Received: by 2002:ab2:7855:0:b0:1f9:5764:f03e with SMTP id m21csp981404lqp; Thu, 23 May 2024 06:05:27 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWHvUOMYnV+m9gAZySrv+7nM8K9zkLI47oPI4eCkd5jyHIbpEsPCH9nEYDgL9JcpPIdrWXYHj2bcMS79gsnJ5B6mNUYcpOynJQ0RG48hg== X-Google-Smtp-Source: AGHT+IEkt/1zK6Q1a+zxu85XUX5n9T3qFeEHQVW/AOkFcPI7M5RS2Sk50viYPJNvkQY36IQG8Ouv X-Received: by 2002:a17:902:9a94:b0:1f3:465:2869 with SMTP id d9443c01a7336-1f31c984a71mr42125535ad.31.1716469527039; Thu, 23 May 2024 06:05:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716469527; cv=pass; d=google.com; s=arc-20160816; b=N2FlkQqcS0AAdtLtwGFdvPL6HjwHbX5/ioZFJSHfH4Boeq6CcRydaF2wWVUhieyvfq lRzYOmXV7LytOQC2FV7VV0lC+lw8aFZyNZ3oUKOk54yNAe8Y+QncDbuvgpcqDjIL5mVR WdSluu86y4UPY7Ap7MFZCdbryuk7dcqFjecft4R2rkd0KVYoZEmzxvJw8c6Dahlhua4G JERA23DAkvmvO9/fxOo3xNk52ramjXlqIj9ZF5ddN3W0VpgjPDgz6FcFFywxGt3nRg3V nHC34GbOPaS6yWugBqKrhOqqWHNCZOqYzATDW1J7RNLTULpB8b05n6ixJs+Qql0+y3Fu rD2g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=WZycEgts+i1uj4kN6iMFbOpgTuCjrceEnZED0MElG2U=; fh=X7IgmAqb1GwESPrW2Qv/v1cEycBEAJK6NOkOhXzpiXY=; b=ILSKtVuedqQZ/CtYCm01S3caupLXmpLzhR3/IikRth+8wr17irgTr7cCzQl/sf+m6p faFxf0Lt3Mwg/jQ8BCfdTyvdfNYBQpnmYGLGtC0kpXvq0BiaIlvDmgguJGCJQeNS7/U8 Ymd9HLyXWG1T32C9gDzNwchIKTp6OFL+K055v6kaRJivguas24t5KpMnFLfTksczDfPX cvSy+EqNVNWudT/XcthheIs0l9cWLlZ/CfM7TJ9cChv1YPk/qyKsiXnVOWY/L+aPTks8 ROJ4mgJi4spmQ8J2wtiMkutydkFXVWqn5/dFpr6bvz/WMX6XmiP3bAQ3aRnS2yFj3dQ/ v7Cg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@mit.edu header.s=outgoing header.b=Hsj30XWr; arc=pass (i=1 spf=pass spfdomain=mit.edu dkim=pass dkdomain=mit.edu dmarc=pass fromdomain=mit.edu); spf=pass (google.com: domain of linux-ext4+bounces-2638-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-ext4+bounces-2638-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id d9443c01a7336-1f2fa3409b9si13869475ad.421.2024.05.23.06.05.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 May 2024 06:05:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4+bounces-2638-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@mit.edu header.s=outgoing header.b=Hsj30XWr; arc=pass (i=1 spf=pass spfdomain=mit.edu dkim=pass dkdomain=mit.edu dmarc=pass fromdomain=mit.edu); spf=pass (google.com: domain of linux-ext4+bounces-2638-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-ext4+bounces-2638-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 1B749B2241C for ; Thu, 23 May 2024 13:05:25 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4A3D91474BC; Thu, 23 May 2024 13:05:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=mit.edu header.i=@mit.edu header.b="Hsj30XWr" X-Original-To: linux-ext4@vger.kernel.org Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 425EA13C8FF for ; Thu, 23 May 2024 13:05:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=18.9.28.11 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716469519; cv=none; b=M+NdZfqBEfydYexoG8egpsOkxIV045u/JEpJ6XqgO+v8qc+3KhcBVOmBwqtO8gLRaAtahBOsK+o8y32yTjic2/9Bz+JKJyBXHQfHRTvQPd0y1PQID1p1/J/IpcnLCO5N8eGADfyWo5NV60e/sFcF+LbDWnSNMPzzxw+3QBtyLuE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716469519; c=relaxed/simple; bh=T9afDleXRzBxJZKBOaQ/5h1gdMwqmEHOTqhTW5+06JQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Jha1dwOqK/cZHXRaIHqlcGfeJeQF0z3va220zUwUsGzQaah4fLy6477DbtjZxk8See2vouD3u7EZFUmQAbw4d44TL2nIlCPGvYTrfUngi06cJGflz7yPxIGhBeS/gSoD7U2osxG2V+qu3MfTLXk7kX6HX2Nronu2yl2ycNApddw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mit.edu; spf=pass smtp.mailfrom=mit.edu; dkim=pass (2048-bit key) header.d=mit.edu header.i=@mit.edu header.b=Hsj30XWr; arc=none smtp.client-ip=18.9.28.