* [PATCH v2] fs: ocfs2: Replace strlcpy with sysfs_emit
@ 2023-08-31 19:38 Azeem Shaikh
2023-08-31 21:04 ` Kees Cook
2023-09-13 3:47 ` Joseph Qi
0 siblings, 2 replies; 3+ messages in thread
From: Azeem Shaikh @ 2023-08-31 19:38 UTC (permalink / raw)
To: Mark Fasheh, Joel Becker, Joseph Qi, Kees Cook
Cc: linux-hardening, Azeem Shaikh, ocfs2-devel, linux-kernel,
Christian Brauner, Dave Chinner, Jan Kara, Jeff Layton
strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with sysfs_emit().
Direct replacement is safe here since its ok for `kernel_param_ops.get()`
to return -errno [3].
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89
[3] https://elixir.bootlin.com/linux/v6.5/source/include/linux/moduleparam.h#L52
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
---
v2:
* Removes patch [1/2] which replaced module_param_call with module_param_cb.
* Use sysfs_emit instead of strscpy.
v1:
* https://lore.kernel.org/all/20230830215426.4181755-1-azeemshaikh38@gmail.com/
fs/ocfs2/dlmfs/dlmfs.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/ocfs2/dlmfs/dlmfs.c b/fs/ocfs2/dlmfs/dlmfs.c
index 81265123ce6c..b38776ba3306 100644
--- a/fs/ocfs2/dlmfs/dlmfs.c
+++ b/fs/ocfs2/dlmfs/dlmfs.c
@@ -80,8 +80,7 @@ static int param_set_dlmfs_capabilities(const char *val,
static int param_get_dlmfs_capabilities(char *buffer,
const struct kernel_param *kp)
{
- return strlcpy(buffer, DLMFS_CAPABILITIES,
- strlen(DLMFS_CAPABILITIES) + 1);
+ return sysfs_emit(buffer, DLMFS_CAPABILITIES);
}
module_param_call(capabilities, param_set_dlmfs_capabilities,
param_get_dlmfs_capabilities, NULL, 0444);
--
2.42.0.283.g2d96d420d3-goog
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH v2] fs: ocfs2: Replace strlcpy with sysfs_emit
2023-08-31 19:38 [PATCH v2] fs: ocfs2: Replace strlcpy with sysfs_emit Azeem Shaikh
@ 2023-08-31 21:04 ` Kees Cook
2023-09-13 3:47 ` Joseph Qi
1 sibling, 0 replies; 3+ messages in thread
From: Kees Cook @ 2023-08-31 21:04 UTC (permalink / raw)
To: Azeem Shaikh
Cc: Mark Fasheh, Joel Becker, Joseph Qi, linux-hardening, ocfs2-devel,
linux-kernel, Christian Brauner, Dave Chinner, Jan Kara,
Jeff Layton
On Thu, Aug 31, 2023 at 07:38:27PM +0000, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with sysfs_emit().
>
> Direct replacement is safe here since its ok for `kernel_param_ops.get()`
> to return -errno [3].
>
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> [2] https://github.com/KSPP/linux/issues/89
> [3] https://elixir.bootlin.com/linux/v6.5/source/include/linux/moduleparam.h#L52
>
> Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] fs: ocfs2: Replace strlcpy with sysfs_emit
2023-08-31 19:38 [PATCH v2] fs: ocfs2: Replace strlcpy with sysfs_emit Azeem Shaikh
2023-08-31 21:04 ` Kees Cook
@ 2023-09-13 3:47 ` Joseph Qi
1 sibling, 0 replies; 3+ messages in thread
From: Joseph Qi @ 2023-09-13 3:47 UTC (permalink / raw)
To: Azeem Shaikh, akpm
Cc: linux-hardening, ocfs2-devel, linux-kernel, Christian Brauner,
Dave Chinner, Jan Kara, Jeff Layton, Mark Fasheh, Joel Becker,
Kees Cook
On 9/1/23 3:38 AM, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with sysfs_emit().
>
> Direct replacement is safe here since its ok for `kernel_param_ops.get()`
> to return -errno [3].
>
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> [2] https://github.com/KSPP/linux/issues/89
> [3] https://elixir.bootlin.com/linux/v6.5/source/include/linux/moduleparam.h#L52
>
> Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
> ---
> v2:
> * Removes patch [1/2] which replaced module_param_call with module_param_cb.
> * Use sysfs_emit instead of strscpy.
>
> v1:
> * https://lore.kernel.org/all/20230830215426.4181755-1-azeemshaikh38@gmail.com/
>
> fs/ocfs2/dlmfs/dlmfs.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/fs/ocfs2/dlmfs/dlmfs.c b/fs/ocfs2/dlmfs/dlmfs.c
> index 81265123ce6c..b38776ba3306 100644
> --- a/fs/ocfs2/dlmfs/dlmfs.c
> +++ b/fs/ocfs2/dlmfs/dlmfs.c
> @@ -80,8 +80,7 @@ static int param_set_dlmfs_capabilities(const char *val,
> static int param_get_dlmfs_capabilities(char *buffer,
> const struct kernel_param *kp)
> {
> - return strlcpy(buffer, DLMFS_CAPABILITIES,
> - strlen(DLMFS_CAPABILITIES) + 1);
> + return sysfs_emit(buffer, DLMFS_CAPABILITIES);
> }
> module_param_call(capabilities, param_set_dlmfs_capabilities,
> param_get_dlmfs_capabilities, NULL, 0444);
> --
> 2.42.0.283.g2d96d420d3-goog
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-09-13 3:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-31 19:38 [PATCH v2] fs: ocfs2: Replace strlcpy with sysfs_emit Azeem Shaikh
2023-08-31 21:04 ` Kees Cook
2023-09-13 3:47 ` Joseph Qi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox