Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp4109414rdb; Thu, 14 Sep 2023 12:02:20 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH9cU4Lt6S4XTaaBJSkGmKH3H8kOAqBecwkKMF/qX/5z7/GLTf923gLhB5iICbZNvYNJFOl X-Received: by 2002:aa7:9535:0:b0:68f:be13:6c16 with SMTP id c21-20020aa79535000000b0068fbe136c16mr6774644pfp.2.1694718140538; Thu, 14 Sep 2023 12:02:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694718140; cv=none; d=google.com; s=arc-20160816; b=QW0Azuh3HtKWZZh3b1MWmfPtcHdgj45AETlmaRC7ms6Uciqn20yjqEuE9Bth6Rrwd8 pUehRrHlfM/Rca6CdXl/jZ4vQlpSnPG2cuM7abwu1yDztEqCkHPK2KI1oD5g3qG28qOB PTLIgOFdRuQC8q0jwGVrprwIi2gxBDxT5uFsm6VI3tJ3t3ZWpzwavUgvCBzowIUQ7wL3 bsuz7krDy7cyCIBLnZQNSUG5B3uuUnE+weo+YQ2E7ZrmIAC7grYxpb/HU4nXLYjHuUk4 POs/VxznCO3XSulB0i17xlVgCT9+xIx0cC1O4CX8NbVyuF/hAB+3rlBN1PLnq1nix0Gd KRJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=Uje044vKCrnPM/zlrRSYe7sHyJsaq71H01/FgvMXUZI=; fh=ll5RNNFjKXAxd38ZPjs5u+8EP0FfEmQ8M0usfAa4v1Q=; b=RySSEx8jWA2rQCfam9l/Y359/3N+w5OQzWaqfBr9ZiV0ft02OB4zbNbU65y9ztIOr+ 6vuGjeUHRcR47qm29/uyfkgHekvoqniNhQZr+bCq4H3WWCaT6l6zuYKD8tt/MUSOggpK UPkSaazQKwGIXg1y/4wje1P0QD4i6Gg937YfiVKnRlPMpJkTDmZwyAby0MeCFZXzcL0V T5VxUQ2A/mZva/UDIiwjMNeLIzLcwOHA2e6o2iHU+nHjVsna5GdBuLoZNNomJ2arXAvW Zo0p6lutu8sSUCOBlo7EGKeLoR+8OPECQLOcfll64Y0otoYLkmVbtGiAnIPbGbj9lOci DkOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=IkYW2CX2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id x64-20020a638643000000b005776a454f3csi1828098pgd.379.2023.09.14.12.02.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 12:02:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=IkYW2CX2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 6A93C802884C; Wed, 13 Sep 2023 08:13:18 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229854AbjIMPNS (ORCPT + 99 others); Wed, 13 Sep 2023 11:13:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40930 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230254AbjIMPNR (ORCPT ); Wed, 13 Sep 2023 11:13:17 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 72B11BD for ; Wed, 13 Sep 2023 08:12:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1694617952; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Uje044vKCrnPM/zlrRSYe7sHyJsaq71H01/FgvMXUZI=; b=IkYW2CX2lngfd15Q7LWn7hbrGk+JPTFWxfBiS9EJd0QfQ1q+2M8BgbFdlJAYVy0b+Kh9ol 8H+F1O0H57PBOdKPNEIv3Pi3uV16OoDdgbLkDxIrmvY821wrk9hi5wl8EOA8eo4XSLLztp 5e/SqcXHKy1xMgqZCwbtROnODmgnW3Q= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-83-5EAEMyI_NRyYoMFWiqDSBA-1; Wed, 13 Sep 2023 11:12:31 -0400 X-MC-Unique: 5EAEMyI_NRyYoMFWiqDSBA-1 Received: by mail-ed1-f69.google.com with SMTP id 4fb4d7f45d1cf-52f947d0116so1628159a12.1 for ; Wed, 13 Sep 2023 08:12:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694617950; x=1695222750; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Uje044vKCrnPM/zlrRSYe7sHyJsaq71H01/FgvMXUZI=; b=Uk/Sq41yMj1+tzIBUr2bLcIyLa9Iw9WwIC/YW7lRfA9C0GlQ0KNFcSVQvgYB2GiWYC /0D0iemJkNiDl2j/7567yjkM0HEQj2SFpXpFiyeAxp/KdaxIiHC1M90TU/4gaDskrLmY Iu9HqeG/pLUKpUXLcCWjp7K9OGEOdpxIKLe/yWLIGibWdKcSVdW9mIVRJXd0AnakGs6c ClRYa8FxA4psuVSlK/Bzk356NEH7KQWAIJrHDQmFefVy0psMiLj4C+HTQ0OpuainmzFE I8yRyfIQr/jT08z8n3yD5Z1dr0GqPR/ig9Jk4vcCsS7YRYEvVFphTQPW6ELDD1Djvcxk K/Ag== X-Gm-Message-State: AOJu0Ywjvaw9ATrOzKjeL7CuuCuN+bif08MnZpGLt7XF3yD1cryDec5H K6wxJ4sZif4bbxS7Ss4fewEJrt/9RYSWl76KGTquZ0uWFD4PO6gIwBn+V5T8R9P9SBGxvaXHCHb 798PzSodCXp2LyDS1VB79S8ZI X-Received: by 2002:aa7:d84f:0:b0:52e:8973:6482 with SMTP id f15-20020aa7d84f000000b0052e89736482mr2590386eds.6.1694617950039; Wed, 13 Sep 2023 08:12:30 -0700 (PDT) X-Received: by 2002:aa7:d84f:0:b0:52e:8973:6482 with SMTP id f15-20020aa7d84f000000b0052e89736482mr2590367eds.6.1694617949672; Wed, 13 Sep 2023 08:12:29 -0700 (PDT) Received: from ?IPV6:2001:1c00:c32:7800:5bfa:a036:83f0:f9ec? (2001-1c00-0c32-7800-5bfa-a036-83f0-f9ec.cable.dynamic.v6.ziggo.nl. [2001:1c00:c32:7800:5bfa:a036:83f0:f9ec]) by smtp.gmail.com with ESMTPSA id b8-20020aa7cd08000000b0052595b17fd4sm7366564edw.26.2023.09.13.08.12.