Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp2780400lqz; Wed, 3 Apr 2024 08:24:53 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVTikv3TMuvRH/7uPrxkUCCTLeAZelJxn/3ndQfpNDx8s0EaQUcnfK1C1+k4xLJ6lAnKQAeXkeKD4lvLjU6rr+CpHAXPnAi/SmeCWkgdA== X-Google-Smtp-Source: AGHT+IGRoepnJ3xCJpPi010hD9PNqCZ4F7c2PLBuTbWT9BbBPmN/R3x3Y5JI/GWuXsYq2b+8GBqE X-Received: by 2002:a17:903:44b:b0:1e2:6423:c999 with SMTP id iw11-20020a170903044b00b001e26423c999mr2146351plb.65.1712157893557; Wed, 03 Apr 2024 08:24:53 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712157893; cv=pass; d=google.com; s=arc-20160816; b=tlAza+TTWrxFIUA2EnOoCtj6DuHstx+MXikRlS5grquZW6VKq8TZhdT5UfPhzP2GYP SVlc9D8ZeTow+8N8Sb+BuvsdBMKCKaZllEZ/RC/byLQNmIkwJ5DYRXKrGg76Za5v9MOp CH8KGn4C2jFbod5dKlcjLJLuvjhISZ8tNhwOLzyXzFJFuiHa7yfqwPMaGEoIHXUzFEzV iL32X5nnwXn0y3ILlTGhS8p+J4AuyTiQvZgEj/k8YVTmj4OZyUBwcYftwdj1A1srOaXC 3hyTqK/MV+Ut9uzORd09eiB5cDHtmuBaCrLlicWv78iYjgpxrvkdklDWGaaXXobB+tWA GWqA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=9pVtSJ44xOIUG48fskQmP0c+CrYiusBg1BPFjxUy9dY=; fh=orgCFtImf26WqhKDiFA1998hUptF0kLmZTFfKoXg8+U=; b=DiUPwv0gWP5PUXyEGO+mYICfUTN1MRHGNiiObUSTYnYZKOTautjeJgL0BZl/GY/TqY dKDxLUBohSVAhNa9xIOVjJln1btds1oiTnVxHydxcFY9bCNwWkU3bomw8f9I2wjNQrCP WNh0FxmmjQXA0FcwWI/OOCiK64gw/s129eWMYknybWoe9aAcjiyFAK7yIASnIO5Qx58e QcB3Owue9VYenPYn0TJKV+W3ox4bkWOVnu9tD+Q603pas4Dg8EWQoIhP1+UW7GxpwKip 7y41/Ig2zUN4rfC2MNvE6gTr/95mBqYPKdegzHArIV5cC0djFgjtrSsR54YbscLrRmWQ 0PQg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@iogearbox.net header.s=default2302 header.b=jIpGFAap; arc=pass (i=1 spf=pass spfdomain=iogearbox.net dkim=pass dkdomain=iogearbox.net dmarc=pass fromdomain=iogearbox.net); spf=pass (google.com: domain of linux-kernel+bounces-130008-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-130008-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=iogearbox.net Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id k10-20020a170902ce0a00b001e240c1d118si9661231plg.266.2024.04.03.08.24.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Apr 2024 08:24:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-130008-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@iogearbox.net header.s=default2302 header.b=jIpGFAap; arc=pass (i=1 spf=pass spfdomain=iogearbox.net dkim=pass dkdomain=iogearbox.net dmarc=pass fromdomain=iogearbox.net); spf=pass (google.com: domain of linux-kernel+bounces-130008-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-130008-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=iogearbox.net Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 8DECFB2A082 for ; Wed, 3 Apr 2024 14:55:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B0F041494C2; Wed, 3 Apr 2024 14:55:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="jIpGFAap" Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 06B3A5CDC9; Wed, 3 Apr 2024 14:55:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.133.104.62 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712156111; cv=none; b=MrC0lzDv4+nR9Jy9jaerILBmD3pxYeGkz3MK2sApuKDdLO50Eg3ikO6CJU52i+FNhot4Iq7zHtnCfvdtaUq7fi6lcwD8g/r02IMBENDzNKrEoRaNtfWRGsRgjaZ9gLbOzQc68mCVcOlA24EFE+2VvRG+i7AELTUiUlo65Do31xs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712156111; c=relaxed/simple; bh=9kQ/LYVoCJX5B8ktIxgmV8Sg3jd1h969aqDlA5UHmXg=; h=Subject:To:Cc:References:From:Message-ID:Date:MIME-Version: In-Reply-To:Content-Type; b=kgfL2jAuevjBMPDX6o+PD4A20N5bocCSaNi9soGfQP4TFbM9HPt2RPUTsc6JPG22OJJ1EAoLLwyENMVjjv7oAkD4KCS0dBXLkbiaDCUO5Eo8rtHSU7dR60SaxRsIIKClxTst6eTeQ2qFbLEPw50H93+nEsynk0gtOqdjigcnC7Y= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net; spf=pass smtp.mailfrom=iogearbox.net; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b=jIpGFAap; arc=none smtp.client-ip=213.133.104.