Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp2983189pxb; Tue, 24 Aug 2021 12:07:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz2R5+CFy7TCDc/1TtcoliVhEIXgTYI/WlmfgTyyiykvjlM0JsXJ4wpFuZwf8BC1h7CwdBL X-Received: by 2002:a92:d1c6:: with SMTP id u6mr27545390ilg.263.1629832020944; Tue, 24 Aug 2021 12:07:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629832020; cv=none; d=google.com; s=arc-20160816; b=rzJdKILotLyrh7wIrG4fW3w/DNPlj6szdgUTTGy2fI9FUW8VFAi4WMyRqfjigAG4RD jTVSVICtk5y2U0vm5qObO4Q5kmdkXGCCkTVdZaaTK1YFL8HXUaJaBthhxBGT52WyrqhB BMiE8LBD6kJ9dYMJkBlS36sgEcZqjQja2MjTYAUQCOYNI1scB1Ytmyh1VhRhkk7Dp/uq kU0LcDTKFcEBWEDN1gqb8SeCZlhQhC/e+uRs9YR7u7C2X+y6tQ0gRn77rT4Bzj7MV8/8 ED+ydYeUdlWjzZ8wGBwOVVJUgxgQ9xa2tn6UNtb7wd9nJFsxxSjcX7gL26Xn7fnAq046 OtSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=7Tsg7uj7uN025RIWMtLxTxeAqha2F1VD3+R3+HxKjQ4=; b=bTFjRUaGHa6YLcWyG8ZKONP7lw+iE9yYR2pP/YQYCT4MbD2Oa2rzhT1BtOUJyR4odV ghoC+4UpVghN4iEIU8tVENgZtGUlzaJJ14NpNt8FhDflTRCFJH+bAi4HXpda2dPma8s4 epU4HwspzcCnkNeYfi89OSsvCmh3gmji2DoS4zObtSHo0BuMh5tHfEjOnRNDjG0/OHaG GdDwvAi3RWYcJzreU+S0MQhik1SBlQepl0qqk2x83CTVnpFA9yPFMjyOBJSox8uG3w5D IL/44t0LnrJdBLNktxEL4rprSqTwdOTYvAP0rD5o3OnBkmGVLG31tWyieb5C/TXg3uHy zpyQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k8si18119568jaa.51.2021.08.24.12.06.46; Tue, 24 Aug 2021 12:07:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234276AbhHXTGl (ORCPT + 99 others); Tue, 24 Aug 2021 15:06:41 -0400 Received: from smtprelay0242.hostedemail.com ([216.40.44.242]:46410 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S232117AbhHXTGk (ORCPT ); Tue, 24 Aug 2021 15:06:40 -0400 Received: from omf19.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay01.hostedemail.com (Postfix) with ESMTP id BE3FE100E7B5C; Tue, 24 Aug 2021 19:05:54 +0000 (UTC) Received: from [HIDDEN] (Authenticated sender: joe@perches.com) by omf19.hostedemail.com (Postfix) with ESMTPA id 3ADAE20D75C; Tue, 24 Aug 2021 19:05:53 +0000 (UTC) Message-ID: <6dd7d45d8dccacb6d37ad5f6f137413b229d8565.camel@perches.com> Subject: Re: [PATCH v4] EDAC/mc: Prefer strscpy over strcpy From: Joe Perches To: Borislav Petkov , Len Baker Cc: Mauro Carvalho Chehab , Tony Luck , James Morse , Robert Richter , David Laight , Kees Cook , linux-hardening@vger.kernel.org, linux-edac@vger.kernel.org, linux-kernel@vger.kernel.org Date: Tue, 24 Aug 2021 12:05:52 -0700 In-Reply-To: References: <20210814075527.5999-1-len.baker@gmx.com> <20210824090338.GB7999@titan> Content-Type: text/plain; charset="ISO-8859-1" User-Agent: Evolution 3.40.0-1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.90 X-Stat-Signature: gbw8hao5yg94bjpfq3cs1hmfuybbbawk X-Rspamd-Server: rspamout02 X-Rspamd-Queue-Id: 3ADAE20D75C X-Session-Marker: 6A6F6540706572636865732E636F6D X-Session-ID: U2FsdGVkX1+qhTBzD3PJ/ihefUS3Wgwe9dpo85K7g1c= X-HE-Tag: 1629831953-473425 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2021-08-24 at 20:26 +0200, Borislav Petkov wrote: > On Tue, Aug 24, 2021 at 12:28:07PM +0200, Len Baker wrote: > > This is a task of the KSPP [1] and the main reason is to clean up the > > proliferation of str*cpy functions in the kernel. > > That I understood - you prominently explain where the patches stem from. > > What I can't parse is that formulation "previous step". What previous > step do you mean? > > > Yes, you are right. The same discussion happened in the v3 review [2] and > > I agree with the reasons that Robert Richter exposed. Using the strlen() > > implementation it is not necessary to check the return code of strcpy and > > we can assume a silent truncation. > > > > [2] https://lore.kernel.org/linux-hardening/YRN+8u59lJ6MWsOL@rric.localdomain/ > > Ok, looking at the asm, gcc is actually smart enough not to call > strlen() twice on the same buffer. > > But then there's this in the strscpy() kernel-doc comment: > > "The destination buffer is always NUL terminated, unless it's > zero-sized." > > so looking at the code, we're merrily decrementing len but nothing's > checking whether len can become 0. Because if it does, strscpy() will > do: > > if (count == 0 || WARN_ON_ONCE(count > INT_MAX)) > return -E2BIG; > > so if p ends up pointing to something which is *not* '\0', strlen() will > go off into the weeds. > > So I don't care if it doesn't look just as nice - it better be correct > in all cases first. It's all somehat unnecessary as it seems it's guaranteed not to overflow. $ git grep -n -w OTHER_LABEL next-20210820 next-20210820:drivers/edac/edac_mc.c:1118: strcpy(p, OTHER_LABEL); next-20210820:drivers/edac/edac_mc.c:1119: p += strlen(OTHER_LABEL); next-20210820:include/linux/edac.h:57:#define OTHER_LABEL " or " next-20210820:include/linux/edac.h:470: char label[(EDAC_MC_LABEL_LEN + 1 + sizeof(OTHER_LABEL)) * EDAC_MAX_LABELS]; Also the array size of char label is too large. First by 1 * EDAC_MAX_LABELS as sizeof(OTHER_LABEL) is 5 not 4 and second there can only be EDAC_MAX_LABELS - 1 uses of OTHER_LABEL. And I would remove the define for OTHER_LABEL and use " or " directly. Lastly, this could be easier to understand using stpcpy and/or scnprintf.