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mit.edu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mit.edu Received: from cwcc.thunk.org (pool-108-7-50-195.bstnma.fios.verizon.net [108.7.50.195]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 44ND4vx7028458 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 23 May 2024 09:04:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1716469499; bh=WZycEgts+i1uj4kN6iMFbOpgTuCjrceEnZED0MElG2U=; h=Date:From:Subject:Message-ID:MIME-Version:Content-Type; b=Hsj30XWrD5KN9QJX60Huqz+BT45WlWdO5cCHBmb5C2WmIy2NQtUfMq3o13mzHpgk9 R3PmhxlcCBtZnmfWE+q5eJnxMAA6Sq2RUglx6gLHUXAUP7sxcAc+UPt5EwcASg90O9 Xyw4Nfjz4LVdnCS4BjukgJt5IvK/pgpzpsd7MgjA5hS8txlRNT400lSVXr/8GgEaKI aYk2MyOTEF6qWZggXlryQOiHfABZ91Akgw5SrA9vIKMhTg29kFLAWG9QK2fog07T8f bWO3UGOqAKztL2J7lOOlON/YBVIeMve/ZXZwJyDKdBAVSjxs7MsgBsORCygi8dDzHU 1E2rLWrZ7au8A== Received: by cwcc.thunk.org (Postfix, from userid 15806) id 05EC115C0225; Thu, 23 May 2024 09:04:57 -0400 (EDT) Date: Thu, 23 May 2024 09:04:56 -0400 From: "Theodore Ts'o" To: syzbot Cc: adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, Justin Stitt , Kees Cook Subject: Re: [syzbot] [ext4?] WARNING in __fortify_report Message-ID: <20240523130456.GH65648@mit.edu> References: <00000000000019f4c00619192c05@google.com> Precedence: bulk X-Mailing-List: linux-ext4@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <00000000000019f4c00619192c05@google.com> On Wed, May 22, 2024 at 11:29:25PM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > dashboard link: https://syzkaller.appspot.com/bug?extid=50835f73143cc2905b9e > ... > strnlen: detected buffer overflow: 17 byte read of buffer size 16 > [<8080fe10>] (__fortify_report) from [<818e9a40>] (__fortify_panic+0x10/0x14 lib/string_helpers.c:1036) > [<818e9a30>] (__fortify_panic) from [<8062a3b0>] (strnlen include/linux/fortify-string.h:221 [inline]) > [<818e9a30>] (__fortify_panic) from [<8062a3b0>] (sized_strscpy include/linux/fortify-string.h:295 [inline]) > [<818e9a30>] (__fortify_panic) from [<8062a3b0>] (ext4_ioctl_getlabel fs/ext4/ioctl.c:1154 [inline]) > [<818e9a30>] (__fortify_panic) from [<8062a3b0>] (ext4_fileattr_get+0x0/0x78 fs/ext4/ioctl.c:1609) > [<8062829c>] (__ext4_ioctl) from [<8062aaac>] (ext4_ioctl+0x10/0x14 fs/ext4/ioctl.c:1626) > r10:836e6c00 r9:00000005 r8:845e7900 r7:00000000 r6:845e7900 r5:00000000 This is caused by commit 744a56389f73 ("ext4: replace deprecated strncpy with alternatives") and it's unclear whether this is being caused by a buggy implementation of strscpy_pad(), or a buggy fortify, but a simple way to fix is to go back to the good-old strncpy(), which is perfectly safe, and perfectly secure. (And this is a great example of "security initiatives" being an exercise in pain alocation tradeoffs between overworked maintainers and security teams... regardless of whether the bug is in fortify, syzkaller, or an effort to completely convert away from strncpy() because it makes security analysis easier.) - Ted