Received: by 2002:ab2:687:0:b0:1f4:6588:b3a7 with SMTP id s7csp129629lqe; Tue, 9 Apr 2024 17:40:56 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW4W1xFS8xPf2O5obMa5X5INngVQF5n0fMzo7E1R1z9pzWLaMvJ0T0ii4OGB1sz52Rb1tngn8uJ3AKX3MeZOa8sjjnnJFmgm7sB8wVJUQ== X-Google-Smtp-Source: AGHT+IGKa9QRtPBJOE24vfMuaf1YolYxDeZXd8YyqABHYIXP2wa5iCWRFijG3x7CHzwAkYHQqxe6 X-Received: by 2002:ac5:c96d:0:b0:4ca:4a07:9006 with SMTP id t13-20020ac5c96d000000b004ca4a079006mr1364797vkm.0.1712709656489; Tue, 09 Apr 2024 17:40:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712709656; cv=pass; d=google.com; s=arc-20160816; b=AaYz3B8EJSQCupNhIqn1vmB9jKiFBhFzVCSe/m674qN2pOw5TMJXJ2ZbWFo29J84JA vsaAwlczvh/66B7Ygyw6FMEPwcuOVZhQBTWjEThsEycdBo+mRJ95MvAd7O1I+0OGvoNn pVhdmkZIxV1xSAUePIi4kWSBAnmIAQaRLmK9pHJjJwf94lVZqwWfjay1+GWXGGkLJcHy N9P3Z1nnjPVm7wsqXSYUV/VKx7RvZ6ryOEhAekANk73xFZ6Wc/TwY1m1pIusPlIGmbIz ah7j53WpMrWHwiDfQO6llW8n4pDXOG8kIaS+w+yWFZ0n8+THrMqTzjMZo3zJGH3HKwrY YWKg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=vMW48r52vxnAKvovox7/ZG87TBAvrLJpNUuP4WnKteY=; fh=32wkTjczvdnwFujATKLNzBTx/C+MTuxqnmLOTcAXKG0=; b=h7YZ/zywkCpy7amGkJaXMbm6ETn1rsf36QmirZIMqF8emchC0vSbNtIQzAnTXiB6a0 Dq1UHWnVmojCPdX7Yq3ETaQ9URljOoKOwEN95jNZG68T+qwo6bYexeDj4QacAkUxoMY+ 2ZAG1ew+uTQhpyY30ddNV3YHkRnfVjnnIWdqOImI2G+f/b4fBKjPgch82o1GjKIk2aGZ oqPSqp2IqDza9I1dD6Kolq+a9/u2rb8kKHTFCz5Hn6EyOOSk14WlH8u7CxOdwa6X2hcN vJFSVmFb5cYczlVVlluMgaZMLERUr7yboad7FA8q5lpp8CbiZmsH8jRDbOw5gnsQeQ43 54kQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nZMj6yha; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-137778-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-137778-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id f6-20020a056214164600b00699132af4b4si11278043qvw.614.2024.04.09.17.40.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 17:40:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-137778-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nZMj6yha; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-137778-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-137778-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 388551C2102B for ; Wed, 10 Apr 2024 00:40:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 95924A59; Wed, 10 Apr 2024 00:40:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="nZMj6yha" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B188938F; Wed, 10 Apr 2024 00:40:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712709650; cv=none; b=f3Z+XQtzDzylegnP3nSskBG8ZpRHSKm403TkpqBGg0ey499LWBS6ld1+ksBlOb8xbcV1JKUmgST4F4vgQGqiL7NhVc1uBx0vN31QwVqNMQu0+CQy+nxa1XwOcw3NilNrsfNOLS+d2f1zkzlLhNU/8WDbAUcYv3tDMqXXbgWagZg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712709650; c=relaxed/simple; bh=cNDBDCOlR3wvzU4N2h7QYqddvVul6slsihlZgPXf2mI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=deFKTzr3nE1PNjlEck9FbMph88SNwa4ao+hhqJWS7iBi6ljp/GygGBu2xwlnMBXvz6C2uMZvPjOHW+yaezB11Q95cOsJ2VN8aym1ixRjK7jkw5PhTkWV91rnvx6ZXcGr2LRzfxG8x5yk4giJe6UxM0ShqFh5wIVajhyPIR4x7IE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=nZMj6yha; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3D964C433C7; Wed, 10 Apr 2024 00:40:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712709650; bh=cNDBDCOlR3wvzU4N2h7QYqddvVul6slsihlZgPXf2mI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=nZMj6yhaheTRBHPsH0YXKapB66D4S2cJ0mpvzSIpBlZH8f0+V8UrPonQF4aR/uPfU cWhtNbTnuBTjnAYIxagduGjw3LKi6YbQfmbqfnvxMYIM89FCYyQWrTe8L4+3gMBXRH +DEG+LanPaTjfbt8/diqqyE2fJC5kigbs7tbbMoQ/PkqeMQkYZwbzlfKYLb+I/Obf0 QDinWLz5WSCeMv7Xx0nKicjKqT6jBbcGXbmU5F8ZzS2U/Uacanc4O8h+UOU95/RNVy