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 13 Sep 2023 08:12:29 -0700 (PDT) Message-ID: <953f2e40-7b0e-27b5-b017-a1ac2175bb47@redhat.com> Date: Wed, 13 Sep 2023 17:12:28 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: [PATCH v3] x86/platform/uv: refactor deprecated strcpy and strncpy Content-Language: en-US, nl To: Ingo Molnar Cc: Justin Stitt , Steve Wahl , Mike Travis , Dimitri Sivanich , Russ Anderson , Darren Hart , Andy Shevchenko , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , platform-driver-x86@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org References: <20230905-strncpy-arch-x86-platform-uv-uv_nmi-v3-1-3efd6798b569@google.com> From: Hans de Goede In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 13 Sep 2023 08:13:18 -0700 (PDT) Hi, On 9/6/23 16:09, Ingo Molnar wrote: > > * Hans de Goede wrote: > >> Hi Ingo, >> >> On 9/6/23 14:10, Ingo Molnar wrote: >>> >>> * Justin Stitt wrote: >>> >>>> Both `strncpy` and `strcpy` are deprecated for use on NUL-terminated >>>> destination strings [1]. >>>> >>>> We can see that `arg` and `uv_nmi_action` are expected to be >>>> NUL-terminated strings due to their use within `strcmp()` and format >>>> strings respectively. >>>> >>>> With this in mind, a suitable replacement is `strscpy` [2] due to the >>>> fact that it guarantees NUL-termination on its destination buffer >>>> argument which is _not_ the case for `strncpy` or `strcpy`! >>>> >>>> In this case, we can drop both the forced NUL-termination and the `... -1` from: >>>> | strncpy(arg, val, ACTION_LEN - 1); >>>> as `strscpy` implicitly has this behavior. >>>> >>>> Link: www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings[1] >>>> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] >>>> Link: https://github.com/KSPP/linux/issues/90 >>>> Cc: linux-hardening@vger.kernel.org >>>> Signed-off-by: Justin Stitt >>> >>>> arch/x86/platform/uv/uv_nmi.c | 7 +++---- >>>> 1 file changed, 3 insertions(+), 4 deletions(-) >>> >>> Note that this commit is already upstream: >>> >>> 1e6f01f72855 ("x86/platform/uv: Refactor code using deprecated strcpy()/strncpy() interfaces to use strscpy()") >>> >>> Below is the delta your v3 patch has compared to what is upstream - is it >>> really necessary to open code it, instead of using strnchrnul() as your >>> original patch did? Am I missing anything here? >> >> The new version is a result of a review from my because IMHO: >> >> strscpy(arg, val, strnchrnul(val, sizeof(arg)-1, '\n') - val + 1); >> >> Is really unreadable / really hard to reason about if >> this is actually correct and does not contain any >> of by 1 bugs. >> >> Note that the diff of v3 compared to the code before v2 landed is >> actually smaller now and actually matches the subject of: >> "refactor deprecated strcpy and strncpy" >> >> Where as v2 actually touches more code / refactor things >> which fall outside of a "one change per patch" approach. >> The: >> >> p = strchr(arg, '\n'); >> if (p) >> *p = '\0'; >> >> was already there before v2 landed. >> >> I also suggested to do a follow up patch to change things to: >> >> strscpy(arg, val, sizeof(arg)); >> p = strchrnul(arg, '\n'); >> *p = '\0'; >> >> Which IMHO is much more readable then what has landed >> now. But since v2 has already landed I guess the best >> thing is just to stick with what we have upstream now... > > Well, how about we do a delta patch with all the changes > you suggested? I'm all for readability. So I started doing this and notices that all the string manipulation + parsing done here is really just a DYI implementation of sysfs_match_string(). So I have prepared a patch to switch to sysfs_match_string(), which completely removes the need to make a copy of the val string. I'll submit the patch right after this email. Regards, Hans