Received: by 2002:aa6:c781:0:b0:139:2837:6657 with SMTP id u1csp1565148lkq; Fri, 3 Sep 2021 09:49:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJweniCXDSejhUK6zxyHhOlvVQWpS3ybmOH300dw7PkwzR3cnY2+ljL40QgsjaytZNzgP5bb X-Received: by 2002:a05:6e02:214b:: with SMTP id d11mr3236716ilv.239.1630687779668; Fri, 03 Sep 2021 09:49:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630687779; cv=none; d=google.com; s=arc-20160816; b=kbp3IDl1k32Qz6TxF9wp8OdcrTav4HHdvKUgFmh0vsLQd1A1QPXq+lsdCBgS7Qr2Ot 0PEbYwmwgQEalwu3N9VhLY3D/kZU9cpy9J+visKC9xB3mI5V/FxHCwYiY7R2J8H+bR3U RUAGojXlZQUG4tGjytqyiOnv5i29OpR9VFsgIkOK3HuyGyoKSr+kWrZWge2ASgydSP2l NJ3AthXbLywesrMKE0THW1S6JqWO5shTKVJ3zClsubNnQB6l8L37NP1LSE7R3fgJ8fJo Nx2ByfJgKGNySHOKFZZksaNCSUv+/JDtdJXUhclKZQJEOUu297yKhBapec9QEI1qswLv tJqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=hq8NuI7sYOh8UgpNj07F8ln9MUH5eqJyuCouOkMikcc=; b=xamnSPnt1bnxobH1ZAvhdaBE4lzgdIx9PNW0XMx43pqS+vMJP2LjW8LW7PurhRZLdu Egw6q+o+J0kttQfUhZycMm8vI55qlJ1FOPiDodtX6Mg05VBNYZFI0VqRTTN4JDTPiBZK w2ncX5JytSgymJOF+LBsz/X7ydFpNevjN/Gou2DyHjn9SVMHYap4sUqWODr4R0HclpKN PE7YCjoV4fINObPStjbzl0ZO8T8BEmPK2u/gIJOzMoej0KhKKURQF3uY+y5mGRrhut8D xctZ6hQiub1cWOXSN+pnFb/NZnKiXyrPJUt/MFfS4pS9ajOlq0fBKSM5VgaCrFcsFgpT f/Bg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmx.net header.s=badeba3b8450 header.b=KgB1oGa2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmx.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m22si5332943jaa.92.2021.09.03.09.49.27; Fri, 03 Sep 2021 09:49:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmx.net header.s=badeba3b8450 header.b=KgB1oGa2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmx.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235425AbhICPHO (ORCPT + 99 others); Fri, 3 Sep 2021 11:07:14 -0400 Received: from mout.gmx.net ([212.227.17.21]:43751 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229997AbhICPHM (ORCPT ); Fri, 3 Sep 2021 11:07:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1630681561; bh=2NsobSJ0oyoOkDCO4kNPox42OsO4Nli7GYVADpwZFfk=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date; b=KgB1oGa26/ftR5JtjgnCkm+LjSNjE91aGRPWcIb6t1XB5VbxTe/0HHCk1dylY+IhD 8DHPkRcgqvDIVMlzTPzOliBWGvdT5qyWcy6PpE8paNeNscd2vLNj9LcWiYGNVdiEcb ypTdR3d8h/HQ+TSjwVDIsvtLo0TcbPChzCm4JtPA= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from localhost.localdomain ([79.150.72.99]) by mail.gmx.net (mrgmx105 [212.227.17.174]) with ESMTPSA (Nemesis) id 1M1Ycl-1mO5di2BWl-0038Dr; Fri, 03 Sep 2021 17:06:01 +0200 From: Len Baker To: Borislav Petkov , Mauro Carvalho Chehab , Tony Luck , James Morse , Robert Richter , Joe Perches Cc: Len Baker , David Laight , Kees Cook , linux-hardening@vger.kernel.org, linux-edac@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6] EDAC/mc: Prefer strscpy or scnprintf over strcpy Date: Fri, 3 Sep 2021 17:05:39 +0200 Message-Id: <20210903150539.7282-1-len.baker@gmx.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:1WWrz35yiVKX3AEpwLelo43wNkwyWS28+jV7tcAjnkGOVJRGex4 62kMobnU+zTr4NUJU2ElQKZSbknVD9xi/fiZzgHOPEn0yel6FeiNrZ0/rYf7Tqr15wECqqe saJNo9jDiqMX7ZTjwu2Gk76XKK9yCFifqrNUd7hHgSBKW/shQPYUUZhnwVeDiho6+DlLcTJ 4lx+zPpb5BPdw91l7pDug== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:IZ8oGDh5x9g=:U+bLOJMA3OId4qv5emQuZJ U3SDolIicL6kmud82MC2AcCCKEKfgtK6iwlCcbXPpLe8oRZG32aFPhUPF4i6+81O3fuWjqaYv AfCueHqlctbkBfoxJvZl4GFMHIczszAa6hzwS03rHmJzbOY7FU2CozUGVofdPegbWbPeZkrKl W2ZNOhpTEvj6nerJFSl7FkalWzKab6bgvItqGNZesS55bBax9SWf3yZiHGh++skpxzY9Yv71g 87OtKy3xdcTECktspsLeGVBeompS816qCi6TOeTYrLyeVsDdt4KEqkfFNrdVx7IXdwg16TGsa yGZCDzHtCaWTendBhow9Un3qUENtZboG9rQLXPnboFGBMoaFsnkgRM6i6vi8lgPlxQEpmsuyR nqo1h5k+lraAbmF1UuPV4I15e4yr61npqDc29+Fy4LMNt5cV1FHhWigLSc4vurAFcMTfNVcWc jA1uH9avsfU9hGU78MPK0vGSawZEkPxtBzUqzSCeFUCTjq5njHGT0xqrSWJ2hKtyiT4tObcEn 4NkuPxFPaiyYOgYah0WCYUCY0SM4MhK1u3SYRCincR313ICEX50GUyesA0Fdy+i+7audYHyXr geDDSsqHNNanXAB/0Tjz754Gm7qIXKhBigPCBY2rrLBPpXH8LGgfeQt2znXbXNB19K4oqaovA Y4rL0WGc5W/8HxFYDm7Cvz/T0RfOuZgPxp6UN+RTWfm/i3KBqwt9E5KVm52HQ1zLB/toHSyU6 