From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C4370C369D7 for ; Wed, 23 Apr 2025 00:20:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EDF0B6B0008; Tue, 22 Apr 2025 20:20:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E66046B000A; Tue, 22 Apr 2025 20:20:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C92506B000C; Tue, 22 Apr 2025 20:20:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id A65226B0008 for ; Tue, 22 Apr 2025 20:20:14 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 8B6F31623E5 for ; Wed, 23 Apr 2025 00:20:15 +0000 (UTC) X-FDA: 83363401590.15.4DB6F42 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf04.hostedemail.com (Postfix) with ESMTP id D25EC40005 for ; Wed, 23 Apr 2025 00:20:13 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=wGqd3kU4; dmarc=none; spf=pass (imf04.hostedemail.com: domain of akpm@linux-foundation.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745367614; a=rsa-sha256; cv=none; b=UMj83/Kko57XWOOshCBKvetUU1AVjmew1OWXWMUskmCkVL35WPeYLO+hqHTlN1dS1YNRav VySmbbVTkUZ5bfCpouynirRRCxnvFLy8PmWvRKrxV1s5BY1FOqM9nJiviLIWMSB4pVtU1f uUg2lTNfUHLXO9phHTuJ9eD5RHXJbrg= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=wGqd3kU4; dmarc=none; spf=pass (imf04.hostedemail.com: domain of akpm@linux-foundation.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1745367614; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/IlTdmsbi61pDQOXi1TVzTBGWNaRtNdMqMu80BsC1hg=; b=Qzw4Y0bfYCZvvw7Zj+nyrv6og/ecYqMKhTbrnGn+zPYzoEGXwyYlvjbr2Ky6g186IxqZhD lYJ5tcOBe10lNMhccgDBsIhA9w6P/3djYo+BJEHzK3X2brZtWDhi1nYgiRHZG2vQYre6G0 JMrjsPNlkQHgwcmPtClFgSslLkkXKYY= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 1205DA4BF33; Wed, 23 Apr 2025 00:14:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 72546C4CEEC; Wed, 23 Apr 2025 00:20:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1745367612; bh=JiYKYwIlggoXaMGUSuySy12m3WMDMH23uuAhv8VzJ9E=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=wGqd3kU4TiUNozMylRf7ZRapHRxqFfIXkVFguKnhcTggZUKOihtgqz5wqh69hAvPA D7qD7DX/6iQSzMQrz58Bhx44lxaByL5qpiRAA5sB18+zXK0VBgRD3+IMLLi7YIsI8o bqsmnMAywBXWauX4H5YQHU2w5zVGebPKBs82xrWQ= Date: Tue, 22 Apr 2025 17:20:11 -0700 From: Andrew Morton To: Mykyta Yatsenko Cc: linux-mm@kvack.org, rostedt@goodmis.org, mhiramat@kernel.org, andrii@kernel.org, kernel-team@meta.com, linux-kernel@vger.kernel.org, Mykyta Yatsenko , Kees Cook Subject: Re: [PATCH v2] maccess: fix strncpy_from_user_nofault empty string handling Message-Id: <20250422172011.feb243d2f7478c0e7109b74c@linux-foundation.org> In-Reply-To: <20250422131449.57177-1-mykyta.yatsenko5@gmail.com> References: <20250422131449.57177-1-mykyta.yatsenko5@gmail.