Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp511157rdb; Thu, 21 Dec 2023 16:59:32 -0800 (PST) X-Google-Smtp-Source: AGHT+IEmGFM81QucTsAyfB6eAaBjLMWwRwioyBF+/Dj12OHLQ7VbCNk19eclwbU+5d5J6AHvww+n X-Received: by 2002:a05:6512:488c:b0:50e:3fdd:3697 with SMTP id eq12-20020a056512488c00b0050e3fdd3697mr226126lfb.119.1703206771798; Thu, 21 Dec 2023 16:59:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703206771; cv=none; d=google.com; s=arc-20160816; b=Mqf9Pe/bvxFmsYaItMU7sJtcLVeQz6cvSlT7nArLawq9OEqVfDusrSwSYOV5Hfo04g 9s+AAtY6o4DwcWptSoiPItSnZjC6kTpPncNT5tjPJ/OlUmgawrTqY11DBwOv84ge1cnO A+TBf5304qwnfPzPVXNSled35S2edQpqdguTOIvB365yiyx4ui+xmeVBrvfjSi3O50h/ 7Z35O2//93+weFVOImUiQeU+FA3THhj0TfQBiUqz3zutgpmjlwUrJdz+zW1PRFlSCBT9 D2D6LubZcb72fnTzUU9vHI2Gif8S4hsxCea9NFNCWku2ddJ/rgzB8WSfSlrA/pHWGLHT 9P5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:sender:dkim-signature; bh=lVcecegkpcKWOfoP3TqRfCqH3BZgHO5QSokYLXJOZiw=; fh=qljwitwXABTgICN3+wRFIV9ZbJ5Jh7ICRrXkZPKfN7k=; b=fHIxT7BX9b6AVMNTsKya7y7TXw56BTj5ksVQU5LaezRK6tTAVdRYinclkMqOYRWMNC dx1QhSODGLghbuqSUVtQti4Eoh8xmA1p/wSDM8GMlhSjMEYn9jHZ+FZAxM8zXgLEBeJ+ 4kiBaO1O3X54QQUvhUrjdEdJIt3UcS8zWsaTZAzP2OXDSIL6+Zn6A+M8KIJ6TFQsx83G /U3DL2u6Zty4pzkpNpTjf9dUtpkm505f/QtyVsAO3h0KWy3kCk0+MmzYYtiHP8QpNSYr Aem8NADKWhLs+enm02TsacpUirRTLEgddE1rrHLjfDy13VxGYEEEiM+dWdL2ETpEyFeT PtWA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fNcjM1pE; spf=pass (google.com: domain of linux-kernel+bounces-9222-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-9222-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id m5-20020a056402430500b0055404aa7d88si1419833edc.164.2023.12.21.16.59.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 16:59:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-9222-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fNcjM1pE; spf=pass (google.com: domain of linux-kernel+bounces-9222-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-9222-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 8B5C21F250ED for ; Fri, 22 Dec 2023 00:59:31 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id ECFC81361; Fri, 22 Dec 2023 00:59:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="fNcjM1pE" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-il1-f179.google.com (mail-il1-f179.google.com [209.85.166.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D268BA23; Fri, 22 Dec 2023 00:59:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-il1-f179.google.com with SMTP id e9e14a558f8ab-35fc5f0f9c0so5639375ab.0; Thu, 21 Dec 2023 16:59:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703206757; x=1703811557; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:from:to:cc:subject:date:message-id :reply-to; bh=lVcecegkpcKWOfoP3TqRfCqH3BZgHO5QSokYLXJOZiw=; b=fNcjM1pEFh9L9r1ZTYuobn9TUlV0utIhiB8DBlueOMKgG0pw3XwVvjkKuU8Mu74XEQ ekRI7NPqjfU/GSQ5J1fMnEvNz8DpVVkaVt0ZZ1qIEqVVkBhlDd+JLakL3oegzixa4Fyn 