Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp5746055rwp; Mon, 17 Jul 2023 08:52:32 -0700 (PDT) X-Google-Smtp-Source: APBJJlFMRN12fCC22HEIpk219AUbn3/GSyIipird1Y72cmfwJ4P0wR7AcYkekHg5C0HJrZ15H2C8 X-Received: by 2002:a17:906:8251:b0:971:5a79:29ff with SMTP id f17-20020a170906825100b009715a7929ffmr10358573ejx.48.1689609152477; Mon, 17 Jul 2023 08:52:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689609152; cv=none; d=google.com; s=arc-20160816; b=TAUJ2HRyFy7/YJq+BGsWyE9pfKM4C2LFOk0lwnPNjHbKKuPly3vQF6edvfA0QK8/Up DeWx8R52j+3r0A3RIj1Xtf0OPYBUWRf9xMIdGwjx77Z0Bj379ZjMRy/q4OCwqABCGawb jdnc+xt5oHIGoYXB/b1U4xgKT1pxCEcOZvQ9PUk74pKY5PfVtPIDZqC2w75vZuA7eplE 0rPPdP5OWk1+KXXJyd5WfYker/X7yKrRZadqJ2/Tg6zAeMChb+68JIWJeFQMV53PutQK f5RmaCCijXXqz7GjDYw94j7dv6fQfRGL7cX3YrTreymIGCDPEvIFwZ5la+GDOcMaFZ4J ih8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=O6+2hEQHreqpO4j39Bf53XvlGBmQp6lWiVB1HdTdU/g=; fh=oDxfz7FUgFnWIRcrsJ7pXHV77DAtrmfe2q/qcEkKe2I=; b=fAQrTCDvkIOtC1FWRPgtQVjWNPF5jfUKX2A3HJ5U29oJbeSL6TgSLLNLfV9rlU5DMD JhVdF3mmzfGW0kJIj0jfzBFt/xqo6Wz2lMjn/mGNGcguDoTq6xFCWI5XbgCM0kPRACDo HePpAXKd73gjTgmGxlnzXEBS1/+ubCFagDFWkzgWETZXykxplL/sDkCR6zgPHQYK3fvd kuLpkBk8eLJ4mn8xL5tCDGTrIiLt6LgNQ+4CY5amnpHqS4nGlk5sOWUGMyqL2XDUPYww RHPWosVZ1d1RFmZ7aIa3SeIciayRC+JKcHFVFI1v9SogvmzaolqbEpPAi4y0jIeemfdN WuKQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=b2oP1jE8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r17-20020a1709067fd100b0098859d239dfsi14595016ejs.796.2023.07.17.08.52.06; Mon, 17 Jul 2023 08:52:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=b2oP1jE8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231476AbjGQPn7 (ORCPT + 99 others); Mon, 17 Jul 2023 11:43:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43754 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231462AbjGQPn6 (ORCPT ); Mon, 17 Jul 2023 11:43:58 -0400 Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 84D46197 for ; Mon, 17 Jul 2023 08:43:57 -0700 (PDT) Received: by mail-pl1-x62e.google.com with SMTP id d9443c01a7336-1b89bc52cd1so24849645ad.1 for ; Mon, 17 Jul 2023 08:43:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1689608637; x=1692200637; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=O6+2hEQHreqpO4j39Bf53XvlGBmQp6lWiVB1HdTdU/g=; b=b2oP1jE8bErJ3f9VkjNrG9/w9KHoPA67gGI6CbXR7rH/Jl01y7ChuNnWJL0f6rT1BX +adXjpZv8vDzRfAYzQUS+vjNyucQoxx9E4hxwscly+sR5L8a/lclCRHvBcgXZm7xKrwN nyaNN+WCLx6anqGojLvaJSicsDxGz+rwlLuLE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689608637; x=1692200637; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=O6+2hEQHreqpO4j39Bf53XvlGBmQp6lWiVB1HdTdU/g=; b=FttDFgByFyP/cjJI5I6CA7T/lXwtHT9rU0P9WLOQsX1j0fJoeI8tbCmmW/fRotDm45 3bW97cphuydZN8w/Wp6RKaMjqNgepEzz7+jxmmEjfgy/zkWwryEkbY0OWkq7tc46qRBy gGoj2IONTyISU5VHCQ0QXDAsj3tf0Ip1ZigKlflBZCuyadHQn6OulAHMOhFivMZynIqK b8zTMKuvlpVgMxXlvRZVFYZjta0r0tBWh4HIBNx6FFNBSQo19uoeEqDIn94CGNtv/6K3 YT0axCsPeRSrb2BHWW2XdIZ1hlTEp/XkpoCoELijwkKKQ3cBphExtC41IVU954KF+zcT STcg== X-Gm-Message-State: ABy/qLab57b8CKdv2Q+hpgIIsJ4tBj4DEDE0LwJ8cqXlk56cNVQdyLpm DEHdSnWm+D+REHg/MrYk0l4RcktdaCg4/iu1H/o= X-Received: by 2002:a17:902:ea11:b0:1b9:d34d:bf6d with SMTP id s17-20020a170902ea1100b001b9d34dbf6dmr13052150plg.52.1689608636815; Mon, 17 Jul 2023 08:43:56 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id jj13-20020a170903048d00b001ac591b0500sm54192plb.134.2023.07.17.08.43.