154044; bh=VjPoOH/+HAWVrIll1HwhZ3tv1aOYkduvESyiKiY6pfI=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=KqTmpqhFi+sUqOsYydMxd/knoAkHw/DegEo0MZNGv8LJib0cCxHzRH64a9eslr42c H1T16PcbwYAE5kwAOcq8Lq5Slj+eoQj2wEYfeU/EGX98/t5drCJhw8uIAUwx8J2IrT 1sDoBPzv/V403uuGPOUxO4iFM5T5gzU0kVuti1ZI= Date: Tue, 26 Feb 2019 13:07:20 +0900 From: Masami Hiramatsu To: Kees Cook Cc: Steven Rostedt , Linus Torvalds , LKML , Andy Lutomirski , Ingo Molnar , Andrew Morton , Changbin Du , Jann Horn , Andy Lutomirski , Alexei Starovoitov , Nadav Amit , Peter Zijlstra Subject: Re: [RFC PATCH 2/4] uaccess: Add non-pagefault user-space read functions Message-Id: <20190226130720.189c882ce8355bb605d1ca9d@kernel.org> In-Reply-To: References: <155110348217.21156.3874419272673328527.stgit@devbox> <155110354092.21156.13871336589042178985.stgit@devbox> X-Mailer: Sylpheed 3.5.0 (GTK+ 2.24.30; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Kees, On Mon, 25 Feb 2019 09:06:55 -0800 Kees Cook wrote: > On Mon, Feb 25, 2019 at 6:06 AM Masami Hiramatsu wrote: > > +static __always_inline long strncpy_from_unsafe_common(char *dst, > > + const char __user *unsafe_addr, long count) > > +{ > > + const char __user *src = unsafe_addr; > > + int ret; > > + > > + pagefault_disable(); > > + do { > > + ret = __get_user(*dst++, src++); > > + } while (dst[-1] && ret == 0 && src - unsafe_addr < count); > > + dst[-1] = '\0'; > > + pagefault_enable(); > > + > > + return ret ? -EFAULT : src - unsafe_addr; > > +} > > I'm all for always NUL-truncating, but this isn't "strncpy" (which has > the buggy maybe-I-didn't-NUL-terminate behavior). Can we call this > strscpy_...() instead? Yes, it is easy to me to fit it to strscpy spec and caller side too. But if we reuse strncpy_from_user() as Linus suggested, it may be better keep it or write a wrapper, since this function spec is still a bit different from strscpy (this doesn't return -E2BIG but returns the copied length of the string with NULL terminal byte). Thank you, -- Masami Hiramatsu