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=9pVtSJ44xOIUG48fskQmP0c+CrYiusBg1BPFjxUy9dY=; b=jIpGFAapFCUN02RNfLFiWVKy35 Nx2oLc0g6e8m9/AUdvt+Vagvd+ovgBM69W1NuGYB+AGsJSd+ECYN5/+xjwx33W5gNh6Xf9LaUgQ6K 57JrRud/zBvtFlB3JXAYpzrA+zBiugwrU7XWeNhyaayYBUD8JSRoYTzukmaqEo4L/SRNJ2i96mL+L KCqBKih404TwHKdY+nBQAj5zU31iMHnWKEG++s3ToQ1eaorswU33TUx905LRIT0zUemxLtnN6LqqB FwfV4gyAJOE9dWlZ7BF89hzSC3x+nQ1W0oyF9bRhK3uthd53/P6G5p/zS8uNbKJ99LC8EK7aWJvYv +rpmNtcw==; Received: from sslproxy01.your-server.de ([78.46.139.224]) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rs210-0000Cf-G6; Wed, 03 Apr 2024 16:55:02 +0200 Received: from [178.197.248.12] (helo=linux.home) by sslproxy01.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1rs20z-00037x-3A; Wed, 03 Apr 2024 16:55:01 +0200 Subject: Re: [PATCH] bpf: replace deprecated strncpy with strscpy To: Ratheesh Kannoth , Justin Stitt Cc: Alexei Starovoitov , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Nathan Chancellor , Nick Desaulniers , Bill Wendling , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org References: <20240402-strncpy-kernel-bpf-core-c-v1-1-7cb07a426e78@google.com> <20240403030642.GA1652044@maili.marvell.com> From: Daniel Borkmann Message-ID: <5998a7da-9e61-1852-8281-aee919468953@iogearbox.net> Date: Wed, 3 Apr 2024 16:55:00 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In-Reply-To: <20240403030642.GA1652044@maili.marvell.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.10/27234/Wed Apr 3 10:25:27 2024) On 4/3/24 5:06 AM, Ratheesh Kannoth wrote: > On 2024-04-03 at 05:22:50, Justin Stitt (justinstitt@google.com) wrote: >> strncpy() is deprecated for use on NUL-terminated destination strings >> [1] and as such we should prefer more robust and less ambiguous string >> interfaces. >> >> bpf sym names get looked up and compared/cleaned with various string >> apis. This suggests they need to be NUL-terminated (strncpy() suggests >> this but does not guarantee it). >> >> | static int compare_symbol_name(const char *name, char *namebuf) >> | { >> | cleanup_symbol_name(namebuf); >> | return strcmp(name, namebuf); >> | } >> >> | static void cleanup_symbol_name(char *s) >> | { >> | ... >> | res = strstr(s, ".llvm."); >> | ... >> | } >> >> Use strscpy() as this method guarantees NUL-termination on the >> destination buffer. >> >> This patch also replaces two uses of strncpy() used in log.c. These are >> simple replacements as postfix has been zero-initialized on the stack >> and has source arguments with a size less than the destination's size. >> >> Note that this patch uses the new 2-argument version of strscpy >> introduced in Commit e6584c3964f2f ("string: Allow 2-argument >> strscpy()"). >> >> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] >> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] >> Link: https://github.com/KSPP/linux/issues/90 >> Cc: linux-hardening@vger.kernel.org >> Signed-off-by: Justin Stitt >> --- >> Note: build-tested only. >> >> Found with: $ rg "strncpy\(" >> --- >> kernel/bpf/core.c | 4 ++-- >> kernel/bpf/log.c | 4 ++-- >> 2 files changed, 4 insertions(+), 4 deletions(-) >> >> diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c >> index 696bc55de8e8..8c9078f4549c 100644 >> --- a/kernel/bpf/core.c >> +++ b/kernel/bpf/core.c >> @@ -747,7 +747,7 @@ const char *__bpf_address_lookup(unsigned long addr, unsigned long *size, >> unsigned long symbol_start = ksym->start; >> unsigned long symbol_end = ksym->end; >> >> - strncpy(sym, ksym->name, KSYM_NAME_LEN); >> + strscpy(sym, ksym->name, KSYM_NAME_LEN); > You dont have to check return value of strscpy for errors ? That would be overkill, it can be easily audited that both pointers are of size KSYM_NAME_LEN, as is the count arg. Thanks, Daniel