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Jul 2023 08:43:56 -0700 (PDT) Date: Mon, 17 Jul 2023 08:43:55 -0700 From: Kees Cook To: Andy Shevchenko Cc: linux-kernel@vger.kernel.org Subject: Re: [PATCH v1 1/1] seq_file: Replace strncpy()+nul by strscpy() Message-ID: <202307170826.397635AD@keescook> References: <20230717093332.54236-1-andriy.shevchenko@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20230717093332.54236-1-andriy.shevchenko@linux.intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 17, 2023 at 12:33:32PM +0300, Andy Shevchenko wrote: > Privided seq_show_option_n() macro breaks build with -Werror > and W=1, e.g.: > > In function ‘strncpy’, > inlined from ‘ocfs2_show_options’ at fs/ocfs2/super.c:1520:3: > include/linux/fortify-string.h:68:33: error: ‘__builtin_strncpy’ output may be truncated copying 4 bytes from a string of length 4 [-Werror=stringop-truncation] > 68 | #define __underlying_strncpy __builtin_strncpy > | ^ While I totally agree with the removal of strncpy(), I'm confused about how this warning is being produced: seq_show_option_n(s, "cluster_stack", osb->osb_cluster_stack, OCFS2_STACK_LABEL_LEN); fs/ocfs2/ocfs2.h:389: char osb_cluster_stack[OCFS2_STACK_LABEL_LEN + 1]; fs/ocfs2/ocfs2_fs.h:#define OCFS2_STACK_LABEL_LEN 4 #define seq_show_option_n(m, name, value, length) { \ char val_buf[length + 1]; \ strncpy(val_buf, value, length); \ ... the source buffer is OCFS2_STACK_LABEL_LEN + 1 long, and the dest buffer is OCFS2_STACK_LABEL_LEN + 1 long. ?? I think this doesn't need to use seq_show_option_n() at all. > include/linux/fortify-string.h:151:16: note: in expansion of macro ‘__underlying_strncpy’ > 151 | return __underlying_strncpy(p, q, size); > | ^~~~~~~~~~~~~~~~~~~~ > cc1: all warnings being treated as errors > > While -Werror wasn't enabled by default at the time of the original code > landed into mainline, strscpy() was already there and preferred over strncpy(). > Due to above mentioned issues, use the latter in seq_show_option_n(). > > Fixes: a068acf2ee77 ("fs: create and use seq_show_option for escaping") > Signed-off-by: Andy Shevchenko > --- > include/linux/seq_file.h | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h > index bd023dd38ae6..e87d635ca24f 100644 > --- a/include/linux/seq_file.h > +++ b/include/linux/seq_file.h > @@ -260,8 +260,7 @@ static inline void seq_show_option(struct seq_file *m, const char *name, > */ > #define seq_show_option_n(m, name, value, length) { \ > char val_buf[length + 1]; \ > - strncpy(val_buf, value, length); \ > - val_buf[length] = '\0'; \ > + strscpy(val_buf, value, sizeof(val_buf)); \ > seq_show_option(m, name, val_buf); \ > } Reviewed-by: Kees Cook -Kees -- Kees Cook