From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB8EBC83F10 for ; Thu, 10 Jul 2025 02:48:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5DB376B00AC; Wed, 9 Jul 2025 22:48:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 58C5C6B00AF; Wed, 9 Jul 2025 22:48:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 47B7E6B00B0; Wed, 9 Jul 2025 22:48:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 35F1C6B00AC for ; Wed, 9 Jul 2025 22:48:59 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id BA2C51A0418 for ; Thu, 10 Jul 2025 02:48:58 +0000 (UTC) X-FDA: 83646822756.10.9A0F4FE Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf24.hostedemail.com (Postfix) with ESMTP id 2DB1E180002 for ; Thu, 10 Jul 2025 02:48:56 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=TJ555ojK; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf24.hostedemail.com: domain of alx@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=alx@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752115737; a=rsa-sha256; cv=none; b=DaxFGedCSvyG134kkoSjUY7qNr6rRGkIzkrXi11fmctc9lhKQ/JbfKH7uiEH7D+bYCTEH8 81Tvyf03GqxbbIFOa8hLSRVg9W3GvkenC5dps5odZWtcwF42zCX3jYlla0dLD56jNHqlfr 9P2OLLHreH4XO7h+3zIFEbkPnOO+5hc= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=TJ555ojK; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf24.hostedemail.com: domain of alx@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=alx@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1752115737; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=A60N8FD+fPkaE6xz5lXx6d3HJmhqmVa4D/2eE+ZRcKM=; b=t+yGiJ6OnWOWP8CjYI/3Ct0j+/XBd6Hoc4t8wQaIWLYLewuQ9vCYfxKqYZiSA3L78XdVyX K4ZvEcEUb5gQTRGR9J0onT+LGDM1lSUyYmrQDVT06Yqkothjxft8F7acAFzyTVv0Ou6WML gjm1/s7K/k+UlWmgoix3zcurLEhe/zw= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 8CC9FA50119; Thu, 10 Jul 2025 02:48:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 53A6AC4CEEF; Thu, 10 Jul 2025 02:48:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1752115736; bh=PdAxg442zwuG6bQe5bBQL6WgslGOXy2uA5CfnfLJmEM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=TJ555ojKw/Ym1H1ofrJNdbx2gI0yCOWAR5I9V88VfdQtPrtDBBdY+g2sh2gZMtMBn oFxSO9VwjAO3IijZFxJ1hbgxlMf2VJGh9nviCfpJoGZV7wwCNvHGGc2WOpsc7ywGoL vw22WAPcl0IJ2xWBgaQZ3bspwJX36DL2BhCj7AMf9TCacmrq4XVhCeMOzynZIIV8uh K9XH4aO3/k9R8gdaNGv246ERSFbeFyQanfSAMCa7r5rF6ekTc9jk0mvc5DBH1deY3n 3HkxNha0PmcELuN2slgoTr+tdF3TM9MNzcabeYJLjDFln8Gz0xRchZXt3aOHriYuUT YsbpqrCfCURjw== Date: Thu, 10 Jul 2025 04:48:49 +0200 From: Alejandro Colomar To: linux-mm@kvack.org, linux-hardening@vger.kernel.org Cc: Alejandro Colomar , Kees Cook , Christopher Bazley , shadow <~hallyn/shadow@lists.sr.ht>, linux-kernel@vger.kernel.org, Andrew Morton , kasan-dev@googlegroups.com, Dmitry Vyukov , Alexander Potapenko , Marco Elver , Christoph Lameter , David Rientjes , Vlastimil Babka , Roman Gushchin , Harry Yoo , Andrew Clayton , Rasmus Villemoes , Michal Hocko , Linus Torvalds , Al Viro , Jann Horn Subject: [RFC v4 5/7] mm: Fix benign off-by-one bugs Message-ID: <44a5cfc82acfdef6d339e71f1b214c443f808598.1752113247.git.alx@kernel.org> X-Mailer: git-send-email 2.50.0 References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 2DB1E180002 X-Stat-Signature: iqidt5jkf44h3ma19ynxhji8nejrh5hg X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1752115736-927271 X-HE-Meta: U2FsdGVkX1+WrsmGoXtguSqt27jm+t2bgihHgtHNyb1Xd412DqbTs3RHCq72mIHPxR/TjvkLdy43aPNgbj/4fZzzSSTGNbddXRP9fPBRwU5pE3uBt3yBR7S1L+8U1ltlu9Zb7E40sLIkh9yp0N0ClZmjmXiC+exNQ/OUaRasfbMuzkNf/URxsfH7O6qkv5rTV5K7nzhIUwp6Yqfj4sQuPkywz7jMAtJNGWsKhdfShwWADLEsXzKtUhTYLkSiCvyAPaeHCd4kwk9jUvLSRf0Vx63gPSlobV1VjrUO1O26mVtfgofPABx+asz3amSa1OYr7UlHsDGnQILNGGqCVlayDkgnmHUtJkBgtJ7/Dkb8jFtKWjCl7T+Z/l4jd3arXFGanYpKX6qv857+c7MVGrAzdx83RJO58eY9yaHvRf+jQyHVx92YkYSkHHARYbCNIDrHFBv9xyfM0AtUtqO08aqI1FqNlihJpq5t7Y/r/4nbFuHc+YhPUoMJEHprJFZMFQ7jtUf2cxUJVGWS4TEx5pd0F9woLuJCL1hAOJfu5vw2uNInuWxYPwB9/Og26eu/nsUjZHBaBfgObmoMyuvK1UkKbdpMUEKtH+PLlDcusXPcYVPzI5Vxy0BkTpp9ZEoUzUNFFY/sAN+QOyJbMYLLUfSe6nQII8s5QQCSeqMfpwJfZQPLJCODfHbRHyiYgwKUyjeIcshTCTJSl1DVrWYhtnNz9ZU+eNIK5zcBnNAsaIBbDJmc5+NL7Dl92EZfJoeYHyDE0cZEk7xahuzvcdUELxg/4yPzv3iJ2h4aQgTzc7IPnMLZmvxpozDSKMvzqY52jA2lfBzbUkRRQxHX6WwSUMOZtrNOCR0MM6tQOaEY9H5JtxGxFkO48G9pBNn25CvbDvjEeCAwHRzxQm6ULuyEczNjT+c+rg0vl3r4lCPCJBFTuREr1EdFMyAnfYPAxFAltIWNlHIub+QdIR7d6ZQKfgP 1wti+Ci7 X5qkwFf5pmUgdwaxgSRS0RIRnr+5a16Kv1q1eshefy4GUYmWIfsnA4RW7hlCgqRRBV00ky3cihYcnRu01GEi47EDgzANVkjAqJ0Atzxp737FC6R4OSYpJQLUlDyQNFxF8y3e00tFhAv4W1rkADEe52/DieK88MfEQF/FdF1Dnop3UbxtElhuD+FeTlDhZQU6eTQugkyPDNsZNKwIbUz2JxShh0QVYiBS1BUCWo31RnM7zTmy7KprtwDUp70p571dNfxkubgBeBaQzR67APdhp0Ir4S85Vz0vEpD36i2WdiMsj3hOvUW578HaRWShL/zGlRh52HIMnu1FthKzDK/X84XSHtSOnbYJGhLEb6VV+5aFbozaysvdNW3yHSRifvvYTwwf71aEKCtKWvEcxhlc5W/rOLXYWD+MJWBDkgTMVMsXwUG4MisdMiu3/6h6Fjkva9wTdmGchJfO7eRvw8sS1JBf4FSQE7eT/fmw8oSCQ0aNz2NGobndQV9q1aQ5rieRO7hlAzK3oFSQez54kJ90AyQewoSI8lSGxwdoQ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: We were wasting a byte due to an off-by-one bug. s[c]nprintf() doesn't write more than $2 bytes including the null byte, so trying to pass 'size-1' there is wasting one byte. Now that we use seprintf(), the situation isn't different: seprintf() will stop writing *before* 'end' --that is, at most the terminating null byte will be written at 'end-1'--. Acked-by: Marco Elver Cc: Kees Cook Cc: Christopher Bazley Cc: Alexander Potapenko Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Jann Horn Cc: Andrew Morton Cc: Linus Torvalds Cc: Rasmus Villemoes Cc: Marco Elver Cc: Michal Hocko Cc: Al Viro Signed-off-by: Alejandro Colomar --- mm/kfence/kfence_test.c | 4 ++-- mm/kmsan/kmsan_test.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mm/kfence/kfence_test.c b/mm/kfence/kfence_test.c index bae382eca4ab..c635aa9d478b 100644 --- a/mm/kfence/kfence_test.c +++ b/mm/kfence/kfence_test.c @@ -110,7 +110,7 @@ static bool report_matches(const struct expect_report *r) /* Title */ cur = expect[0]; - end = &expect[0][sizeof(expect[0]) - 1]; + end = ENDOF(expect[0]); switch (r->type) { case KFENCE_ERROR_OOB: cur = sprintf_end(cur, end, "BUG: KFENCE: out-of-bounds %s", @@ -140,7 +140,7 @@ static bool report_matches(const struct expect_report *r) /* Access information */ cur = expect[1]; - end = &expect[1][sizeof(expect[1]) - 1]; + end = ENDOF(expect[1]); switch (r->type) { case KFENCE_ERROR_OOB: diff --git a/mm/kmsan/kmsan_test.c b/mm/kmsan/kmsan_test.c index e48ca1972ff3..9bda55992e3d 100644 --- a/mm/kmsan/kmsan_test.c +++ b/mm/kmsan/kmsan_test.c @@ -105,7 +105,7 @@ static bool report_matches(const struct expect_report *r) /* Title */ cur = expected_header; - end = &expected_header[sizeof(expected_header) - 1]; + end = ENDOF(expected_header); cur = sprintf_end(cur, end, "BUG: KMSAN: %s", r->error_type); -- 2.50.0