Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp3834262ybf; Tue, 3 Mar 2020 13:49:49 -0800 (PST) X-Google-Smtp-Source: ADFU+vtRmEzYeKe+6nVDbuclihzZSMh1mmlk8rZ76Hwp5pLgIT3r2wGs8ZWVUL3r4WFGHKHpK0ab X-Received: by 2002:aca:5d57:: with SMTP id r84mr462964oib.42.1583272189588; Tue, 03 Mar 2020 13:49:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583272189; cv=none; d=google.com; s=arc-20160816; b=cxk9VrQW6kJQJ+eY/Tzdl4PaQo0hIhb80pUoNE83SUnDjl9ByxiQhXs7rlLU24lMML goanmPCGOYMmwDQwU9jEKq6XVANhiA/m06UCUwkMQxY5t7Udao77zNOq1sDdyKYTclxq mF/jHBBxGrtK/It66Sr9F++EK1nZ86GN+n2hji8coP41S/M0XH3Gt/QMqY8Y6Ls+yrMj 8cqCFtorpZvBPt4C2jRYQZzv0o6JjCsbAf4FnwQ0aYuhVH/uy9BmanCdiD661WJfCuaH jDAAVM1RxxGu0I5Jxckc3NDKBR2t8Jl+KVBYesXbZGVQqnDVSRCMv4B1o+QYcDFa3gd1 eYig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=ySvw2VElOoI+GxWwdqvLapZW7S1uwrffgeO7svUy80k=; b=Dn/EQxJqaZhxS79Whzib4cGt4Q7sQwIBLHlrdl+jMkmICvuYaps33bGTp3MIpIWVEk 1p9Qpu3zxMxOvQicKSBRuZ3WvtGWQ61l5vsP3xG97LOx0h3qz3V7G7lTvkGMKafVRJUO 5Z2jERi6a7cUgwKgjEgBAyDjQWbIhhH+vg0J0aTSBMepxmpYRncMZ35CKq7OaFT+ddY7 /86Nc2UcNd6tHfGIk/QapV+oP5ZGV9Z9iOHnoT0alAkJSKZcPIsm5tnkOykXqhUbcL36 xOj57G0WJSomNNJslXhxnj0nkNogw/Qp/Pfk6NbocffO8Ln6Up9Xkc34hF0vVxN2egCa 52sg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DIVZ+3pW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t5si3027493otr.30.2020.03.03.13.49.37; Tue, 03 Mar 2020 13:49:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DIVZ+3pW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732004AbgCCUxA (ORCPT + 99 others); Tue, 3 Mar 2020 15:53:00 -0500 Received: from mail-vs1-f67.google.com ([209.85.217.67]:42413 "EHLO mail-vs1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731796AbgCCUxA (ORCPT ); Tue, 3 Mar 2020 15:53:00 -0500 Received: by mail-vs1-f67.google.com with SMTP id w142so3351499vsw.9 for ; Tue, 03 Mar 2020 12:52:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ySvw2VElOoI+GxWwdqvLapZW7S1uwrffgeO7svUy80k=; b=DIVZ+3pWVbzuKToHdSMqua+XDKFW685uSgRxSDqtN80EEn2THAGD+9qpxgcE6WaJ/0 3fnHp8XrClvfRUtbSF1+afo1PciMZrjHCqs3+HZ+GgchXzD1hpI50Qp/kmsr1mFijGIy C9v5UnGj+C5SWlCdZRBMAFMoNGDxLr8CbzbGk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ySvw2VElOoI+GxWwdqvLapZW7S1uwrffgeO7svUy80k=; b=edkvX4TPej7d3/Zmq1VBvU+uf1PhtAnJ0dmJthlzzuVBCJAhi4HMy6JC6/DmcTu/IA 6TtG4pHJNhoGtI0G8K6HTf5q+0nwWKlJIue9MVNNqEgzoDTlYhmNH4vojfbSY0A2v6Jp W/KcMXB03NgzkQvonJiZwBMtSZXSTR6U914DW2PYgsbPKscpbVtQXhg6bJgl3yafN40Y SuRSHgwv+WokIvtrq6gL7aRFJ59n29FtSrv8dORc9iPtFvQzIgW8x7Fk17stadGgf6Pn Q3rreGn+skYsDi5KZwedCwC5actQFfPddYot5EH4FRdJcZkeZA4IYVPxNmQ2b79TEAIT HgRg== X-Gm-Message-State: ANhLgQ1grXZ77xyxa2VvHLgejrW/KOJRm+MEPTwKMH9APyCSuCkqrr56 XuvwCXmxQ66LORGKpFyQSl2ffkR/HWQ= X-Received: by 2002:a67:f557:: with SMTP id z23mr3519341vsn.21.1583268776787; Tue, 03 Mar 2020 12:52:56 -0800 (PST) Received: from mail-vs1-f53.google.com (mail-vs1-f53.google.com. [209.85.217.53]) by smtp.gmail.com with ESMTPSA id h16sm4472440uao.7.2020.03.03.12.52.56 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 03 Mar 2020 12:52:56 -0800 (PST) Received: by mail-vs1-f53.google.com with SMTP id u26so3388487vsg.2 for ; Tue, 03 Mar 2020 12:52:56 -0800 (PST) X-Received: by 2002:a67:e98e:: with SMTP id b14mr1311097vso.106.1583268775719; Tue, 03 Mar 2020 12:52:55 -0800 (PST) MIME-Version: 1.0 References: <20200213150553.313596-1-daniel.thompson@linaro.org> In-Reply-To: <20200213150553.313596-1-daniel.thompson@linaro.org> From: Doug Anderson Date: Tue, 3 Mar 2020 12:52:44 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] kdb: Eliminate strncpy() warnings by replacing with strscpy() To: Daniel Thompson Cc: Jason Wessel , kgdb-bugreport@lists.sourceforge.net, LKML , Patch Tracking Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Thu, Feb 13, 2020 at 7:06 AM Daniel Thompson wrote: > > Currently the code to manage the kdb history buffer uses strncpy() to > copy strings to/and from the history and exhibits the classic "but > nobody ever told me that strncpy() doesn't always terminate strings" > bug. Modern gcc compilers recognise this bug and issue a warning. > > In reality these calls will only abridge the copied string if kdb_read() > has *already* overflowed the command buffer. Thus the use of counted > copies here is only used to reduce the secondary effects of a bug > elsewhere in the code. > > Therefore transitioning these calls into strscpy() (without checking > the return code) is appropriate. > > Signed-off-by: Daniel Thompson > --- > kernel/debug/kdb/kdb_main.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c > index ba12e9f4661e..a4641be4123c 100644 > --- a/kernel/debug/kdb/kdb_main.c > +++ b/kernel/debug/kdb/kdb_main.c > @@ -1102,12 +1102,12 @@ static int handle_ctrl_cmd(char *cmd) > case CTRL_P: > if (cmdptr != cmd_tail) > cmdptr = (cmdptr-1) % KDB_CMD_HISTORY_COUNT; The above line (not touched by your patch) is slightly worrying to me. I always have it in mind that "%" of numbers that might be negative isn't an amazingly good idea. Some searches say that this must be true: a == (a / b * b) + a % b ...which makes it feel like this is totally broken because "cmdptr" will end up as -1. Huh? OK, after much digging and some printouts, I figured this out. cmdptr is _unsigned_ and KDB_CMD_HISTORY_COUNT is a power of 2 (it's 32) which makes this work. AKA if you start out at 0 and subtract 1, you get 0xffffffff and then that "% 32" is 31 which is the answer that was desired. Totally non-obvious. I guess a future change should make the above: cmdptr = (cmdptr + KDB_CMD_HISTORY_COUNT - 1) % KDB_CMD_HISTORY_COUNT; > - strncpy(cmd_cur, cmd_hist[cmdptr], CMD_BUFLEN); > + strscpy(cmd_cur, cmd_hist[cmdptr], CMD_BUFLEN); > return 1; > case CTRL_N: > if (cmdptr != cmd_head) > cmdptr = (cmdptr+1) % KDB_CMD_HISTORY_COUNT; > - strncpy(cmd_cur, cmd_hist[cmdptr], CMD_BUFLEN); > + strscpy(cmd_cur, cmd_hist[cmdptr], CMD_BUFLEN); > return 1; > } > return 0; > @@ -1314,7 +1314,7 @@ static int kdb_local(kdb_reason_t reason, int error, struct pt_regs *regs, > if (*cmdbuf != '\n') { > if (*cmdbuf < 32) { > if (cmdptr == cmd_head) { > - strncpy(cmd_hist[cmd_head], cmd_cur, > + strscpy(cmd_hist[cmd_head], cmd_cur, > CMD_BUFLEN); > *(cmd_hist[cmd_head] + > strlen(cmd_hist[cmd_head])-1) = '\0'; At first I thought the line after the strscpy() could now be removed, but then I realized that it was stripping yet one character back. It's a bit twisted that this relies on kdb_getstr() happening to leave the buffer in a specific way (zero-terminated and with one extra character at the end) when kdb_getstr() returns it's special control characters, but not part of your change. I guess maybe a future cleanup could try to make this saner... One thing that could be done to at least make it slightly cleaner (aside from adding a comment) would be to take advantage of the return value of strscpy() to avoid the strlen(). As with all things kgdb, there are plenty of things to fix but your change moves us in the right direction. Thus: Reviewed-by: Douglas Anderson