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: D25EC40005 X-Stat-Signature: tyctrcjd6s7fpr7jqkok3j1cgxzr9zas X-Rspam-User: X-HE-Tag: 1745367613-208272 X-HE-Meta: U2FsdGVkX1+Jpu4oe9uJ++pFeROTR0ZMdfRDiT+E8odQrGsQRlqw5DwcQiL4QF9WGact/TfwrEd+Mh08cq3B8qycTTdGise9y9tfDbseiPYL7iOzql9oWxWMKbU5uwXORu3gwrIbtDoh8jVliiRVVCaYUDmooJ2A66pXquea0Y+n9d00Mwpjk8+ldYU9wnKCrsZCiqBmoqNT6vkcEeyMFDy0wB9lnr6VX2bd8hSEMF7Qi/pjfwl09CTs7jVg0neK1yEWVk0bt/rDExqf8ThOt8cl0vDZEJmhFiZzWw2w68AVsRfxGeUNO/XXcyjWGmwI2+fhrMFb5MEENdGuH55cjva6x5qqtZP0TLYwaIviYGhG4ynbs9JVv6uLzr014CVg53UtIcDqMOE8DqJsU0di34Jgd2ULCbEAhGaynKmFYjIb8tCN7xiYz4/n+2Lo8FO7nMg0Infa8mlY83dOn2cBzu575o0Q9pJkcKKNhjkdVF+T5V/mLVlkwi2GqsSR1zbCygqf/Dpc4rUZ4ICLUdn0RZFyfK3Dg8CfAndMaOBrOLkCMvubfNTHB6BM32rhyb9hy9mf815KhRx9WsY3J7r2X56rJx3dP3llXuc9YFt5pkE+NZhNaL3OYHz1YHIZWmbzrI/CkWOLUjgOm9em9g9ZuaKdugpC/rlLVdBQUKCNknmuFTmYJAnwMFiHqUKdmZkGoBJq1DLgbSDa43Kiz1kP18LB5ZgXHw0Ta7RapENqByDHKJPokPNmfa00aKupvumfruZJJJiYmxXpkVggBsso6NGDlMGXfEvxTt2MLnGBbg+SfwFDmCAGFEddNI0hkSdBQSST+U/jezVQDvZNBP3csZKCisrYqBkdw/BSrLYPhfO3go1YehpxUUsGQLPN7YCJFxnVNQxCUeA+25RdK4pGoH25q9tnhUxh+/bccKm1qG0zEPH/nvGLaRC0tHAplre+JutDhm6v0wFiOkh2R7d b5qA93pF ZNDlA1wxZPZo1hGA8KF8i6MU1UkQbEIkvhz/QgvuSdTuosYKEmSBdW1ymieRs53jq8rupCBuGWtv2DCc1fJm/6i3tKNmM+AaSMEw80BewoxyPkzP4tAAGn6mzPHnN4Vxc8n7x3hJPGluyP7eJqUCmnYid8E0ucjHAdcA4BYKP5ru5lWMVp0Yj7iqLnJkzcmZKPkpUqEdQqgBfErFZNt6/ZU/qVZUc4MNL2A/MJv+QdXGi2ZNRV4Eopr9499+mXf3XtUX2q8taOgloFmD5zkuf+ozLhTRgaLs3021DEZvJVDerPCSzJMv1WgV8lcOQDyZP6NLwPvdbyhf56kzossFUX1XN0Q1jTyZ0fQe2NVCE3MkF31hMRfJCVZkiv9T4lN51peQa+ZedPFPnq1NvHttGRcJFdHMTRus3LuIyXbv4gzwhTnaFXJfp26WA9710aRWBLvnS X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, 22 Apr 2025 14:14:49 +0100 Mykyta Yatsenko wrote: > From: Mykyta Yatsenko > > strncpy_from_user_nofault should return the length of the copied string > including the trailing NUL, but if the argument unsafe_addr points to > an empty string ({'\0'}), the return value is 0. > > This happens as strncpy_from_user copies terminal symbol into dst > and returns 0 (as expected), but strncpy_from_user_nofault does not > modify ret as it is not equal to count and not greater than 0, so 0 is > returned, which contradicts the contract. > > ... > Thanks. Does this fix any known runtime issue? If so, please fully describe this? > --- a/mm/maccess.c > +++ b/mm/maccess.c > @@ -196,7 +196,7 @@ long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr, > if (ret >= count) { > ret = count; > dst[ret - 1] = '\0'; > - } else if (ret > 0) { > + } else if (ret >= 0) { > ret++; > } >