JmulJgGBLFNtjLFfTx1DVMUt28maX3g2iZbQ9UH4FpTYbtdoO8NvgF7hAYYtV575KF qx86CcSp3+Psg== Date: Tue, 9 Apr 2024 17:40:49 -0700 From: "Darrick J. Wong" To: Justin Stitt Cc: Christoph Hellwig , Chandan Babu R , linux-xfs@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] xfs: xattr: replace strncpy and check for truncation Message-ID: <20240410004049.GT6390@frogsfrogsfrogs> References: <20240405-strncpy-xattr-split2-v1-1-90ab18232407@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Tue, Apr 09, 2024 at 05:27:34PM -0700, Justin Stitt wrote: > On Tue, Apr 9, 2024 at 5:23 PM Justin Stitt wrote: > > > > Hi, > > > > On Tue, Apr 9, 2024 at 6:32 AM Christoph Hellwig wrote: > > > > > > On Fri, Apr 05, 2024 at 07:45:08PM +0000, Justin Stitt wrote: > > > > - memcpy(offset, prefix, prefix_len); > > > > - offset += prefix_len; > > > > - strncpy(offset, (char *)name, namelen); /* real name */ > > > > - offset += namelen; > > > > - *offset = '\0'; > > > > + > > > > + combined_len = prefix_len + namelen; > > > > + > > > > + /* plus one byte for \0 */ > > > > + actual_len = scnprintf(offset, combined_len + 1, "%s%s", prefix, name); > > > > + > > > > + if (actual_len < combined_len) > > > > > > Shouldn't this be a != ? > > > > I guess it could be. It's a truncation check so I figured just > > checking if the amount of bytes actually copied was less than the > > total would suffice. > > > > > > > > That being said I think this is actually wrong - the attr names are > > > not NULL-terminated on disk, which is why we have the explicit > > > zero terminataion above. > > > > Gotcha, in which case we could use the "%.*s" format specifier which > > allows for a length argument. Does something like this look better? > > > > diff --git a/fs/xfs/xfs_xattr.c b/fs/xfs/xfs_xattr.c > > index 364104e1b38a..1b7e886e0f29 100644 > > --- a/fs/xfs/xfs_xattr.c > > +++ b/fs/xfs/xfs_xattr.c > > @@ -206,6 +206,7 @@ __xfs_xattr_put_listent( > > { > > char *offset; > > int arraytop; > > + size_t combined_len, actual_len; > > > > if (context->count < 0 || context->seen_enough) > > return; > > @@ -220,11 +221,16 @@ __xfs_xattr_put_listent( > > return; > > } > > offset = context->buffer + context->count; > > - memcpy(offset, prefix, prefix_len); > > - offset += prefix_len; > > - strncpy(offset, (char *)name, namelen); /* real name */ > > - offset += namelen; > > - *offset = '\0'; > > + > > + combined_len = prefix_len + namelen; > > + > > + /* plus one byte for \0 */ > > + actual_len = scnprintf(offset, combined_len + 1, "%.*s%.*s", > > + prefix_len, prefix, namelen, name); > > + > > + if (actual_len < combined_len) > > + xfs_warn(context->dp->i_mount, > > + "cannot completely copy context buffer resulting in truncation"); > > > > compute_size: > > context->count += prefix_len + namelen + 1; > > --- > > I copy pasted from vim -> gmail and it completely ate all my tabs. > When I actually send the new patch, if needed, it will be formatted > correctly :) Yeah, the "%.*s" version looks better. > > > > > > > > > > > > How was this tested? > > > > With https://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git/about/ > > > > but using scripts + image from: https://github.com/tytso/xfstests-bld > > > > here's the output log: https://pastebin.com/V2gFhbNZ wherein I ran the > > 5 default ones (I think?): > > > > | Ran: generic/475 generic/476 generic/521 generic/522 generic/642 > > | Passed all 5 tests Would you mind adding "-g attr,label" into the mix so that you're running all the functional tests for xattr and fs label functionality? --D > > > > Thanks > > Justin >