From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Subject: Re: [PATCH v1 1/1] seq_file: Replace strncpy()+nul by strscpy()
Date: Tue, 18 Jul 2023 22:00:24 -0700 [thread overview]
Message-ID: <202307182147.A5B81B67D@keescook> (raw)
In-Reply-To: <168963536094.1395996.315062356944871422.b4-ty@chromium.org>
On Mon, Jul 17, 2023 at 04:09:23PM -0700, Kees Cook wrote:
>
> On Mon, 17 Jul 2023 12:33:32 +0300, Andy Shevchenko wrote:
> > Privided seq_show_option_n() macro breaks build with -Werror
> > and W=1, e.g.:
> >
> > In function ‘strncpy’,
> > inlined from ‘ocfs2_show_options’ at fs/ocfs2/super.c:1520:3:
> > include/linux/fortify-string.h:68:33: error: ‘__builtin_strncpy’ output may be truncated copying 4 bytes from a string of length 4 [-Werror=stringop-truncation]
> > 68 | #define __underlying_strncpy __builtin_strncpy
> > | ^
> > include/linux/fortify-string.h:151:16: note: in expansion of macro ‘__underlying_strncpy’
> > 151 | return __underlying_strncpy(p, q, size);
> > | ^~~~~~~~~~~~~~~~~~~~
> > cc1: all warnings being treated as errors
> >
> > [...]
>
> Applied, thanks!
>
> [1/1] seq_file: Replace strncpy()+nul by strscpy()
> https://git.kernel.org/kees/c/c30417b20f49
Gah, I dropped this from my tree since it was actually wrong[1]. This is an
ugly corner case with strscpy vs strncpy: the cast be32 from hfs/hfsplus[2]
looks unterminated to strscpy, so it would return -E2BIG, but really
FORTIFY noticed the over-read (strscpy is correctly checking the 5th
byte for NUL).
So... I think we need to fix seq_show_option_n() using memcpy+NUL, drop
the ocfs2 usage, and clarify that the seq_show_option_n() docs mean
"n means _exactly_ n bytes"...
-Kees
[1] https://lore.kernel.org/lkml/0000000000000a88cb0600ccef54@google.com/
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/hfsplus/options.c?h=v6.4#n221
--
Kees Cook
next prev parent reply other threads:[~2023-07-19 5:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-17 9:33 [PATCH v1 1/1] seq_file: Replace strncpy()+nul by strscpy() Andy Shevchenko
2023-07-17 15:43 ` Kees Cook
2023-07-17 16:05 ` Andy Shevchenko
2023-07-17 22:58 ` Kees Cook
2023-07-17 23:09 ` Kees Cook
2023-07-19 5:00 ` Kees Cook [this message]
2023-07-19 5:26 ` Andy Shevchenko
2023-07-18 9:42 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202307182147.A5B81B67D@keescook \
--to=keescook@chromium.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.