Received: by 2002:ab2:687:0:b0:1f4:6588:b3a7 with SMTP id s7csp167297lqe; Tue, 9 Apr 2024 19:41:53 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXdQNYWpaxzlx7zfIZGpuZ9JDfW033i8aBNe7Q7M8TBUxTdwOJ2pOabBPAKXxEx+Da7lqtSyQBDq3/RexLrEAlb7lc/dBBJbNMgZXApdA== X-Google-Smtp-Source: AGHT+IFiFgkh4DGKM612/DDVB4JxAeBUEblFIbPx6mdRyXzbka78i7VQUXm5Xh/3W/q7t9uuzgUP X-Received: by 2002:a05:6808:20e:b0:3c5:f6c6:5859 with SMTP id l14-20020a056808020e00b003c5f6c65859mr1483053oie.36.1712716913350; Tue, 09 Apr 2024 19:41:53 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712716913; cv=pass; d=google.com; s=arc-20160816; b=wPLNtwSuc+Ol9cwg2UU4388YMlPCEuRUU00heg2UD+Rb2hgiR+JyvmZbmOii6Ag0eY LVYQAJygKADhLMq1TafgRhR6ltiFxiUS9IsBRS/1kxSnO6eFfPm79i5OrAjHH2zvF0AU Wb511PyfS19lwmB1Ysv0o4jxSSnm3gPuJO/IXQQpB+AZaaArU9KsOnbvasGous2U2Hrl VV2cFfBzJbYttg6iqwXZTdyJOqnei0ObwmwlcCKyZYJ1wS/oarELpUfGZd4r3I+UkheZ a+VLhQKxuFwFkI6Mv8fvOSead4uB4Nc+5D+R8PC8iRVrb3BFDcKh6AdemXTsDOXP4xSl 6PmQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=7sJB/mea+ne4UFf8C44UTKqaf9B7A57oFQubr1xCfoI=; fh=7kWJny42IwzNwycYxeMqG0bVNibnzceDiMdnydwFHhI=; b=IzWzunrXUsc2cE4MVYQ8w7VZqXUC5XSrQNP1TvwLkFTYOLWttL32XWMweXHwoJZ0PN pM2mQhHzHpQ98+FfnKc1v6D6hM/aId0dOCNlkliILjsAeTerLVyuPQqUjkUZZayG4laI XVGGDcnsYk7g2Jv8XxEPeeJiHAO+Fk+3D26kwnN7ERTwjV1WQccT9QWIwoXLzzQfmQ9U fe5/wKlEKGssu6Lvt9Zni5Wwo3hkNxFi90e+KzTQgzkwmUI+Gs5+wrVEY+thGOb3mozI VjJ/CBOyY/npffzKPpWVfDMYp7SFYRLga+w04UbVr0CfzecYRCKczci9FYE0XK9+matV sOrg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=H7CD6fRB; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-137842-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-137842-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id q30-20020a63751e000000b005f0793e3ca4si9870223pgc.275.2024.04.09.19.41.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 19:41:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-137842-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=H7CD6fRB; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-137842-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-137842-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 8F6B4B253AE for ; Wed, 10 Apr 2024 02:32:44 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 561CB134DE; Wed, 10 Apr 2024 02:32:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="H7CD6fRB" Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6FFDB9473 for ; Wed, 10 Apr 2024 02:31:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716322; cv=none; b=qHweKXVVkgAThGoeGD1byrUcsGfvXrrvyNqyxrX/BFeGDVTKQ03a2sbrJtIids0OaKDK3VlhGuDjni2PJ1FNRjQJuBP0RzLLKQUoBUzsYXkKzfk1zUDhNTsaLPtXmhVNfO/ZyW5CTAFNT+s70Ri5DbDI1I8+W/I9I3DL8ZeIOMg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716322; c=relaxed/simple; bh=KszawLlCfqBX5u3rVG0NvzmvK/754HFncGX7jVg0qxY=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=Vc+eY5VJ2woNa1zBwjpl55ws5HkDllKoMq25adEY2ttv+tDNYrlhGx+i0Zmz5X7xx2o9NHvBEtpwLYL8iaxXWxr8S77vzG1YiRLz3tW3y2EUCh1vZxBbL0Bgqo4BwUGU+rzAB47ZQv0cGFnSr79NMlUcft978/NR1i4VocsXIwM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=H7CD6fRB; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-1e3e84a302eso23868395ad.0 for ; Tue, 09 Apr 2024 19:31:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1712716318; x=1713321118; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=7sJB/mea+ne4UFf8C44UTKqaf9B7A57oFQubr1xCfoI=; b=H7CD6fRBN5qrbJARl/fzdCmRnD3qqryKyynhwWbYSIxuVcnNMcgu2LivLl1N38rfVk NJ6jVxygQ8pdSmMwk71ejOKTyBbFlIodb1fPNNHLSenGTReTqGzvM1n70V8LHZu7WBJF W6HEEhhaFhKHNBjQZd8419vUqgIbmQC10u5Pc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712716318; x=1713321118; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7sJB/mea+ne4UFf8C44UTKqaf9B7A57oFQubr1xCfoI=; b=jQITauyGwvfMvPv42SjRmlailUwMYyK26P1uvpk1d7JARAkk5JS/E+E5QgcC/lrF1c GR35WVcEQ268KYhKdAvNiOXY5r+Rxnl/6bS5NH7A8uKtlrpXboESeHe1/UozjkqAQvkB YNGE11/Zz69CwOIeIr7ZPiHfr0VZ+07uG6tXaA3sYEdgxHvEzAZ97QcUHTnsvMobkNdj 8kTHoRvb7dqT2hA2rjNBYPE3AvRPzBDERhroqRMY2OqglCpc13XnF6U64UDfZSHyK+fF KoHnSDYUxC5nPTe1ZeJeghZZUQuOWPzAH+kAxnPNbHBjxQjLJ+GXpKG2slqM3vLxOGOp KsMQ== X-Forwarded-Encrypted: i=1; AJvYcCUHNiJPZioiT64eAQhHrEpkflxg7IDtl/YbSHmfiDandNQRTj5qUyvK5B9qgiYUkV/fqs8PQ3UyKkQgiJjRl8/x/05kS7EhVeTVnPoP X-Gm-Message-State: AOJu0YxPqgEjzs4VGMuLXFWCRPCkq3BzZ7k5FfZGtPBCYDCP73X9Mx18 e0R52qH5t8PBf6w9LB7wJchycQQqZ5BPXzgO4p6MI+NhasVSgtchxe2IDvDITw== X-Received: by 2002:a17:902:7008:b0:1e4:3ad5:b6d6 with SMTP id y8-20020a170902700800b001e43ad5b6d6mr1512978plk.37.1712716318594; Tue, 09 Apr 2024 19:31:58 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id b7-20020a170902d50700b001e3ee552999sm6406385plg.291.2024.04.09.19.31.