From: Ryan Mallon <rmallon@gmail.com>
To: Mark Salter <msalter@redhat.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH 01/24] fix default __strnlen_user macro
Date: Thu, 01 Sep 2011 11:54:35 +1000 [thread overview]
Message-ID: <4E5EE5DB.3030101@gmail.com> (raw)
In-Reply-To: <1314841084.2344.113.camel@deneb.redhat.com>
On 01/09/11 11:38, Mark Salter wrote:
> On Thu, 2011-09-01 at 09:30 +1000, Ryan Mallon wrote:
>> On 01/09/11 07:26, Mark Salter wrote:
>>> The existing __strnlen_user macro simply resolved to strnlen. However, the
>>> count returned by strnlen_user should include the NULL byte. This patch
>>> fixes the __strnlen_user macro to include the NULL byte in the count.
>>>
>>> Signed-off-by: Mark Salter<msalter@redhat.com>
>>> ---
>>> include/asm-generic/uaccess.h | 2 +-
>>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>>
>>> diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
>>> index ac68c99..1d0fdf8 100644
>>> --- a/include/asm-generic/uaccess.h
>>> +++ b/include/asm-generic/uaccess.h
>>> @@ -289,7 +289,7 @@ strncpy_from_user(char *dst, const char __user *src, long count)
>>> * Return 0 on exception, a value greater than N if too long
>>> */
>>> #ifndef __strnlen_user
>>> -#define __strnlen_user strnlen
>>> +#define __strnlen_user(s, n) (strnlen((s), (n)) + 1)
>>> #endif
>> I don't think this is correct because if you hit maxlen you will add one
>> to it. e.g. __strnlen_user("abcd\0", 3) would return 4 instead of 3.
> Yes, one would think so, but that doesn't seem to be the case. Looking
> at various places that call strnlen_user, you'll find checks for that.
> For one example, mm/util.c:
>
> char *strndup_user(const char __user *s, long n)
> {
> char *p;
> long length;
>
> length = strnlen_user(s, n);
>
> if (!length)
> return ERR_PTR(-EFAULT);
>
> if (length> n)
> return ERR_PTR(-EINVAL);
Sure, but that isn't a good reason to not write it correctly according
to the API description. There are also places where that check doesn't
happen like fs/exec.c and the rather dodgy looking usage in
kernel/auditsc.c which appears to rely on it returning n + 1 in the
maxlen case.
It should either be changed as I suggested, or the comment in uaccess.h
should be updated to reflect the actual behaviour of the function
(stating that it returns n + 1 in the case where n is reached). Either
way, its probably worth doing a quick check through the arch specific
versions to see what their behaviour really is. It looks like there are
potentially some subtle bugs at the callsites.
~Ryan
next prev parent reply other threads:[~2011-09-01 1:54 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-31 21:26 [PATCH v2 00/24] C6X: New architecture patch set Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 01/24] fix default __strnlen_user macro Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 23:30 ` Ryan Mallon
2011-08-31 23:30 ` Ryan Mallon
2011-09-01 1:38 ` Mark Salter
2011-09-01 1:54 ` Ryan Mallon [this message]
2011-09-01 19:23 ` Mark Salter
2011-09-01 23:34 ` Ryan Mallon
2011-08-31 21:26 ` [PATCH 02/24] fixed generic page.h for non-zero PAGE_OFFSET Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 03/24] add ELF machine define for TI C6X DSPs Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 04/24] C6X: build infrastructure Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 05/24] C6X: early boot code Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 06/24] C6X: devicetree Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-09-12 20:11 ` Grant Likely
2011-09-12 20:11 ` Grant Likely
2011-09-12 20:11 ` Grant Likely
2011-09-12 23:20 ` Mark Salter
2011-09-12 23:20 ` Mark Salter
2011-09-13 6:43 ` Arnd Bergmann
2011-09-13 12:39 ` Mark Salter
2011-09-13 12:39 ` Mark Salter
2011-09-13 15:33 ` Arnd Bergmann
2011-09-13 15:33 ` Arnd Bergmann
2011-09-13 17:54 ` Grant Likely
2011-09-13 20:11 ` Arnd Bergmann
2011-09-13 20:11 ` Arnd Bergmann
2011-09-13 22:26 ` Mark Salter
2011-09-13 22:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 07/24] C6X: memory management and DMA support Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 08/24] C6X: process management Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 09/24] C6X: signal management Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-09-01 9:50 ` Matt Fleming
2011-09-01 9:50 ` Matt Fleming
2011-09-01 19:15 ` Mark Salter
2011-09-01 19:15 ` Mark Salter
2011-08-31 21:26 ` [PATCH 10/24] C6X: time management Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-09-09 14:19 ` Thomas Gleixner
2011-09-09 14:19 ` Thomas Gleixner
2011-09-12 14:12 ` Mark Salter
2011-09-12 14:12 ` Mark Salter
2011-09-13 1:16 ` john stultz
2011-09-13 1:16 ` john stultz
2011-09-13 3:18 ` Mark Salter
2011-09-13 3:44 ` john stultz
2011-08-31 21:26 ` [PATCH 11/24] C6X: interrupt handling Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-09-09 14:33 ` Thomas Gleixner
2011-09-09 14:33 ` Thomas Gleixner
2011-09-12 14:27 ` Mark Salter
2011-09-12 14:30 ` Thomas Gleixner
2011-09-12 20:01 ` Grant Likely
2011-08-31 21:26 ` [PATCH 12/24] C6X: syscalls Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 13/24] C6X: traps Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 14/24] C6X: clocks Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 15/24] C6X: cache control Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 16/24] C6X: loadable module support Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 17/24] C6X: ptrace support Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 18/24] C6X: headers Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 19/24] C6X: library code Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 20/24] C6X: general SoC support Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 21/24] C6X: specific " Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 22/24] C6X: EMIF - External Memory Interface Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 23/24] C6X: Power and Sleep Controller Mark Salter
2011-08-31 21:26 ` Mark Salter
2011-08-31 21:34 ` [PATCH v2 00/24] C6X: New architecture patch set Mark Salter
2011-08-31 21:34 ` Mark Salter
-- strict thread matches above, loose matches on Subject: below --
2011-08-22 20:09 Mark Salter
2011-08-22 20:09 ` [PATCH 01/24] fix default __strnlen_user macro Mark Salter
2011-08-08 21:44 [PATCH 00/24] C6X: New architecture patch set Mark Salter
2011-08-08 21:44 ` [PATCH 01/24] fix default __strnlen_user macro Mark Salter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E5EE5DB.3030101@gmail.com \
--to=rmallon@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=msalter@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.