Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp2476901lqz; Tue, 2 Apr 2024 21:11:10 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUrvK09dfXyCaeV8WyiiBmw8uFzsv0308gTDGqnT7v1BkA8glS+AQJJQyx76WwKAdK1wbBUalXBO3j1KEgJpAgs6WKJALVdB96R1kdM6Q== X-Google-Smtp-Source: AGHT+IGkxZu7loeiaDCUUO1bG9P4J82edbQLl8Ho5x1+KU81aTZ1WXTn7WZn/wrSmkLEGAia1Qjz X-Received: by 2002:ac2:59c5:0:b0:513:c61c:7331 with SMTP id x5-20020ac259c5000000b00513c61c7331mr2868694lfn.3.1712117470690; Tue, 02 Apr 2024 21:11:10 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712117470; cv=pass; d=google.com; s=arc-20160816; b=yMaTUW28VpZyerIDoaS1pT9/Z/vgNANzdNErXf/wnOrPBl/aURiTNFqdL2iLzC+3Z2 owEzZNiMvQNjTjSfMh/C6jzHpTacbyHjEZl9HdHBJKMKkSEfvEzQsazmkvhWslBKFUo1 5Zw/mWQWI3Um/S4pdXOBkyknEeOBLNB5V8rQMH8+Gjn208ZTS0UXgkccC2QexeeVNGaH XlzVZjv2I3dQnDKGEmkgeqbDKdAah4pd9xUD/yKaDXwx6SEMVZhjOUyiC/IILEBGnGLN NxTcG3VgK4HOYJgTz7N0YvnWvjPo9i4Jx+3qNefvs7bqhYRk5thSereMvKDXpy6pXN71 OemA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=R+XiKUARqKqISfiVbN9ezLEIlg8owR8T0AjFf0G6gjc=; fh=BsP4APYlin+feNR4D8xsZTvE9AWzFTq5CzIGVcUteWI=; b=WQNzZ0JVVUqlaoSyB/AErVV9qILZzgteqMuHAGFyrKQRMEWFBVwdabx608si7eFHYD 45CGhPAZ+lfh6T6p2UAYAnlniQ2i68/MCzSTFPQVPReRToJbLuD4oFSbRZmDr1yNeSqf GQpizY9KWKLJ8FvdgkOrrKlf4Bysakbu5DHKhCe6DrcV8M8tL7nWQnynKiZgWYj32rlx NuOQccvnmx/Z42/HdhgTNXqe5l3W5Wp9yXKVpIm09qsm+1evDPBAOGcTSAPH7bMuBIv3 gwjo8X/Ybd6abu2b0bJ+TR4ymZkCljr8XNkRFgsPLZD7c+llh7CXln2JcqkIbsvYWUuL RqkQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=A5cOOgqz; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-129026-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-129026-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id z19-20020a17090655d300b00a4e76d0a7dfsi2246866ejp.42.2024.04.02.21.11.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Apr 2024 21:11:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-129026-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=A5cOOgqz; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-129026-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-129026-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 3ACBE1F24915 for ; Wed, 3 Apr 2024 04:11:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 96BED43AC8; Wed, 3 Apr 2024 04:11:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="A5cOOgqz" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B3C8D5235; Wed, 3 Apr 2024 04:11:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712117461; cv=none; b=cjmCKAAwAq5ytihICiHlSslOFYLKnAOVz4KiXiR58ey0kG8KVN7tMiUvBwDU/vy80/NzwJY9nBFIBJBPY7cYWzujQs3mf6dHIQ6r39faMJGO7/m8m2Qp+W2/QgIVD5ln/8ppYL3n3TbkM37tre5OIxLnwbORntSQE3JtjWzHYMg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712117461; c=relaxed/simple; bh=H45nGWOPuI7LoZ/AO3xadw9naJQhXiS9zxu8lyEyAGo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=MK6AfZZByPIaEWYhnvS+50h4p6GFClencI2OnWHFYlcmHey0kT1FBZ9JMo6PEWLpDRc3pwC60Co+p05vb0NO5AgfBBNjq4OvE+tlRO5AiCd51dccgyb/xRZLIojAUQR+l5cJRlS+cM2KnhFHNfWM8HffaGf3tuOV1E70PiZC8nc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=A5cOOgqz; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4FE4EC433C7; Wed, 3 Apr 2024 04:11:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712117461; bh=H45nGWOPuI7LoZ/AO3xadw9naJQhXiS9zxu8lyEyAGo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=A5cOOgqzeZTVhgi+J8oKU2tClKmR5x98VGD13CodzcshhKAaajlI32qkosA+Zvo+0 hjYwnbZHxBKvvnzlpyLYZulzfkFXUAObJET/dzoBoYlgkJdA9UXtHuszyaIRqH73F3 lbp51pNxqD9mzo9KzhGDbZkQMtJZOXrNu3E0ytM7tpsfpnv2vT2O6SecPElxfsjvto IcYIOOr3o6MTH3Z4kJsAb0oZG4Rlup22z9dIiUE2U0UcN56FTaOAp1cYhXaTjtTKoq JeWjmfkmZ0/HKejqEt+tE8N9lFz81xpMmjMygCnh1wI9SHYbvJx0od8wHqX7VA00g3 PENqr2YBcIh7A== Date: Tue, 2 Apr 2024 21:11:00 -0700 From: "Darrick J. Wong" To: Justin Stitt Cc: Chandan Babu R , linux-xfs@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] xfs: cleanup deprecated uses of strncpy Message-ID: <20240403041100.GQ6390@frogsfrogsfrogs> References: <20240401-strncpy-fs-xfs-xfs_ioctl-c-v1-1-02b9feb1989b@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240401-strncpy-fs-xfs-xfs_ioctl-c-v1-1-02b9feb1989b@google.com> On Mon, Apr 01, 2024 at 11:01:38PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > In xfs_ioctl.c: > The current code has taken care NUL-termination by memset()'ing @label. > This is followed by a strncpy() to perform the string copy. > > Use strscpy_pad() to get both 1) NUL-termination and 2) NUL-padding > which may be needed as this is copied out to userspace. > > Note that this patch uses the new 2-argument version of strscpy_pad > introduced in Commit e6584c3964f2f ("string: Allow 2-argument > strscpy()"). > > In xfs_xattr.c: > There's a lot of manual memory management to get a prefix and name into > a string. Let's use an easier to understand and more robust interface in > scnprintf() to accomplish the same task. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt > --- > Note: build-tested only. fstested would be better. ;) Anyway I guess that looks ok so let's find out: Reviewed-by: Darrick J. Wong --D > > Found with: $ rg "strncpy\(" > --- > fs/xfs/xfs_ioctl.c | 4 +--- > fs/xfs/xfs_xattr.c | 6 +----- > 2 files changed, 2 insertions(+), 8 deletions(-) > > diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c > index d0e2cec6210d..abef9707a433 100644 > --- a/fs/xfs/xfs_ioctl.c > +++ b/fs/xfs/xfs_ioctl.c > @@ -1755,10 +1755,8 @@ xfs_ioc_getlabel( > /* Paranoia */ > BUILD_BUG_ON(sizeof(sbp->sb_fname) > FSLABEL_MAX); > > - /* 1 larger than sb_fname, so this ensures a trailing NUL char */ > - memset(label, 0, sizeof(label)); > spin_lock(&mp->m_sb_lock); > - strncpy(label, sbp->sb_fname, XFSLABEL_MAX); > + strscpy_pad(label, sbp->sb_fname); > spin_unlock(&mp->m_sb_lock); > > if (copy_to_user(user_label, label, sizeof(label))) > diff --git a/fs/xfs/xfs_xattr.c b/fs/xfs/xfs_xattr.c > index 364104e1b38a..b9256988830f 100644 > --- a/fs/xfs/xfs_xattr.c > +++ b/fs/xfs/xfs_xattr.c > @@ -220,11 +220,7 @@ __xfs_xattr_put_listent( > return; > } > offset = context->buffer + context->count; > - memcpy(offset, prefix, prefix_len); > - offset += prefix_len; > - strncpy(offset, (char *)name, namelen); /* real name */ > - offset += namelen; > - *offset = '\0'; > + scnprintf(offset, prefix_len + namelen + 1, "%s%s", prefix, name); > > compute_size: > context->count += prefix_len + namelen + 1; > > --- > base-commit: 928a87efa42302a23bb9554be081a28058495f22 > change-id: 20240401-strncpy-fs-xfs-xfs_ioctl-c-8af7a895bff0 > > Best regards, > -- > Justin Stitt > >