From: Xiujianfeng <xiujianfeng@huawei.com>
To: Dmitry Antipov <dmantipov@yandex.ru>,
Nicolas Bouchinet <nicolas.bouchinet@oss.cyber.gouv.fr>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E . Hallyn" <serge@hallyn.com>
Cc: "linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH] lockdown: avoid extra call to strlen() in lockdown_read()
Date: Fri, 15 Aug 2025 12:28:36 +0000 [thread overview]
Message-ID: <d20a898c651c4e77bc32d01cf769682f@huawei.com> (raw)
Hi Dmitry,
> Since s*printf() family of functions returns the number of characters emitted,
> avoid redundant call to strlen() in lockdown_read() and prefer
> snprintf() over sprintf() for an extra protection against buffer overflow.
>
> Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
> ---
> security/lockdown/lockdown.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
> index cf83afa1d879..10537d7c4437 100644
> --- a/security/lockdown/lockdown.c
> +++ b/security/lockdown/lockdown.c
> @@ -106,9 +106,13 @@ static ssize_t lockdown_read(struct file *filp, char
> __user *buf, size_t count,
> const char *label = lockdown_reasons[level];
>
> if (kernel_locked_down == level)
> - offset += sprintf(temp+offset, "[%s] ", label);
> + offset += snprintf(temp + offset,
> + sizeof(temp) - offset,
> + "[%s] ", label);
> else
> - offset += sprintf(temp+offset, "%s ", label);
> + offset += snprintf(temp + offset,
> + sizeof(temp) - offset,
> + "%s ", label);
> }
> }
>
> @@ -116,7 +120,7 @@ static ssize_t lockdown_read(struct file *filp, char
> __user *buf, size_t count,
> if (offset > 0)
> temp[offset-1] = '\n';
>
> - return simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
> + return simple_read_from_buffer(buf, count, ppos, temp, offset);
Thanks for your patch.
Since the current `lockdown_levels` array is static and has only three members,
and the total number of characters of these three reasons is far from exceeding 80,
there seems to be no risk of buffer overflow for now.
About the change to strlen, I think lockdown_read() is not on the hot path, the impact
is minimal.
So I prefer to leave them as is, thanks.
Best regards,
Xiu
> }
>
> static ssize_t lockdown_write(struct file *file, const char __user *buf,
> --
> 2.50.1
next reply other threads:[~2025-08-15 12:28 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-15 12:28 Xiujianfeng [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-08-14 14:00 [PATCH] lockdown: avoid extra call to strlen() in lockdown_read() Dmitry Antipov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d20a898c651c4e77bc32d01cf769682f@huawei.com \
--to=xiujianfeng@huawei.com \
--cc=dmantipov@yandex.ru \
--cc=jmorris@namei.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nicolas.bouchinet@oss.cyber.gouv.fr \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).