11HHeVW2tE539qVo4F4eEjh/C0QD2m4/4BWN0GYy5R94dTud94KFQ3y3m9M6D9/Q7MRm oC/uNwx92jBfXwDd14A/J+gNAeC2uEusfS0aucjlPDZcAt+eJj87DmBIKLTLTvntsDkE Y+yOXEECsjR3ezf6cd9TptIVqAPyOiSP4ji4dF7P89imhDEZynriU+Q3Ki4itYbQoigb iNvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703206757; x=1703811557; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lVcecegkpcKWOfoP3TqRfCqH3BZgHO5QSokYLXJOZiw=; b=CBC00gvT5FD4QAUt6C13+igE5Rh/WN0jFlAaCvZDqfcFUX4H7CPOeET4vlCWRh9SJM fruAHknQUXsApmtyKyah5EjAIxhOoQwVE/aT2i3OenzDGt7xLCrciKCx2T+hgVu3cBrz eFJIYxgzxvHFDzC3wVQfr2s0X6AMVo/MsSZwjfu18+bqEnR3L5f5I3c/Wn32N6XAovDp jlEVwDRiJR3HvR3t6d9ShGIJKxWG+Vq+HE84Px3JR12Nm7IidIoQ8tJWGYc5xy8AbnjL AjjTHnlkZ9D36nHW0G6ns5bUfsna66bDQJ9xYhQNKu3ddTe33rqaL3GDWgDSVd5OuF9G L/WA== X-Gm-Message-State: AOJu0Yx6EwrXE2xlqphK1SAdwcVkNeKfKzIAYV2qtLi4ohHLRAD96vjx ZYVXPQNsGSc2K7EIzRjU1uM= X-Received: by 2002:a05:6e02:3489:b0:35f:c4c5:91e8 with SMTP id bp9-20020a056e02348900b0035fc4c591e8mr716996ilb.60.1703206756743; Thu, 21 Dec 2023 16:59:16 -0800 (PST) Received: from localhost ([121.167.227.144]) by smtp.gmail.com with ESMTPSA id x8-20020a170902a38800b001d3e9937d92sm2306646pla.51.2023.12.21.16.59.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 16:59:14 -0800 (PST) Sender: Tejun Heo Date: Fri, 22 Dec 2023 09:59:12 +0900 From: Tejun Heo To: Kees Cook Cc: Greg Kroah-Hartman , Azeem Shaikh , Zefan Li , Johannes Weiner , Waiman Long , Christophe JAILLET , linux-kernel@vger.kernel.org, cgroups@vger.kernel.org, bpf@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH v3 2/3] kernfs: Convert kernfs_name_locked() from strlcpy() to strscpy() Message-ID: References: <20231212211606.make.155-kees@kernel.org> <20231212211741.164376-2-keescook@chromium.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231212211741.164376-2-keescook@chromium.org> On Tue, Dec 12, 2023 at 01:17:39PM -0800, Kees Cook wrote: > strlcpy() reads the entire source buffer first. This read may exceed > the destination size limit. This is both inefficient and can lead > to linear read overflows if a source string is not NUL-terminated[1]. > Additionally, it returns the size of the source string, not the > resulting size of the destination string. In an effort to remove strlcpy() > completely[2], replace strlcpy() here with strscpy(). > > Nothing actually checks the return value coming from kernfs_name_locked(), > so this has no impact on error paths. The caller hierarchy is: > > kernfs_name_locked() > kernfs_name() > pr_cont_kernfs_name() > return value ignored > cgroup_name() > current_css_set_cg_links_read() > return value ignored > print_page_owner_memcg() > return value ignored > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [1] > Link: https://github.com/KSPP/linux/issues/89 [2] > Cc: Greg Kroah-Hartman > Cc: Tejun Heo > Cc: Azeem Shaikh > Link: https://lore.kernel.org/r/20231116192127.1558276-2-keescook@chromium.org > Signed-off-by: Kees Cook Acked-by: Tejun Heo Thanks. -- tejun