Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp4582571rdb; Fri, 15 Sep 2023 06:41:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHH3sWMWFXrxHHrCo8++Ey9Y2Beg2LsdJoIeNIbMSWVD5yya/De0iG3eCvoidrDqFi0ZRZb X-Received: by 2002:a17:903:2582:b0:1c0:7bac:13d4 with SMTP id jb2-20020a170903258200b001c07bac13d4mr1274924plb.65.1694785276748; Fri, 15 Sep 2023 06:41:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694785276; cv=none; d=google.com; s=arc-20160816; b=rCEOxhRtHzOx5KsMNyrmwmc/Ep51bdnt3XYLUKJp8w4qyiCNJZg6DHF3Axoa1MGyoZ 2TME4oG1qjxuJiQbEIM+zsyYwaPtH3rdXkI4xmDUXFLuGH9LBGTpG4xeO5v2+TDBuKkC Wk781qGcEXoD6JBPwei0oY6/6W008Mnl0TtLNt5/B9IsTq1JdU4+VR5gIYxDPl+GHgya RV5fG9ONkeSLh4jQycb3tnEnbNqeWmXBBCzAqfXQpmPW7RjlkUwSh6EIyhM2SrLfw7rG eh52/Yx1Ts5oVJ8dsGJUBF7X2dFtOXBXF0w2qs9mpxOMJ3vbIY2GcBaNUyVVYBrzKNiZ KBtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=ToW+0xnZZSn2haYogSaseRbGCEN/c/VaxynOQEBf2ck=; fh=3J3Wkzbt4WQA5fhwnSchs5VsxmCpWnuq0iumN/ssPas=; b=PdT4EcuyiABVRkUAxhKBsRfrzS+v8gGiVpjM5o7UMh/P+I7K2G3a6NnsGkFnU0u2i5 P1SlQzBDL/Iya+aqzhyM5m5uXaF4x4mgSbP9q5nvtwN3y74ktjhOHVBHBVjf29T9LT5X 0CfdEpAZGnH9+7dWUBvuuwc92OX0v92d8vzr+D3cfx9vhLqO3uXzPqDrWyuUYIHucRiW B0NEbnzO820h+UcDOMxN8Aw6S6yenIqhAgqkNHP8zessaxmGOrdeJJ3a+IXfkzHzGinz W3Lfj0TwNpuMWU7Jk/I6tsUs2mrcokGLN5WeYNif4YKoKkG8S6XV0c5N486DY6kXwshb sscw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Bps9Vp7z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id o13-20020a170902778d00b001bc52116351si3405915pll.70.2023.09.15.06.41.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Sep 2023 06:41:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Bps9Vp7z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 37EC58374D85; Thu, 14 Sep 2023 21:54:57 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229593AbjIOEyx (ORCPT + 99 others); Fri, 15 Sep 2023 00:54:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229554AbjIOEyv (ORCPT ); Fri, 15 Sep 2023 00:54:51 -0400 Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62330270E for ; Thu, 14 Sep 2023 21:54:46 -0700 (PDT) Received: by mail-pl1-x62c.google.com with SMTP id d9443c01a7336-1c337aeefbdso16051035ad.0 for ; Thu, 14 Sep 2023 21:54:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1694753686; x=1695358486; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=ToW+0xnZZSn2haYogSaseRbGCEN/c/VaxynOQEBf2ck=; b=Bps9Vp7zhomDOUgRGJNGFjVjFWTEXCpNHObgBwzUaPcu7Dbxyv0P0h2UqxROoDopiU sfrWwYWPupob+koUj6QJiKqGh5jzWx7pJLNprx6/Rz/qKZnAo2nFwGw+CnnKrYUrHQj7 qzQAuWf1Jex9927dxBEeDRFZQznXsGsjBwaGo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694753686; x=1695358486; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ToW+0xnZZSn2haYogSaseRbGCEN/c/VaxynOQEBf2ck=; b=RvS1CdoVVHRigGvvjodQBpkXJu4m9nwDFURF5VLyr6kiSynj82kRGkgMPnHqyeYB1x wlAPXrPLUwGzIfMsHJl7DRYY46vZ1d/z5/4/je9SdOkMsmKPaKqLeMaZNZ2LPJJBYNkR bgg76sDOlbcPFg11UcIQbIDaoXnW2ajS8qoCKevJByajkdf5cIMCkI3HEaYsmqR/+RcV um5yYKtj0TiizsDepPqzYKr/WFueOfibg5GAC5Mjc0a2DM3udbF7gz68KlWDsSr/wa+0 VSebFkLO5Ln3GOWcXtC8D4vT1+tm7JCf0bVRNTt0mAeTZwPZWCW6G9FKmCIUlQAw5SFh Ut9Q== X-Gm-Message-State: AOJu0YwEydWbduwS5Rlghvq6ai+a8IzqbQsqmjQ6cVXVbKtmgj7YwsTK nSwLYPy9JzRzMCwa/VHdlcfPeQ== X-Received: by 2002:a17:903:2447:b0:1c3:a396:25ae with SMTP id l7-20020a170903244700b001c3a39625aemr647937pls.56.1694753685862; Thu, 14 Sep 2023 21:54:45 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id q23-20020a170902789700b001b8a3dd5a4asm2425048pll.283.2023.09.14.21.54.