Received: by 2002:ab2:687:0:b0:1f4:6588:b3a7 with SMTP id s7csp40128lqe; Tue, 9 Apr 2024 13:49:02 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWxxEfIq3dKlheh0PpAt3CItkC3AhBLROhwlNjykcr0pA22TvmnpPpDQ02e9fJp+s1N0TwGdiXC2iCEGoc0+tl9ENW5zFFwYMpIKLHeQw== X-Google-Smtp-Source: AGHT+IEHbsmCZzmn8aAsN30xIhltoqTmyGtHu4r08Y/KizyR6LYjCfXPSRyXbH0AzqXSgQrvcxqj X-Received: by 2002:ad4:4eec:0:b0:699:2c32:d98c with SMTP id dv12-20020ad44eec000000b006992c32d98cmr803925qvb.56.1712695742528; Tue, 09 Apr 2024 13:49:02 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712695742; cv=pass; d=google.com; s=arc-20160816; b=ss48aRj8givlRQxTJWMiKvTfY7vD2V/H30j2cmH4Qb05VkMPGTJucPLe0xfPXQTQTA BGUGWPqvMUuFDyfpd+O+9LzAp/efwJbYBaJ4YqqJGhhwMIf+Pby2v10AtVBE0pLTGaIp NDGxe2daMSOclHV160KLwrbOiodc+iMjo2/VXrCljMobUrhOYBGFTlMbReIwKhgc1HS5 JA9+D2xQ/Cg4gxKgHtXtLBlNqZemRdb2MqjUoKWnodpMM59zTCxE0acb7v5vEW4vIOJo prj4ZcZJ9PcCD4kmk0Fq5lOnbcBRtGNNY7618HLtIEuXKYznMvSsthXOZU/UMebT9vHE wyPg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=r8FBvT4U9jWO7n57wctvYSnbs8wWD3G7D/bsJH6yrak=; fh=jHCpMPY79lngHGWkEZpLOEYojPKHgdYG3s64kewvrmM=; b=Tq+4HswEXFamjGdcY5ZV/DSXlrx8/5Ys03jIeTadB0a+Q6lmn5NPG0VHavbvRd0vwT 63gYEGUODLKRmwYIqbhAyqKBgrntCszGGyZog/sm/4mrNfvK3qt4IQKm76n0DWBi1Wij Jt5QWEca6BG2+jLp2n51zliiYOrn8v8Wz9BZUi/zyDN3olfPfEdfdx8uIcZ+nfFeF9PQ 4DlHPigi+LXSBzYPBNUhsQoTsztWg7e0hV2hHJMf99mCkGXxzm3jKsOqD9ouV/jvRwTF mcoGK/ZHe1pxnVpiOT0CLd049FYiG3n+Uirb+z6mH5vN+k3/sA5kNfIBfkiLH7aRDlaM uH6A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=dpznEsTK; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-137621-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-137621-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id g19-20020a0ce4d3000000b00696899b4a7csi11589910qvm.95.2024.04.09.13.49.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 13:49:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-137621-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=dpznEsTK; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-137621-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-137621-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 43C991C20C62 for ; Tue, 9 Apr 2024 20:49:02 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E4F4D158861; Tue, 9 Apr 2024 20:48:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="dpznEsTK" Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 632FB153BDD for ; Tue, 9 Apr 2024 20:48:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.52 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712695735; cv=none; b=hWMRY2LQxlVsve8NDzEXCNCKgl0i7IqBBUoycj5Xbtp5J+jOwTuzZwwioBP7nmDPZDFnCfWHfDe0uq7CiBEIZHAypyJLl6fg801AFF7bzuP3XXmwTbwOKs0Dn5x53Bz1J0geZR7RD/RMhmwXiB48sAE9vGRoxB8+C2euyroAn/w= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712695735; c=relaxed/simple; bh=AkzPRwIJ73o3QRSvWCo1z6HvR+da50xyrwDb6AgOtP0=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=CHRzH/jSO/86TC0yxbCZ0BkvT5xsJ6b8TADSNe03yXDA4jhu6dYASf2jqOK43D54F5q4K6nrLItjUGpTA6pFaLrwCAuyw3gHa1NM8t8lJZfM4CnwjJXnwPqRFv9Z0s6FQUbIJ3cxJKbPC/1qffdNepKyjXLN5VO2AEvH1SdkO1M= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=dpznEsTK; arc=none smtp.client-ip=209.85.208.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-ed1-f52.google.com with SMTP id 4fb4d7f45d1cf-56e346224bdso4132497a12.1 for ; Tue, 09 Apr 2024 13:48:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712695732; x=1713300532; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=r8FBvT4U9jWO7n57wctvYSnbs8wWD3G7D/bsJH6yrak=; b=dpznEsTKTkI4z/SZ7icROPfOb+Xx4omuK6mA1iWdeMYqh8yvdUNjO5tBOChPDNkyYg 4LxH/WWjrSW14/ZRU9O2kQaSQAeaKntlAU/m26o2UB1vYdU7rEY3+jeNJdOxKvupKTbG fEy4rW4bvi3A6Il2mN17wjIU0+SCQF4lp8tbpo0dIAcDGnm/Z/LPEK6RFaqmG732la8b tTjrqt3HCYPQNcTVRud5wJ408YatIFu8GEY23I3CKn7Q7GomYK1oXSuxVuoGRPYLoJmR Pg9qilI/K7k1Ewn8V7hggv5MDjOisEsfOLSWirZjxuX5UNQD2IecBezcn/ux+A3yDs5F