Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3321251pxv; Mon, 26 Jul 2021 01:07:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwl9lYmYlC9eyVnrnM9P5+IKEdi/bDlXIQV0HLBb7U0VGWSFQ55Rjd3By4hs125ngQC7VGy X-Received: by 2002:aa7:c641:: with SMTP id z1mr20505620edr.289.1627286839484; Mon, 26 Jul 2021 01:07:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627286839; cv=none; d=google.com; s=arc-20160816; b=P/QMNxktkUSRv4rQOyocBlfacThwzgdZurhaFW027KwKYdXFy20XdtJ3qJjY1HlfqC CkhZ++NS6jg83ocST3BGX/vs5OFqb2P7donaOzULQwwa09wAW724iTe87S8lP/TBIBT2 nidA2b6dSbretj473IM/1ForjDVuBBKD3YJtoSP1gb4G5uooBC0PWRkS229ssDhmwS0f 1pAl8bOHTnw7LrDlyKntmIl6ijYRQ/peoqel7M0Db/9sY9141GNTddGMcjiTC23ivkCM r20bU9dNWwYWw/PdDylbgScuU7K7dMBW45T7KUXnvW2n/Q/keezzA/eTjJztVY3LY0C2 l1CA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=/noyZVTkaQHv6vOLUtBghVzxTPdSaltUw4+X2m/ShNY=; b=z+CuM7lC/qIZRdBEocHwDhAVDHKcFqkqsGOHV78HypWCaBgkh1IbtL0k5vspATrgpu gZ+ilZjU8lxC9JoU9PlKqUBFkkOG8AKsJXHx5rdSsoaCUJMrF76wEwwOhMMCn7hAzmHJ QMabKdHnE2YP+IK8aIeod1/haEhtr0fOEqE2ooSyECVUHmntob4U+l9w4QscN4ghOxZG QRaU+YmvJZz+wqJLKg1wlA/XSba3SgDp7W08kMrZ5qDlso3HPy45r+fVMywVIZUVJVDG xBRVFPsIVI7unHAzFdMSItvTUG0BRUOFRxsQcDxVWLU5nm0d1vJcaqN818xUOJqOJnzx G2tw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x30si17512322edy.146.2021.07.26.01.06.56; Mon, 26 Jul 2021 01:07:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232888AbhGZHXE (ORCPT + 99 others); Mon, 26 Jul 2021 03:23:04 -0400 Received: from mail-vs1-f53.google.com ([209.85.217.53]:38487 "EHLO mail-vs1-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232684AbhGZHXC (ORCPT ); Mon, 26 Jul 2021 03:23:02 -0400 Received: by mail-vs1-f53.google.com with SMTP id x21so4768195vsx.5; Mon, 26 Jul 2021 01:03:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/noyZVTkaQHv6vOLUtBghVzxTPdSaltUw4+X2m/ShNY=; b=celWk8qjEwrLbUP2WGsqMakjwfggMHGp8XXZun+4hgKfAFXPVIM7aDjwWDCirzecfz 55KhmHyZAh8/GFNV7iiaD3TPy2xn3LTsvBaO4T1nsF2iveFq0osFJNZXNLyqxj6w18Cx /NGObxKW4GQkARMVLG1TeD001WGwNivWyBgl5lmiquRd1I9tThXm++IIPf3zCwe/J85B 6E4h2/uyBZYTfXnBpgPj0V/7mMJjDi3MwjPU7C4Z2RzqDxiA0kIVoOxRMhVok0XJjQkC oeWRhQulDMgYI6RinUAotZXWqMGNbMj9exwE0aLKb+K63Ons9MugZHj7D5IBk74RYjLb yTnA== X-Gm-Message-State: AOAM5309qKR53cWCXVWHiUQUt1ROw3bxkHGqvLf9Trm2leePORcEpS/5 cachTVuampAYtkUhOVy6K3NUPJpvodpxVemMFz4= X-Received: by 2002:a67:7789:: with SMTP id s131mr8212743vsc.40.1627286609931; Mon, 26 Jul 2021 01:03:29 -0700 (PDT) MIME-Version: 1.0 References: <20210725151434.7122-1-len.baker@gmx.com> In-Reply-To: <20210725151434.7122-1-len.baker@gmx.com> From: Geert Uytterhoeven Date: Mon, 26 Jul 2021 10:03:18 +0200 Message-ID: Subject: Re: [PATCH] drivers/soc: Remove all strcpy() uses in favor of strscpy() To: Len Baker Cc: Kees Cook , Andy Gross , Bjorn Andersson , Magnus Damm , Santosh Shilimkar , linux-hardening@vger.kernel.org, linux-arm-msm , Linux Kernel Mailing List , Linux-Renesas , Linux ARM Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Len, On Sun, Jul 25, 2021 at 5:15 PM Len Baker wrote: > strcpy() performs no bounds checking on the destination buffer. This > could result in linear overflows beyond the end of the buffer, leading > to all kinds of misbehaviors. The safe replacement is strscpy(). > > Signed-off-by: Len Baker Thanks for your patch! > --- > This is a task of the KSPP [1] > > [1] https://github.com/KSPP/linux/issues/88 Any chance the almost one year old question in that ticket can be answered? > drivers/soc/renesas/rcar-sysc.c | 6 ++++-- Reviewed-by: Geert Uytterhoeven But please see my comments below... > --- a/drivers/soc/renesas/r8a779a0-sysc.c > +++ b/drivers/soc/renesas/r8a779a0-sysc.c > @@ -404,19 +404,21 @@ static int __init r8a779a0_sysc_pd_init(void) > for (i = 0; i < info->num_areas; i++) { > const struct r8a779a0_sysc_area *area = &info->areas[i]; > struct r8a779a0_sysc_pd *pd; > + size_t area_name_size; I wouldn't mind a shorter name, like "n". > > if (!area->name) { > /* Skip NULLified area */ > continue; > } > > - pd = kzalloc(sizeof(*pd) + strlen(area->name) + 1, GFP_KERNEL); > + area_name_size = strlen(area->name) + 1; > + pd = kzalloc(sizeof(*pd) + area_name_size, GFP_KERNEL); > if (!pd) { > error = -ENOMEM; > goto out_put; > } > > - strcpy(pd->name, area->name); > + strscpy(pd->name, area->name, area_name_size); > pd->genpd.name = pd->name; > pd->pdr = area->pdr; > pd->flags = area->flags; > diff --git a/drivers/soc/renesas/rcar-sysc.c b/drivers/soc/renesas/rcar-sysc.c > index 53387a72ca00..0eae5ce0eeb0 100644 > --- a/drivers/soc/renesas/rcar-sysc.c > +++ b/drivers/soc/renesas/rcar-sysc.c > @@ -396,19 +396,21 @@ static int __init rcar_sysc_pd_init(void) > for (i = 0; i < info->num_areas; i++) { > const struct rcar_sysc_area *area = &info->areas[i]; > struct rcar_sysc_pd *pd; > + size_t area_name_size; Likewise. > > if (!area->name) { > /* Skip NULLified area */ > continue; > } > > - pd = kzalloc(sizeof(*pd) + strlen(area->name) + 1, GFP_KERNEL); > + area_name_size = strlen(area->name) + 1; > + pd = kzalloc(sizeof(*pd) + area_name_size, GFP_KERNEL); > if (!pd) { > error = -ENOMEM; > goto out_put; > } > > - strcpy(pd->name, area->name); > + strscpy(pd->name, area->name, area_name_size); > pd->genpd.name = pd->name; > pd->ch.chan_offs = area->chan_offs; > pd->ch.chan_bit = area->chan_bit; Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds