Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp1264810pxb; Thu, 16 Sep 2021 03:45:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyaxorHH01hBa9bfn8ArhsCM839+4bSTjMROAkOCNcEAQdu5n4PjQDWE1cvd5sLTOmeN2HJ X-Received: by 2002:a6b:7212:: with SMTP id n18mr3645727ioc.175.1631789139702; Thu, 16 Sep 2021 03:45:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631789139; cv=none; d=google.com; s=arc-20160816; b=nkRNX8ND/gUDjqECtSwdkMXLpOwM9BfM1WPSkOCBNue0fgjvCc6+orERaZxiZyW57T D8LcXnoab7J3qYiL6vYOKYDkHv8ijFIMcIk9c7xjtVCD6/daKBYdZeC1H2+uaMV0FlHk qdWkVSyaNe8+jQ7XKsJRVV7y03Zm+7wR+fk3r7sZO7hFdt8EKHbsF4/U0r0giVsUiN07 cDfDX5fu/cteyEGUrCHP+5LkRP7m+qHND2u661fASKOB8le44on/Q+T2tkyB5KKThF7U 0zPYlWVdtURchFeBStNGnQGXtlHi/Ev7Mb0rWvnCWWG15jIpQOPPsT15uZM6BaUpRQwl rJwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :organization:in-reply-to:subject:cc:to:from; bh=dxtaOeern2FVCbqyPg4VgiUe/DOHLwTrEdiObI8Lg0A=; b=oVVr5BUnmX/f0TzyGleTzgKo75uXMlMHY1P0QtEba0SvFKWQz+ha3gWn/mycYTKILA hEvjKBd7VeQOZwfq5E+ypNJyt4x4xAyhRB8MiwvFXJN8ONNOuNBtE0hW6pKeWqQYF1UM FQ0zkA9Z15n0D7ouZe/rDaKaBidOTAkkJevh257VlSFCRxFg9/f/EY8cQxqaAmd7+3u0 o9WsNmCLJC9dZAIE3Jpv/MktIyBpljtvfD8/RPQUKxQG7fkLYJU/+eETlTGer121izqV FHNklcjGDe89fbfLE/kpIZb2Lg8FGMbwvLkR5gmi1EXOqSNVaYFWAeDvqAyT5oMPRFiM UvrA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b9si2260144ion.34.2021.09.16.03.45.26; Thu, 16 Sep 2021 03:45:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236574AbhIPKo5 (ORCPT + 99 others); Thu, 16 Sep 2021 06:44:57 -0400 Received: from mga14.intel.com ([192.55.52.115]:54334 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236403AbhIPKo4 (ORCPT ); Thu, 16 Sep 2021 06:44:56 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10108"; a="222192302" X-IronPort-AV: E=Sophos;i="5.85,298,1624345200"; d="scan'208";a="222192302" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Sep 2021 03:43:36 -0700 X-IronPort-AV: E=Sophos;i="5.85,298,1624345200"; d="scan'208";a="553817313" Received: from djustese-mobl.ger.corp.intel.com (HELO localhost) ([10.249.34.120]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Sep 2021 03:43:31 -0700 From: Jani Nikula To: Tvrtko Ursulin , Tim Gardner , linux-kernel@vger.kernel.org Cc: Joonas Lahtinen , Rodrigo Vivi , David Airlie , Daniel Vetter , intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org Subject: Re: [Intel-gfx] [PATCH] drm/i915: zero fill vma name buffer In-Reply-To: <7a653532-046d-c68a-3dc9-ef2deaf455f9@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo References: <20210915192318.2061-1-tim.gardner@canonical.com> <7a653532-046d-c68a-3dc9-ef2deaf455f9@linux.intel.com> Date: Thu, 16 Sep 2021 13:43:28 +0300 Message-ID: <87ee9ox0kv.fsf@intel.com> MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 16 Sep 2021, Tvrtko Ursulin wrote: > On 15/09/2021 20:23, Tim Gardner wrote: >> In capture_vma() Coverity complains of a possible buffer overrun. Even >> though this is a static function where all call sites can be checked, >> limiting the copy length could save some future grief. >> >> CID 93300 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) >> 4. fixed_size_dest: You might overrun the 16-character fixed-size string c->name >> by copying name without checking the length. >> 5. parameter_as_source: Note: This defect has an elevated risk because the >> source argument is a parameter of the current function. >> 1326 strcpy(c->name, name); >> >> Fix any possible overflows by using strncpy(). Zero fill the name buffer to >> guarantee ASCII string NULL termination. >> >> Cc: Jani Nikula >> Cc: Joonas Lahtinen >> Cc: Rodrigo Vivi >> Cc: David Airlie >> Cc: Daniel Vetter >> Cc: intel-gfx@lists.freedesktop.org >> Cc: dri-devel@lists.freedesktop.org >> Cc: linux-kernel@vger.kernel.org >> Signed-off-by: Tim Gardner >> --- >> drivers/gpu/drm/i915/i915_gpu_error.c | 7 ++++--- >> 1 file changed, 4 insertions(+), 3 deletions(-) >> >> diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c >> index 9cf6ac575de1..154df174e2d7 100644 >> --- a/drivers/gpu/drm/i915/i915_gpu_error.c >> +++ b/drivers/gpu/drm/i915/i915_gpu_error.c >> @@ -1297,10 +1297,11 @@ static bool record_context(struct i915_gem_context_coredump *e, >> return simulated; >> } >> >> +#define VMA_NAME_LEN 16 >> struct intel_engine_capture_vma { >> struct intel_engine_capture_vma *next; >> struct i915_vma *vma; >> - char name[16]; >> + char name[VMA_NAME_LEN]; >> }; >> >> static struct intel_engine_capture_vma * >> @@ -1314,7 +1315,7 @@ capture_vma(struct intel_engine_capture_vma *next, >> if (!vma) >> return next; >> >> - c = kmalloc(sizeof(*c), gfp); >> + c = kzalloc(sizeof(*c), gfp); >> if (!c) >> return next; >> >> @@ -1323,7 +1324,7 @@ capture_vma(struct intel_engine_capture_vma *next, >> return next; >> } >> >> - strcpy(c->name, name); >> + strncpy(c->name, name, VMA_NAME_LEN-1); > > GCC is supposed to catch any problems here as you say in the commit message. > > But to fix I suggest a single line change to strlcpy(c->name, name, > sizeof(c->name)) which always null terminates as bonus. strscpy() is preferred over both strncpy() and strlcpy(). :) BR, Jani. > > Probably same in i915_vma_coredump_create() which with strncpy would > have a theoretical chance of attempting to copy over a > non-null-terminated string. > > Regards, > > Tvrtko > >> c->vma = vma; /* reference held while active */ >> >> c->next = next; >> -- Jani Nikula, Intel Open Source Graphics Center