Q7jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712695732; x=1713300532; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=r8FBvT4U9jWO7n57wctvYSnbs8wWD3G7D/bsJH6yrak=; b=UualnwrMZrKNxOyUSXXUyNRPxkNlakRTK/xWPmqFo212RlxUthwoGrBSE+NzirtND2 +Jyb4MwlKSbnT/QiY0pwVNeleVCj4WMICHOUkVj6WJ0QrsQp3JU8dIpgFc/cqaTsJOYy ned0mW9SoQDixNPgBFbN3JtEWdfCeMG9yrxeP8c8tCBL+ZdvAxD1PXoOZj7oMM6czW+U 55IpAEH+VYjETugQ2b4XolYj/QR8bopGp5s4flOjcdmtxauTLbPI4UehSrzd8nlLxnvE qSfF+VQGP8/u/4y0AoeK1UX/S6lDU1adHJ1J4PxpvDGtDouxkhaT81QFHqcI2YdyZX9l eOAg== X-Forwarded-Encrypted: i=1; AJvYcCVUuHzyJ5CuoPse9RsD1JTMnoZcCmFT7rFeGUxxBQsOUldChf096IXs1QqXncOqnTUmPfJ+hDtefqJMVqHC9LMPYjAyIS7tbBUsvXkW X-Gm-Message-State: AOJu0YwlrJaVKdxLoEbkl5Bz6jz037lvTqqlTAeLufQgjt6FvmMK1N5f bMKKp+3pcaJfpfJsxmnRbOLhjqGmm0cokljd/d5tlJfM2o8QTmcB54IYLqSt6CgbLeGorNKYWLj 93f6hhGHzJUGWmm8AfQdJv8sBsLdxLcvpGLOQ X-Received: by 2002:a50:cddc:0:b0:56e:99e:1fac with SMTP id h28-20020a50cddc000000b0056e099e1facmr383240edj.39.1712695731585; Tue, 09 Apr 2024 13:48:51 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240405-strncpy-kernel-debug-kdb-kdb_io-c-v2-1-d0bf595ab301@google.com> <20240405095144.GB2890893@aspen.lan> <20240409183558.GA7510@aspen.lan> In-Reply-To: <20240409183558.GA7510@aspen.lan> From: Justin Stitt Date: Tue, 9 Apr 2024 13:48:38 -0700 Message-ID: Subject: Re: [PATCH v2] kdb: replace deprecated strncpy To: Daniel Thompson Cc: Jason Wessel , Douglas Anderson , kgdb-bugreport@lists.sourceforge.net, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, On Tue, Apr 9, 2024 at 11:36=E2=80=AFAM Daniel Thompson wrote: > > On Mon, Apr 08, 2024 at 05:46:42PM -0700, Justin Stitt wrote: > > On Fri, Apr 5, 2024 at 2:51=E2=80=AFAM Daniel Thompson > > wrote: > > > > > > > len_tmp =3D strlen(p_tmp); > > > > - strncpy(cp, p_tmp+len, len_tmp-len + 1); > > > > + strscpy(cp, p_tmp+len, len_tmp-len + 1); > > > > > > Again, I really don't think the third argument provides the number of > > > characters in the destination buffer. > > > > > > > Right, the third argument is the length of the "remaining" characters > > from the completion point. > > Which is not how strscpy() is designed to be used. > > > > if you type "tes" and press tab then kallsyms_symbol_complete() will > > populate p_tmp with "test". Prior to rendering to the user, @cp points > > to "s", we need to catch the user up and print the rest of the symbol > > name since they've already typed "tes" we only need to print out "t". > > I'm more concerned about the case where you fill the buffer entirely > then move the cursor left until you get to the tes and then press Tab. > I think at the point we write too many bytes to cp. > > > > len_tmp is the length of the entire symbol part as returned by > > kallsyms_symbol_complete() and len is the length of only the > > user-typed symbol. Therefore, the amount of remaining characters to > > print is given by len_tmp-len (and +1 for a NUL-byte). > > > > So, yeah, you're right. This isn't the length of the destination but I > > don't see why we can't use memcpy() (or strscpy()) and have this not > > be considered "broken". The pointer arithmetic checks out. > > The problem with substituting strncpy() with memcpy() is that is *not* > obviously wrong... but it could be subtly wrong. > > We can see that the person who originally wrote this code made a pretty > serious mistake with strncpy() and the third argument if garbage. It is > therefore important to figure out what the *correct* value for argument > #3 should have been *before* we attempt to replace strncpy() with > anything. > > Transforming something we know to be broken without fixing it first > means it is impossible to know if the transformation is correct or not. > Hence the original question, how do we know there is enough space > after cp to store the string? Gotcha, I will find time to seriously refactor/rewrite this function (or at the very least the tab handling part of it). At the end of the day, though, I just want this strncpy() gone. > > > Daniel. Thanks Justin