Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp1458958pxb; Fri, 13 Nov 2020 13:16:39 -0800 (PST) X-Google-Smtp-Source: ABdhPJx/+XmWEW60hXPo/fiikQbfhYj5DdU3bODuEalAzrw+dICGELBrgcbhdAZQegygtqY1iO3S X-Received: by 2002:a17:906:e2c3:: with SMTP id gr3mr3806134ejb.471.1605302199367; Fri, 13 Nov 2020 13:16:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605302199; cv=none; d=google.com; s=arc-20160816; b=dyz4W65f11Oq2zdusZCoLCxfrN2Y1aMvjj1tB9p+VH1v1+mSIpAnrypiW60IT7AqJl xeGRr3z4wEoBV507lGNTUnTo8WIYZKMWF6Q4XYmRrA31eEeNnqYps2CauP8p0xiA+d2t KD9lRyLXXB5x99mnx17ZvwScgTI5AfUVRsujI/lniVhihKSIr5JWw+/DJ2A5PJGtZsJv 3VaWLQCM2BHMcbJrWtmElVpNsCbCjA6/A0sz+wWETukpKjFWyZ1XDTOZh0E5Kllv4rv5 PWBC1MLV0h5I+kCHhK3s4HSc+BYQFXdIpRfklSgixW8bMcly33tgc5vaHawkTmGpCMka 8gjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=KviX0rcak+ARccgKrmiOPUL4xxtYUmjKoN9SOQyA0lM=; b=i8bRFlWR/WczNOzlPO4Lf7kxsD1eNJG8mxSwhPfIOJq+g59eiXqVgV1Cd6QvDAzd1b Ks4nNstKv/fOokqNSnoHkLZEB3KxaY0Z7eZWxizslHsC3XCXOJ32Nso21i1CW4yW5Ecl ZmK328P5/e4wBlrH1lUy+LNJA8Ox63f3rx6AgzYNo8MhrtNVAGmhBs2Zz2Nrf3AIibli 5c/xTJl4KKL0NVXoixlXClvofr//plKxm2D40ZN5nTSYFuAhF73GD99VtuFAJ5nPouaT zUqmY+NLqhLu/U4mdcpPcWceyTGq8P4YgR5famGIQd1CwX0YJn4Ux3ZjgySCkXr/rzAZ zUeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=WAUFm6kp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v17si6798075ejr.127.2020.11.13.13.16.16; Fri, 13 Nov 2020 13:16:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=WAUFm6kp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726296AbgKMVOh (ORCPT + 99 others); Fri, 13 Nov 2020 16:14:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725981AbgKMVOh (ORCPT ); Fri, 13 Nov 2020 16:14:37 -0500 Received: from mail-lf1-x144.google.com (mail-lf1-x144.google.com [IPv6:2a00:1450:4864:20::144]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9AEA9C0617A6 for ; Fri, 13 Nov 2020 13:14:35 -0800 (PST) Received: by mail-lf1-x144.google.com with SMTP id f11so16088538lfs.3 for ; Fri, 13 Nov 2020 13:14:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KviX0rcak+ARccgKrmiOPUL4xxtYUmjKoN9SOQyA0lM=; b=WAUFm6kpKWLUNLFWWPtEeh8AyXuo9ubgQGaxugOKLHZppGH/FvHrzp6xLsLE3WqOGb mE0tmYNDMRvCwecB4a0vPxOEYfF2JvNRy7T188p4baruaXy1fF5uUMo8JbqAclLdCs70 8LSAEVfV3Lr9haDHgZnTmtUwFwhbHYXCeswqc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KviX0rcak+ARccgKrmiOPUL4xxtYUmjKoN9SOQyA0lM=; b=enRQiHZc1yPJA65qSiwemi8vvLj7hOJeH9rm6yJUB9wSR5JfohW82W6ChV8ym7TYUt G7Oh2QD6KeY+tllcGSuo64LhErSRAQ3bJAJxNZ8Q1zksla1I3AFZg9HWX8gqVEmiJ9NX ZvaCsQbxoxulRF80i9+EMQNXDH8c6jHOGNcD9AI6r9QmyHVaKaQnsk2z0BGuAEgHto+V dWTlBax1VXZgS0kfoGxaV/B9RBMT0ovds5WRAiLG/GKgSZwcBPG0YD73lvka9vD7ujkC u7mO15UsH9N2+gKqYw9bPteYbjCj+l8dPsk/9ureont1wS5ToeTN8goNygk+Y4HZjH7g n8fw== X-Gm-Message-State: AOAM531xZlB8D1wXNZI7qQqt9vFxA33IfrOuBu/o/yKNqX2QRgPyIYRH Zuz002t+9KEaCJB0KgaalcODc7bz9jKznw== X-Received: by 2002:a19:458:: with SMTP id 85mr1464341lfe.249.1605302073711; Fri, 13 Nov 2020 13:14:33 -0800 (PST) Received: from mail-lj1-f181.google.com (mail-lj1-f181.google.com. [209.85.208.181]) by smtp.gmail.com with ESMTPSA id s5sm1705456lfd.58.2020.11.13.13.14.28 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 13 Nov 2020 13:14:28 -0800 (PST) Received: by mail-lj1-f181.google.com with SMTP id 11so12542578ljf.2 for ; Fri, 13 Nov 2020 13:14:28 -0800 (PST) X-Received: by 2002:a05:651c:2cb:: with SMTP id f11mr1706774ljo.371.1605302068145; Fri, 13 Nov 2020 13:14:28 -0800 (PST) MIME-Version: 1.0 References: <20201113170338.3uxdgb4yl55dgto5@ast-mbp> <20201113191751.rwgv2gyw5dblhe3j@ast-mbp> <20201113205746.htvdzudtqrw6h7oa@ast-mbp> In-Reply-To: <20201113205746.htvdzudtqrw6h7oa@ast-mbp> From: Linus Torvalds Date: Fri, 13 Nov 2020 13:14:12 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH bpf v5 1/2] lib/strncpy_from_user.c: Don't overcopy bytes after NUL terminator To: Alexei Starovoitov Cc: Daniel Xu , bpf , Linux Kernel Mailing List , Alexei Starovoitov , Daniel Borkmann , kernel-team@fb.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 13, 2020 at 12:57 PM Alexei Starovoitov wrote: > > (a) is the only case. Ok, good. The (b) case is certainly valid in theory (and we might even traditionaly have had something like that for things like ->comm[] accesses, although I think we got rid of it). But the (b) case is _so_ hard to think about and so easy to get wrong - readers have to be very careful to only read each byte of the source exactly once - that it's much much better to try to avoid it. > But I think if glibc's strncpy() did something like this it would > probably caused a lot of pain for user space. Oh, absolutely. The standard strncpy() function has some very strict behavior issues, including that zero-padding of the *whole* destination buffer, which would be absolutely horrid for things like fetching pathnames from user space (our buffer is generally close to a page in size). In fact, the kernel strncpy() (ie the one that doesn't copy from user) does ado the whole "pad all zeroes at the end" exactly because people might depend on that. So the _actual_ strncpy() function conforms to the standard use - but you generally shouldn't use it, exactly because it's such a horrible interface. Only good for very small buffers. > The hash element example above is typical bpf usage. The core kernel does have one very common string hash case, but it's for path components, and never the whole string - so it already has to deal with the fact that the string is very much delimited in place by not just NUL at the end, but also '/' characters etc. So no "copy it as a string from user space, and then use it as a block" that I'm aware of. Linus