k0CXQUZ9KFErAqhPKiMrn9kqYoqIcYuVB+UsqC2M2IN7nCeP1bDfBHZDo99wjo7qUTbWvAiBZ laiYC8qNqPl1fkYY2f7pPqBFdOs0ZrKVd39FpSM7bUcY6n/fcyUsuRlyOc7sJP8IgsVEkMhEz N3JVMbvs2yqCERYMC+4dtbeg8ztQg82ZJlSS1N0N+04CKpEk+9xbkzbVc3+yKfSryQ8xqpUnR MHN+Pt0D49C2I7WOfw6uwy5Ng9X54JNOiIHRRrnPz/JmamP3qNM5QPlnVo8k++RpJKDa9AWhh lknR4drQhVLIDWSrBrm8/BrVqNXYGVmiKRDc4XRF99CR5e1690bgDRRXPBXf1FQLifyVLnKks 1tQk0TXeq5h+GgbwVgGaWqvDkw+RL38ckS2FBm/N4KrP+bKapASiM1YiQ== Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors. The safe replacement is strscpy() [1]. However, to simplify and clarify the code, to concatenate labels use the scnprintf() function. This way it is not necessary to check the return value of strscpy (-E2BIG if the parameter count is 0 or the src was truncated) since the scnprintf returns always the number of chars written into the buffer. This function returns always a nul-terminated string even if it needs to be truncated. The main reason behind this patch is to remove all the strcpy() uses from the kernel with the purpose to clean up the proliferation of str*cpy() functions. Later on, the next step will be remove all the strcpy implementations [2]. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [2] https://github.com/KSPP/linux/issues/88 Co-developed-by: Joe Perches Signed-off-by: Joe Perches Signed-off-by: Len Baker =2D-- Hi Joe, I have added the "Co-developed-by: Joe Perches" tag to give you credit, since all the code used in this patch relies heavily on your review code snippets. I hope there are no objections. Thanks, Len Changelog v1 -> v2 - Use the strscpy() instead of scnprintf() to add labels and follow a code pattern more similar to the current one (advance "p" and decrement "left") (Robert Richter). Changelog v2 -> v3 - Rename the "left" variable to "len" (Robert Richter). - Use strlen(p) instead of strlen(OTHER_LABEL) to decrement "len" and increment "p" as otherwise "left" could underflow and p overflow (Robert Richter). Changelog v3 -> v4 - Change the commit subject (Joe Perches). - Fix broken logic (Robert Richter). - Rebase against v5.14-rc5. Changelog v4 -> v5 - Change the commit subject. - Clarify why the change is being made by adding more info to the commit message (Borislav Petkov). - Use scnprintf instead of strscpy (Joe Perches). - Rebase against v5.14-rc7. Changelog v5 -> v6 - Rebase against v5.14. - Refactor the code to use a more common scnprintf mechanism (Joe Perches). Previous versions: v1 https://lore.kernel.org/linux-hardening/20210725162954.9861-1-len.baker@gm= x.com/ v2 https://lore.kernel.org/linux-hardening/20210801143558.12674-1-len.baker@g= mx.com/ v3 https://lore.kernel.org/linux-hardening/20210807155957.10069-1-len.baker@g= mx.com/ v4 https://lore.kernel.org/linux-hardening/20210814075527.5999-1-len.baker@gm= x.com/ v5 https://lore.kernel.org/linux-hardening/20210829161547.6069-1-len.baker@gm= x.com/ drivers/edac/edac_mc.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c index f6d462d0be2d..97dff62970a5 100644 =2D-- a/drivers/edac/edac_mc.c +++ b/drivers/edac/edac_mc.c @@ -1032,6 +1032,8 @@ void edac_mc_handle_error(const enum hw_event_mc_err= _type type, int i, n_labels =3D 0; struct edac_raw_error_desc *e =3D &mci->error_desc; bool any_memory =3D true; + const char *prefix =3D ""; + int n =3D 0; edac_dbg(3, "MC%d\n", mci->mc_idx); @@ -1113,12 +1115,9 @@ void edac_mc_handle_error(const enum hw_event_mc_er= r_type type, p =3D e->label; *p =3D '\0'; } else { - if (p !=3D e->label) { - strcpy(p, OTHER_LABEL); - p +=3D strlen(OTHER_LABEL); - } - strcpy(p, dimm->label); - p +=3D strlen(p); + n +=3D scnprintf(e->label + n, sizeof(e->label) - n, + "%s%s", prefix, dimm->label); + prefix =3D OTHER_LABEL; } /* @@ -1140,9 +1139,9 @@ void edac_mc_handle_error(const enum hw_event_mc_err= _type type, } if (any_memory) - strcpy(e->label, "any memory"); + strscpy(e->label, "any memory", sizeof(e->label)); else if (!*e->label) - strcpy(e->label, "unknown memory"); + strscpy(e->label, "unknown memory", sizeof(e->label)); edac_inc_csrow(e, row, chan); =2D- 2.25.1