From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A195AC83F17 for ; Fri, 11 Jul 2025 01:57:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 312D28D0007; Thu, 10 Jul 2025 21:57:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 295808D0001; Thu, 10 Jul 2025 21:57:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 184058D0007; Thu, 10 Jul 2025 21:57:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 032FA8D0001 for ; Thu, 10 Jul 2025 21:57:28 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id AD5855F3A7 for ; Fri, 11 Jul 2025 01:57:27 +0000 (UTC) X-FDA: 83650321734.22.17DE1AE Received: from tor.source.kernel.org (tor.source.kernel.org [172.105.4.254]) by imf05.hostedemail.com (Postfix) with ESMTP id 1DFF910000C for ; Fri, 11 Jul 2025 01:57:26 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=roC9g9PB; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of alx@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=alx@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1752199046; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=kxlwBtIVhGWZ8OoO7pHlpnuOe3FSmc3gWsDT8zjGSd4=; b=zHy23y1seISxFXmwOqw+D7650qG0PXNjQCfR4Dl5iwaLOq4x00yhxFjhfXbPowA3TfzL/q 4jjTy/FkXV2WAYPaOEIfab1ruBwdtD0i+2AUQPx3LA6QGOYEE9TorBKZs/VYh9v1qdIhUn qHy9R6ap+tLdHz3eEW4dl+RqRzFdd8A= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=roC9g9PB; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of alx@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=alx@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752199046; a=rsa-sha256; cv=none; b=B7tJCqBVfYGX+F06+eYoi5GE5Q78ylUYzyTGNeZOrCbuA04cl8nsrCnJc6w772nA45BJpu Ov3fqMnkiowfTQJbzguf2KdmqJlNa2zg8LbuOMii0NVuPcbTerHmvtGDvyK8rqwmBceeFM sPADpkIag3TH3RWWVK9ZWVAExeMdBkc= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by tor.source.kernel.org (Postfix) with ESMTP id 920926154B; Fri, 11 Jul 2025 01:57:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 922DFC4CEF6; Fri, 11 Jul 2025 01:57:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1752199045; bh=wFPXfnEZslZWUhJFarJBIrU2i1EIAu502D8Y+SMDH6M=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=roC9g9PB77gNhNlj66Cup0sdQVFzv8n2cuImhV6NeWw054uR2YtdJ5w3gv13YNayC T+qeUiJwBXOnpGCeA8HuQMJSBuYSrLJji3PGOyXDrykwfQzgcVhGnxXjd8G9Kw5Qd9 iieOWBYqaD2apefAviM+gfdhQlL10dMjz1T4qvZFE8Hz4gpm5cehM3ztxYUKBOfoIF Dq18+S6bwzcE2N+FPwtdb8pjhQ0Q/WYGMdH4JoeQystSeFf9zdaaetuL6UKHouVovh R7ZFtlsDBqGdDnclfYfxTgHOguR8tzufFeG0IEeesnKtzR3R4mf3TL31WxnR2eWuMO 6TfugDFBAVfJA== Date: Fri, 11 Jul 2025 03:57:18 +0200 From: Alejandro Colomar To: linux-mm@kvack.org, linux-hardening@vger.kernel.org Cc: Alejandro Colomar , Kees Cook , Christopher Bazley , shadow <~hallyn/shadow@lists.sr.ht>, linux-kernel@vger.kernel.org, Andrew Morton , kasan-dev@googlegroups.com, Dmitry Vyukov , Alexander Potapenko , Marco Elver , Christoph Lameter , David Rientjes , Vlastimil Babka , Roman Gushchin , Harry Yoo , Andrew Clayton , Rasmus Villemoes , Michal Hocko , Linus Torvalds , Al Viro , Martin Uecker , Sam James , Andrew Pinski , Jann Horn Subject: [RFC v6 7/8] mm: Fix benign off-by-one bugs Message-ID: X-Mailer: git-send-email 2.50.0 References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 1DFF910000C X-Stat-Signature: b9jepib4uugx3tqbj94jx4j1za4pt9ax X-Rspam-User: X-HE-Tag: 1752199046-885780 X-HE-Meta: U2FsdGVkX18sPb1qGagf0StramaWZMe4TofbfSEyaK2XKI3//VEbLqxqww94Hll/faszWxaklpKUz/fK2hU3duBnS/K92X8ZbjkcSPAaPs6rTwvT6a1GYZ8KQajDw/nrIQklFjJ/Bap64Cmy2p3gC4EbKGtcFKOBrdkPEb8WfpuCWoYqfDEAEjLoFggNmQL/TiUTw9hGwGot+AJpJ8Ka6hy/smS43jxjYQFgY2xmn+FaK7FqtKcOm3NhkVU6tVSlUeLXmN6g3uGfOTiUsC5VhFNYiamrzDLtbVd+xk+UyXA9xUVsIOFXYjj/SEJ+OWsBCkhWt0YEl9JSpVCb3nOqfq5frcsR3i30Z2Y4iIa1qCAJd7hGvigBmVDfI9+v5ISySTWeiKul4VAq7AQUvO1MPZtCmGyKYfPCfKbK1gHHyJhAQxuG8MIsw4zZ/2vp0K0AHz+Qcg8TKoKI32YubxzuU49mkbxYbfYN1h7FX14SmJO+t2uPKLFBo4oTrvZTi9z4kouo8sbDwx9XgBN3M5v16peT9BW5K7AOLVDdfoJpV77/YdKt8BL+SsMG3DHwTP8I6o07nxZ7QRutMURs4LRToAp3i0U1N5tYoRXDmy2POr/xsbgeMlrA+YJIE74/yDPzDQs/8TfM41JIxtk3kRnL55vG0iQrfI7FfYRYtspKc19y7DS/fhO94357T8KsdG4i8erb9DZ27HxhkRZ3bL1OA6OS9gQFGpp1XRug91cRNQZaxeTbgGkdX5++DHeaM+NeIBtdhoI+wLmMakP1jAYrJeCc4r7sas7yjjVxJF+d3Mrjynu6j9yLctSK2wcvetg0vnda3R48ILPggIZfrfwXSJ8i0bJmQT3xABonMiQbD3luD+1baX9GWNIYwpkzPP3iLHaHJFk+/kkNeffyiY9EfBxsdjKruUIwDJLMdSCoygUjYVnhtuGfhcxogguT8FTFlQeTEve/OkSRD6E4i3x NB0I2q3Z A1K0FpiTYqFGHvO6JyfYW1yNDrffezkZ/hnjmQ5sYwO6Bw+AzbEWEktlPrwF2meCdubgKVqgcNBvZ1WSnXmn/CpPZcGYN4vHK1e+ZSFRxZX7YO7H/q/zauPfKrC/Qrs7oiY2pdnVdIssp5ZDhWp+UWBvPryYIzqEAjXKmzgocRAIfUCV8Mv7AiJFNlBN2tuP1AFjBasRG2r36IF+blQRmoqU9k/jOronlEXY3pySi/Q1h11vHv5PdL5FZbX6wsQw6uDcVmdC/VdkN0io7RrX1+7AbxmhRTJCp+fQCVjjuK3TyNIhjfBylaIBly11vrqoiqYu7vMSxYA5lU3tmzDiKC+cMtC7xXWNeSYIMcAdQWuYVwbt0Y/qUJpDtWD8zCuOUkEMkrKe7n+LuZamv+M3WI5cXPbTz+uZ7JZ5J45UDHKslJy6g2e4GWpnp2DLXEIM5fUDSqI/qmsEoSf8RvTJmVXXoRl2rImvTcOXxZrSfNDVQ5w0f3JoLRxAcNq0Z05Au7CDFWjirr5YlUorzEFopI9oYdsvQxmKjX5MH X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: We were wasting a byte due to an off-by-one bug. s[c]nprintf() doesn't write more than $2 bytes including the null byte, so trying to pass 'size-1' there is wasting one byte. Now that we use sprintf_end(), the situation isn't different: sprintf_end() will stop writing *before* 'end' --that is, at most the terminating null byte will be written at 'end-1'--. Acked-by: Marco Elver Cc: Kees Cook Cc: Christopher Bazley Cc: Alexander Potapenko Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Jann Horn Cc: Andrew Morton Cc: Linus Torvalds Cc: Rasmus Villemoes Cc: Marco Elver Cc: Michal Hocko Cc: Al Viro Signed-off-by: Alejandro Colomar --- mm/kfence/kfence_test.c | 4 ++-- mm/kmsan/kmsan_test.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mm/kfence/kfence_test.c b/mm/kfence/kfence_test.c index bae382eca4ab..c635aa9d478b 100644 --- a/mm/kfence/kfence_test.c +++ b/mm/kfence/kfence_test.c @@ -110,7 +110,7 @@ static bool report_matches(const struct expect_report *r) /* Title */ cur = expect[0]; - end = &expect[0][sizeof(expect[0]) - 1]; + end = ENDOF(expect[0]); switch (r->type) { case KFENCE_ERROR_OOB: cur = sprintf_end(cur, end, "BUG: KFENCE: out-of-bounds %s", @@ -140,7 +140,7 @@ static bool report_matches(const struct expect_report *r) /* Access information */ cur = expect[1]; - end = &expect[1][sizeof(expect[1]) - 1]; + end = ENDOF(expect[1]); switch (r->type) { case KFENCE_ERROR_OOB: diff --git a/mm/kmsan/kmsan_test.c b/mm/kmsan/kmsan_test.c index e48ca1972ff3..9bda55992e3d 100644 --- a/mm/kmsan/kmsan_test.c +++ b/mm/kmsan/kmsan_test.c @@ -105,7 +105,7 @@ static bool report_matches(const struct expect_report *r) /* Title */ cur = expected_header; - end = &expected_header[sizeof(expected_header) - 1]; + end = ENDOF(expected_header); cur = sprintf_end(cur, end, "BUG: KMSAN: %s", r->error_type); -- 2.50.0