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 21:54:45 -0700 (PDT) Date: Thu, 14 Sep 2023 21:54:44 -0700 From: Kees Cook To: Justin Stitt Cc: Ben Skeggs , Karol Herbst , Lyude Paul , David Airlie , Daniel Vetter , dri-devel@lists.freedesktop.org, nouveau@lists.freedesktop.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] drm/nouveau/nvif: refactor deprecated strncpy Message-ID: <202309142139.1C068523@keescook> References: <20230914-strncpy-drivers-gpu-drm-nouveau-nvif-client-c-v1-1-dc3b3719fcb4@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230914-strncpy-drivers-gpu-drm-nouveau-nvif-client-c-v1-1-dc3b3719fcb4@google.com> X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 14 Sep 2023 21:54:57 -0700 (PDT) On Thu, Sep 14, 2023 at 09:30:37PM +0000, Justin Stitt wrote: > `strncpy` is deprecated and as such we should prefer more robust and > less ambiguous string interfaces. > > A suitable replacement is `strscpy_pad` due to the fact that it > guarantees NUL-termination on the destination buffer whilst also > maintaining the NUL-padding behavior that `strncpy` provides. I am not > sure whether NUL-padding is strictly needed but I see in > `nvif_object_ctor()` args is memcpy'd elsewhere so I figured we'd keep > the same functionality. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt > --- > Note: build-tested only. > --- > drivers/gpu/drm/nouveau/nvif/client.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/nouveau/nvif/client.c b/drivers/gpu/drm/nouveau/nvif/client.c > index a3264a0e933a..3a27245f467f 100644 > --- a/drivers/gpu/drm/nouveau/nvif/client.c > +++ b/drivers/gpu/drm/nouveau/nvif/client.c > @@ -69,7 +69,7 @@ nvif_client_ctor(struct nvif_client *parent, const char *name, u64 device, > } nop = {}; > int ret; > > - strncpy(args.name, name, sizeof(args.name)); > + strscpy_pad(args.name, name, sizeof(args.name)); > ret = nvif_object_ctor(parent != client ? &parent->object : NULL, > name ? name : "nvifClient", 0, > NVIF_CLASS_CLIENT, &args, sizeof(args), Right, I see the memcpy too: nvif_object_ctor(struct nvif_object *parent, const char *name, u32 handle, s32 oclass, void *data, u32 size, struct nvif_object *object) { ... memcpy(args->new.data, data, size); However, "args" is already zeroed: struct nvif_client_v0 args = { .device = device }; So there's no need for _pad(). However, I couldn't immediatley see why args.name must be %NUL terminated. It's ultimately passed through an ioctl: return client->driver->ioctl(client->object.priv, data, size, hack); But I did find it... args is: struct nvif_client_v0 { ... char name[32]; }; And "name" only ever comes through nvif_client_ctor(), which all end up via here, using "cli": struct nouveau_cli { ... char name[32]; ... snprintf(cli->name, sizeof(cli->name), "%s", sname); ... ret = nvif_client_ctor(&drm->master.base, cli->name, device, &cli->base); So we'll always be %NUL terminated. Therefore, yes, conversion looks good: Reviewed-by: Kees Cook Thanks! -Kees > > --- > base-commit: 3669558bdf354cd352be955ef2764cde6a9bf5ec > change-id: 20230914-strncpy-drivers-gpu-drm-nouveau-nvif-client-c-82b023c36953 > > Best regards, > -- > Justin Stitt > -- Kees Cook