Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp5384401rdb; Wed, 13 Dec 2023 07:16:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IF3fwXrPddbkattR9hK5Dw50r2oACOfZvfQb+vwVrb20I2occSTjJYuX4mPU0HzlMr5qEKF X-Received: by 2002:a17:903:26c2:b0:1d0:6ffd:e2e0 with SMTP id jg2-20020a17090326c200b001d06ffde2e0mr7680471plb.122.1702480588466; Wed, 13 Dec 2023 07:16:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702480588; cv=none; d=google.com; s=arc-20160816; b=c+e8p6jK2eB0j1WJUpQkR7tXcME9b9BNNARYsO2qjRwaQZvNUQ2K3yHUY7rXuycjon 5nzRlTenP+Js0mETe8lXISpPcWtPwYiYToA7kw+bt5saRWcnYPulW9Mar39Bpc4xRMrg fN9WWrvMAf53UDHpzJCapQoha3nhhezJE1IfhJQmwpdueQgE2umjsVtB8Ge7lb7EvPIq 4WUOMjvXSMi23VHp2wPgzAM6AM0YerXXqnzGSCzl9FriEeDGd+oOabTfLkbl7/mu+/Cg WQN5gT3bcI6RBRV9wqAzAGkJXly+g/rxsJeFRzR3f0sAwV2CLFfaxz6QdZQAYMFPYjWP mDPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version:date :message-id:subject:references:in-reply-to:cc:to:from:dkim-signature; bh=uewgFUrXAkDfEjDIhgFTikSg31fgOKfkxWQH0ytJjl4=; fh=l7P6WC9GR2n4a3ckqFGxYejE+5FDvXpM84+7K+o/WtY=; b=fLdPeN0y9Eo2COARwnMdnqDDdDlfpTusnIjJMrh6jQrcUb+hfP5T9/XHnn2M+U+QQj yWSreu7UVKVXMSt894NfebjwCHJZv9E3jGEPfSdR5i0ifnQPC8jdFXm8Rr+YW0cWjEXX nK1jf8frCBy2Lq+hJnXLMZjsQ4TDhAjXYTOxZXuzfhIpxtANH6RiG2wRcB8G0SDxp6/7 RgkmIYgMpQDRNcGpnHo035bS6ZF3freSCeFEMR0BZts08kyZkIW2wypiWAV2Yw1mJQ8j u4KYkFacZ2YvBvUFmYfNvqJmMk36ILoalBvik7MlHmiPPDIFU7rnJow3pAizVCm1rvIc 22OQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel-dk.20230601.gappssmtp.com header.s=20230601 header.b=LMfx12+b; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id e13-20020a170902d38d00b001ce663d7930si9688829pld.47.2023.12.13.07.16.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Dec 2023 07:16:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel-dk.20230601.gappssmtp.com header.s=20230601 header.b=LMfx12+b; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id A9BCC822B732; Wed, 13 Dec 2023 07:16:25 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1442459AbjLMPQH (ORCPT + 99 others); Wed, 13 Dec 2023 10:16:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56298 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1442261AbjLMPQF (ORCPT ); Wed, 13 Dec 2023 10:16:05 -0500 Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AF7A9EA for ; Wed, 13 Dec 2023 07:16:10 -0800 (PST) Received: by mail-io1-xd2c.google.com with SMTP id ca18e2360f4ac-7b7684f0fe4so21835039f.1 for ; Wed, 13 Dec 2023 07:16:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20230601.gappssmtp.com; s=20230601; t=1702480570; x=1703085370; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:date:message-id:subject :references:in-reply-to:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uewgFUrXAkDfEjDIhgFTikSg31fgOKfkxWQH0ytJjl4=; b=LMfx12+blqVRXs1RTPceZjYGi0Y12pCJsyzNFZ8NbZZZJWx1dTMucYFpF0MXtlGeoX akiU7e6KtOhSDiJqHCnK0WZ5WrQK1UF95SbP2Njdoppn/2e9rf6I+7fp81znvDM/ttiY 