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 19:31:58 -0700 (PDT) From: Kees Cook To: "Martin K . Petersen" Cc: Kees Cook , Charles Bertsch , Justin Stitt , Bart Van Assche , Andy Shevchenko , Sathya Prakash , Sreekanth Reddy , Suganath Prabu Subramani , "James E.J. Bottomley" , Kashyap Desai , Sumit Saxena , Nilesh Javali , Andrew Morton , Himanshu Madhani , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org, mpi3mr-linuxdrv.pdl@broadcom.com, GR-QLogic-Storage-Upstream@marvell.com Subject: [PATCH 0/5] scsi: Avoid possible run-time warning with long manufacturer strings Date: Tue, 9 Apr 2024 19:31:49 -0700 Message-Id: <20240410021833.work.750-kees@kernel.org> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1911; i=keescook@chromium.org; h=from:subject:message-id; bh=KszawLlCfqBX5u3rVG0NvzmvK/754HFncGX7jVg0qxY=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmFfoZGm+w5zIvLCsYnaFCm1zKDHNOj0+xiwYgY QCyzpvIZWGJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZhX6GQAKCRCJcvTf3G3A Jo6wD/0QQk0StqwBxMN5hxnRxuq1LlsSW6z1VwPSQbvxTQhHewhbKVcSmede+va3JiKcOFnm8db Z5tyz10tEr4E1gWXWMfMZvp3HtZQNej83u3OZdrdgfrHNr06E5twCcfmS/LEFwwqdsVSr1AsN6k 8soxXZSYHKsCEyiYQGYGBIv/yTn91kepLo3oP6UE2sF0YF9th4p+yYovtTDtcVI06xFTPTimcOA b4yivDJtG0MuKjJPtWCEeUSHRv7I55eY7Um9YoRMh6AwkgE6Sq4FuogJQjcQ0/cADCB9UiFMUmL 5aQR30QXfusAOfgG4b8M/PJtfFHv0zf8gd8gYYiSxiR5DQ8eNKp4h4CdLEcHDYkpMOsW4J/mygX 7jEPX/+3EiWE72P4eYnfnzhw5Gb28anIEI4gCcVOIGQT25H2FgFN/7srJ440W9vmlGOm/alkpBP zMo4aorHp0hSy85xDtvmFbFM8tKG4tj5hOh5U4VPLVUlwzk8OH6sGJ0waSHdNIsQBScGBRk3kXG MP+jzndBxOoaWnXkHrK1b3/wIPPlcYG5BkXxqALuRo63UucckCttvJcNPF75urxyQ/1nfgGfwNU JJqca5Pli5JfQqGyfV+y32MEwpMfCj6JqHDwe4WUQDJfpZnS91bEvOepX7jB03lPrx+7ZrJ7Z7I Dp8Y9D/ WtLzpPwA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit Hi, Another code pattern using the gloriously ambiguous strncpy() function was turning maybe not-NUL-terminated character arrays into NUL-terminated strings. In these cases, when strncpy() is replaced with strscpy() it creates a situation where if the non-terminated string takes up the entire character array (i.e. it is not terminated) run-time warnings from CONFIG_FORTIFY_SOURCE will trip, since strscpy() was expecting to find a NUL-terminated source but checking for the NUL would walk off the end of the source buffer. In doing an instrumented build of the kernel to find these cases, it seems it was almost entirely a code pattern used in the SCSI subsystem, so the creation of the new helper, memtostr(), can land via the SCSI tree. And, as it turns out, inappropriate conversions have been happening for several years now, some of which even moved through strlcpy() first (and were never noticed either). This series fixes all 4 of the instances I could find in the SCSI subsystem. Thanks, -Kees Kees Cook (5): string.h: Introduce memtostr() and memtostr_pad() scsi: mptfusion: Avoid possible run-time warning with long manufacturer strings scsi: mpt3sas: Avoid possible run-time warning with long manufacturer strings scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings scsi: qla2xxx: Avoid possible run-time warning with long model_num drivers/message/fusion/mptsas.c | 14 +++---- drivers/scsi/mpi3mr/mpi3mr_transport.c | 14 +++---- drivers/scsi/mpt3sas/mpt3sas_base.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_transport.c | 14 +++---- drivers/scsi/qla2xxx/qla_mr.c | 6 +-- include/linux/string.h | 49 ++++++++++++++++++++++++ lib/strscpy_kunit.c | 26 +++++++++++++ 7 files changed, 93 insertions(+), 32 deletions(-) -- 2.34.1