Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp519474rdb;
        Thu, 21 Dec 2023 17:19:27 -0800 (PST)
X-Google-Smtp-Source: AGHT+IG89GUgeCQI9Kx14RaKPSxmJ/7AyrNvSP4CYRwJXya1sSMyVX5/e7S4/2Neyy4lzh0eILmg
X-Received: by 2002:a17:90a:aa98:b0:28c:4ee:743e with SMTP id l24-20020a17090aaa9800b0028c04ee743emr741187pjq.28.1703207967007;
        Thu, 21 Dec 2023 17:19:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1703207966; cv=none;
        d=google.com; s=arc-20160816;
        b=GUgu2KGmNz2Gs3Xmk+PdEVkHA7i1GCFmw9+JlUsq6QO7WhxfwOYzw2KIhw6+E5jBdr
         a3qFr2UDW3VZfAu1+mRMA9gwB8ly6tcjxCeTHnjbWnuwzIDaNBNn7Px7B8HqlJOnFHUX
         3TjBfCMFtKyXFzH+BB2sCm5566BmhbtnO0Fhtpnuev+jtZHlTWi+MUfXa6WbBJ6selg5
         i7Nwmx8l7fZ0+cDNbGKT68Hb1IYEII/R8xJtOPksRjTtDVQxEpflaQiXs6WFKTymcbph
         QmFmnvrD3BUHfdS3dv8UlUl1GKuQl9WpcVyHLbVgjk2T8ZUMY6Es1NcGxo2/Vy+xAI2g
         InfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:sender:dkim-signature;
        bh=5M5AxMMQu0Viq3UcUmDsSmKqUHU9MnY6HuEjJ5YQdCY=;
        fh=KfLV19bQgvhlV3s/Xt+WARkCTzoDQz960CobR0y7dcE=;
        b=K4yt5U1KcljeF0RPDwDaRJIy9Y4l7OV937G3DhyKDtO9fxd2RhmnP5DB87EwYBUXK/
         A4MmOQhy5ysOSr2/nPIyXTOjeqXCWQ8YimtdGupZ9JeQucIhn/8AGEOTbcBn1VWzSsDl
         v1wuNOe4TsLZzzLBxML5wHzleFzJfAM5eLJiJBkSuGOEPFFVxDXE4fvbjTrp8MbAJWa8
         Sr02gojaMLvinLXDzaYGc2IdC2AP84Fi9ZR20MQm2a9W2zzkF96cDQiEW1rN4ZM3Mz87
         hGKOLJmzAuq4L470eno3uXnoNy6cCvVhHTc/RZnyHps+xcZOjIq7pTcNrjsTHBck9vJ6
         KzyQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=R7vUQImb;
       spf=pass (google.com: domain of linux-kernel+bounces-9233-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-9233-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-9233-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id i10-20020a17090a974a00b0028bc0991858si5191410pjw.165.2023.12.21.17.19.26
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 21 Dec 2023 17:19:26 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-9233-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=R7vUQImb;
       spf=pass (google.com: domain of linux-kernel+bounces-9233-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-9233-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id BF10E2846CA
	for <linux.lists.archive@gmail.com>; Fri, 22 Dec 2023 01:19:10 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 30243138A;
	Fri, 22 Dec 2023 01:19:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="R7vUQImb"
X-Original-To: linux-kernel@vger.kernel.org
Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 13062A31;
	Fri, 22 Dec 2023 01:19:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1d3ef33e68dso10083135ad.1;
        Thu, 21 Dec 2023 17:19:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1703207940; x=1703812740; darn=vger.kernel.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=5M5AxMMQu0Viq3UcUmDsSmKqUHU9MnY6HuEjJ5YQdCY=;
        b=R7vUQImbLUycPg6GsBRj317EkEtroZV+zuh4uFyFuFuTWjvlyLrT4aT5zjT1YMKLk2
         64cvH4w9PjLIFlsLiegiNf/zo83iJ7vljxl1ADLJ+Rwk4AcZGrvrPU4BINmZOSV2DZK2
         /q3XYIwlmKfUi9ZW0Y/DNXhfTvaenSRlhBlrXB+Ri3+DemR73T8J1eldZ30oRa1wdN/J
         yhMbpxfFQRYRG2/KpKg0qFrebzbHfVQIRgHFBH91HL26zAxeqPOSIyi5XQg4i0joqbAk
         i+iVd5ShUIe2A8exhpf3QhHDr6tGzj3BdOu1MKXhoTogyO/GwmsbFbDjDRhNdNP5eSG5
         gHGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703207940; x=1703812740;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:sender:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=5M5AxMMQu0Viq3UcUmDsSmKqUHU9MnY6HuEjJ5YQdCY=;
        b=NWzwcNxfcnc2PiXedSaFiRgoQXSzzlgwbJDYiTW8VckjjQHH+eZDFZwL/FSHCjJQKl
         tiEj5VvXG6cy/slgLQTq06jvlFSulr+rd9tnsRtd14Yr7UyVONz7jM9NFUgZ2rvElhbd
         Mut2MfsRuaFFG5t1FrWiF+N/2mk9X9xSFPIEbFfOA1mt/uQibJM2G5lB/q4we1ObsrUa
         nFVdHaMtRni8QS4lrlaYBKRn6RY81rB1p3c1ccCz5zX617ShdORk1DuTXYFDZP1O4XJX
         uorSsV2UCJ31n7UO/dOhr17KxtzWUoz0jvcpAcCgFMh1GsyY6n/7/kjutOK3nCcvmonT
         pBlA==
X-Gm-Message-State: AOJu0YwSEqTN7x6L04nHPEDAQoa4je8V3oc9apz5WkwPEj/gr2zCTDtZ
	kAdRW9oJg/Wn3N2TOcqFJno=
X-Received: by 2002:a17:903:228d:b0:1d3:ea4f:5e0f with SMTP id b13-20020a170903228d00b001d3ea4f5e0fmr758747plh.29.1703207940079;
        Thu, 21 Dec 2023 17:19:00 -0800 (PST)
Received: from localhost ([121.167.227.144])
        by smtp.gmail.com with ESMTPSA id g24-20020a170902fe1800b001cf59ad964asm2266239plj.140.2023.12.21.17.18.58
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 21 Dec 2023 17:18:59 -0800 (PST)
Sender: Tejun Heo <htejun@gmail.com>
Date: Fri, 22 Dec 2023 10:18:57 +0900
From: Tejun Heo <tj@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Zefan Li <lizefan.x@bytedance.com>,
	Johannes Weiner <hannes@cmpxchg.org>,
	Waiman Long <longman@redhat.com>, cgroups@vger.kernel.org,
	Azeem Shaikh <azeemshaikh38@gmail.com>,
	Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
	linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
	linux-hardening@vger.kernel.org
Subject: Re: [PATCH v3 3/3] kernfs: Convert kernfs_path_from_node_locked()
 from strlcpy() to strscpy()
Message-ID: <ZYTkAV-CE3ZslR7U@mtj.duckdns.org>
References: <20231212211606.make.155-kees@kernel.org>
 <20231212211741.164376-3-keescook@chromium.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20231212211741.164376-3-keescook@chromium.org>

Hello,

On Tue, Dec 12, 2023 at 01:17:40PM -0800, Kees Cook wrote:
...
> @@ -127,7 +127,7 @@ static struct kernfs_node *kernfs_common_ancestor(struct kernfs_node *a,
>   *
>   * [3] when @kn_to is %NULL result will be "(null)"
>   *
> - * Return: the length of the full path.  If the full length is equal to or
> + * Return: the length of the constructed path.  If the path would have been
>   * greater than @buflen, @buf contains the truncated path with the trailing
>   * '\0'.  On error, -errno is returned.
>   */
...
>  	/* Calculate how many bytes we need for the rest */

We probably should drop this comment.

>  	for (i = depth_to - 1; i >= 0; i--) {
>  		for (kn = kn_to, j = 0; j < i; j++)
>  			kn = kn->parent;
> -		len += strlcpy(buf + len, "/",
> -			       len < buflen ? buflen - len : 0);
> -		len += strlcpy(buf + len, kn->name,
> -			       len < buflen ? buflen - len : 0);
> +
> +		len += scnprintf(buf + len, buflen - len, "/%s", kn->name);

scnprintf doesn't return -E2BIG on overflow, right? It just returns the
truncated length, so the overflow behavior would be different depending on
where this function overflows, right? Not a huge problem but it may be
better to keep calling strscpy to keep things consistent?

> --- a/kernel/cgroup/cgroup.c
> +++ b/kernel/cgroup/cgroup.c
> @@ -1893,7 +1893,7 @@ int cgroup_show_path(struct seq_file *sf, struct kernfs_node *kf_node,
>  	len = kernfs_path_from_node(kf_node, ns_cgroup->kn, buf, PATH_MAX);
>  	spin_unlock_irq(&css_set_lock);
>  
> -	if (len >= PATH_MAX)
> +	if (len == -E2BIG)
>  		len = -ERANGE;

I'd just pass up -E2BIG.

>  	else if (len > 0) {
>  		seq_escape(sf, buf, " \t\n\\");
> @@ -6301,7 +6301,7 @@ int proc_cgroup_show(struct seq_file *m, struct pid_namespace *ns,
>  		if (cgroup_on_dfl(cgrp) || !(tsk->flags & PF_EXITING)) {
>  			retval = cgroup_path_ns_locked(cgrp, buf, PATH_MAX,
>  						current->nsproxy->cgroup_ns);
> -			if (retval >= PATH_MAX)
> +			if (retval == -E2BIG)
>  				retval = -ENAMETOOLONG;

Ditto.

> diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
> index 615daaf87f1f..fb29158ae825 100644
> --- a/kernel/cgroup/cpuset.c
> +++ b/kernel/cgroup/cpuset.c
> @@ -4941,7 +4941,7 @@ int proc_cpuset_show(struct seq_file *m, struct pid_namespace *ns,
>  	retval = cgroup_path_ns(css->cgroup, buf, PATH_MAX,
>  				current->nsproxy->cgroup_ns);
>  	css_put(css);
> -	if (retval >= PATH_MAX)
> +	if (retval == -E2BIG)

Ditto.

Thanks.

-- 
tejun