7GXxscAumf0ZsN8+8yOoHCA9nYSstxGeNR3h8FVZCVyJ5E8i9Kmb1thEt8HJWWZUqECD C+FKTTuS7+HzZrqg/pBjT5dH/npWaLT86zcS+E9cbzDHrNtHnH0+v0y6rEfOtakp5vH+ SxlEYWT9bQ9Vql9uCFnH6oOa6a5NB1pCJV1/awZGxwpDzoACwvqhBqPMOaxWl1vFccGn Q4ZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702480570; x=1703085370; h=content-transfer-encoding:mime-version:date:message-id:subject :references:in-reply-to:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uewgFUrXAkDfEjDIhgFTikSg31fgOKfkxWQH0ytJjl4=; b=lxnvQQVuO7b7YFm8L4kojtvRN4ls+lxQ2nbWXziuOTgITU5bT9JzpzWp5rzQGjVYug K1aFyo7hrSCwNGOLZeywgtqjYt/rPoeXuBW80PkROY1o2ofhpXBi7brYqCwVx2EiouB/ OtyGIc6tEPV3ri/GKzHQeeCEafSSFyUTS3u+lUwjo58opWdAGtxoYFzYqBsCOlwdpLlO 2Ql+Cj9FZwkt/v/AjHnehbQCSU9rLW8jAjWS4SUhNQRCQihMWX5x6IumtbzNWrzGedpl YL2FJ1bRoBYAvvsywlaSi9gZXszHt3HaccGb3B28t+J+Hsug0cgA7s7xHWQPWiY1uqZL cWkQ== X-Gm-Message-State: AOJu0YwejweVB2M8/E3mjyA6SGLCGhZayodAW6LkfsW3tX0xRaFyCPnb iV+8dmMEMBMDVSgo3d8Ocmf56g== X-Received: by 2002:a6b:a0d:0:b0:7b6:f0b4:92aa with SMTP id z13-20020a6b0a0d000000b007b6f0b492aamr14346479ioi.0.1702480570069; Wed, 13 Dec 2023 07:16:10 -0800 (PST) Received: from [127.0.0.1] ([96.43.243.2]) by smtp.gmail.com with ESMTPSA id d7-20020a028587000000b00469297cbf72sm2990832jai.153.2023.12.13.07.16.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Dec 2023 07:16:09 -0800 (PST) From: Jens Axboe To: "Md. Haris Iqbal" , Kees Cook Cc: kernel test robot , Jack Wang , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org In-Reply-To: <20231212214738.work.169-kees@kernel.org> References: <20231212214738.work.169-kees@kernel.org> Subject: Re: [PATCH] block/rnbd-srv: Check for unlikely string overflow Message-Id: <170248056905.41187.18405305753131685807.b4-ty@kernel.dk> Date: Wed, 13 Dec 2023 08:16:09 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Mailer: b4 0.13-dev-7edf1 X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 13 Dec 2023 07:16:25 -0800 (PST) On Tue, 12 Dec 2023 13:47:42 -0800, Kees Cook wrote: > Since "dev_search_path" can technically be as large as PATH_MAX, > there was a risk of truncation when copying it and a second string > into "full_path" since it was also PATH_MAX sized. The W=1 builds were > reporting this warning: > > drivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra': > drivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] > 616 | snprintf(full_path, PATH_MAX, "%s/%s", > | ^~ > In function 'rnbd_srv_get_full_path', > inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096 > 616 | snprintf(full_path, PATH_MAX, "%s/%s", > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 617 | dev_search_path, dev_name); > | ~~~~~~~~~~~~~~~~~~~~~~~~~~ > > [...] Applied, thanks! [1/1] block/rnbd-srv: Check for unlikely string overflow commit: 9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41 Best regards, -- Jens Axboe