From: Kees Cook <keescook@chromium.org>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1 1/1] seq_file: Replace strncpy()+nul by strscpy()
Date: Mon, 17 Jul 2023 08:43:55 -0700 [thread overview]
Message-ID: <202307170826.397635AD@keescook> (raw)
In-Reply-To: <20230717093332.54236-1-andriy.shevchenko@linux.intel.com>
On Mon, Jul 17, 2023 at 12:33:32PM +0300, Andy Shevchenko wrote:
> Privided seq_show_option_n() macro breaks build with -Werror
> and W=1, e.g.:
>
> In function ‘strncpy’,
> inlined from ‘ocfs2_show_options’ at fs/ocfs2/super.c:1520:3:
> include/linux/fortify-string.h:68:33: error: ‘__builtin_strncpy’ output may be truncated copying 4 bytes from a string of length 4 [-Werror=stringop-truncation]
> 68 | #define __underlying_strncpy __builtin_strncpy
> | ^
While I totally agree with the removal of strncpy(), I'm confused about
how this warning is being produced:
seq_show_option_n(s, "cluster_stack", osb->osb_cluster_stack,
OCFS2_STACK_LABEL_LEN);
fs/ocfs2/ocfs2.h:389: char osb_cluster_stack[OCFS2_STACK_LABEL_LEN + 1];
fs/ocfs2/ocfs2_fs.h:#define OCFS2_STACK_LABEL_LEN 4
#define seq_show_option_n(m, name, value, length) { \
char val_buf[length + 1]; \
strncpy(val_buf, value, length); \
...
the source buffer is OCFS2_STACK_LABEL_LEN + 1 long, and the dest buffer
is OCFS2_STACK_LABEL_LEN + 1 long. ??
I think this doesn't need to use seq_show_option_n() at all.
> include/linux/fortify-string.h:151:16: note: in expansion of macro ‘__underlying_strncpy’
> 151 | return __underlying_strncpy(p, q, size);
> | ^~~~~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
>
> While -Werror wasn't enabled by default at the time of the original code
> landed into mainline, strscpy() was already there and preferred over strncpy().
> Due to above mentioned issues, use the latter in seq_show_option_n().
>
> Fixes: a068acf2ee77 ("fs: create and use seq_show_option for escaping")
> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> ---
> include/linux/seq_file.h | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h
> index bd023dd38ae6..e87d635ca24f 100644
> --- a/include/linux/seq_file.h
> +++ b/include/linux/seq_file.h
> @@ -260,8 +260,7 @@ static inline void seq_show_option(struct seq_file *m, const char *name,
> */
> #define seq_show_option_n(m, name, value, length) { \
> char val_buf[length + 1]; \
> - strncpy(val_buf, value, length); \
> - val_buf[length] = '\0'; \
> + strscpy(val_buf, value, sizeof(val_buf)); \
> seq_show_option(m, name, val_buf); \
> }
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
--
Kees Cook
next prev parent reply other threads:[~2023-07-17 15:44 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-17 9:33 [PATCH v1 1/1] seq_file: Replace strncpy()+nul by strscpy() Andy Shevchenko
2023-07-17 15:43 ` Kees Cook [this message]
2023-07-17 16:05 ` Andy Shevchenko
2023-07-17 22:58 ` Kees Cook
2023-07-17 23:09 ` Kees Cook
2023-07-19 5:00 ` Kees Cook
2023-07-19 5:26 ` Andy Shevchenko
2023-07-18 9:42 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202307170826.397635AD@keescook \
--to=keescook@chromium.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.