From: Ryan Mallon <rmallon@gmail.com>
To: Mark Salter <msalter@redhat.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH 01/24] fix default __strnlen_user macro
Date: Thu, 01 Sep 2011 11:54:35 +1000 [thread overview]
Message-ID: <4E5EE5DB.3030101@gmail.com> (raw)
In-Reply-To: <1314841084.2344.113.camel@deneb.redhat.com>
On 01/09/11 11:38, Mark Salter wrote:
> On Thu, 2011-09-01 at 09:30 +1000, Ryan Mallon wrote:
>> On 01/09/11 07:26, Mark Salter wrote:
>>> The existing __strnlen_user macro simply resolved to strnlen. However, the
>>> count returned by strnlen_user should include the NULL byte. This patch
>>> fixes the __strnlen_user macro to include the NULL byte in the count.
>>>
>>> Signed-off-by: Mark Salter<msalter@redhat.com>
>>> ---
>>> include/asm-generic/uaccess.h | 2 +-
>>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>>
>>> diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
>>> index ac68c99..1d0fdf8 100644
>>> --- a/include/asm-generic/uaccess.h
>>> +++ b/include/asm-generic/uaccess.h
>>> @@ -289,7 +289,7 @@ strncpy_from_user(char *dst, const char __user *src, long count)
>>> * Return 0 on exception, a value greater than N if too long
>>> */
>>> #ifndef __strnlen_user
>>> -#define __strnlen_user strnlen
>>> +#define __strnlen_user(s, n) (strnlen((s), (n)) + 1)
>>> #endif
>> I don't think this is correct because if you hit maxlen you will add one
>> to it. e.g. __strnlen_user("abcd\0", 3) would return 4 instead of 3.
> Yes, one would think so, but that doesn't seem to be the case. Looking
> at various places that call strnlen_user, you'll find checks for that.
> For one example, mm/util.c:
>
> char *strndup_user(const char __user *s, long n)
> {
> char *p;
> long length;
>
> length = strnlen_user(s, n);
>
> if (!length)
> return ERR_PTR(-EFAULT);
>
> if (length> n)
> return ERR_PTR(-EINVAL);
Sure, but that isn't a good reason to not write it correctly according
to the API description. There are also places where that check doesn't
happen like fs/exec.c and the rather dodgy looking usage in
kernel/auditsc.c which appears to rely on it returning n + 1 in the
maxlen case.
It should either be changed as I suggested, or the comment in uaccess.h
should be updated to reflect the actual behaviour of the function
(stating that it returns n + 1 in the case where n is reached). Either
way, its probably worth doing a quick check through the arch specific
versions to see what their behaviour really is. It looks like there are
potentially some subtle bugs at the callsites.
~Ryan
next prev parent reply other threads:[~2011-09-01 1:54 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-31 21:26 [PATCH v2 00/24] C6X: New architecture patch set Mark Salter
2011-08-31 21:26 ` [PATCH 01/24] fix default __strnlen_user macro Mark Salter
2011-08-31 23:30 ` Ryan Mallon
2011-09-01 1:38 ` Mark Salter
2011-09-01 1:54 ` Ryan Mallon [this message]
2011-09-01 19:23 ` Mark Salter
2011-09-01 23:34 ` Ryan Mallon
2011-08-31 21:26 ` [PATCH 02/24] fixed generic page.h for non-zero PAGE_OFFSET Mark Salter
2011-08-31 21:26 ` [PATCH 03/24] add ELF machine define for TI C6X DSPs Mark Salter
2011-08-31 21:26 ` [PATCH 04/24] C6X: build infrastructure Mark Salter
2011-08-31 21:26 ` [PATCH 05/24] C6X: early boot code Mark Salter
2011-08-31 21:26 ` [PATCH 06/24] C6X: devicetree Mark Salter
2011-09-12 20:11 ` Grant Likely
2011-09-12 23:20 ` Mark Salter
2011-09-13 6:43 ` Arnd Bergmann
2011-09-13 12:39 ` Mark Salter
2011-09-13 15:33 ` Arnd Bergmann
2011-09-13 17:54 ` Grant Likely
2011-09-13 20:11 ` Arnd Bergmann
2011-09-13 22:26 ` Mark Salter
2011-08-31 21:26 ` [PATCH 07/24] C6X: memory management and DMA support Mark Salter
2011-08-31 21:26 ` [PATCH 08/24] C6X: process management Mark Salter
2011-08-31 21:26 ` [PATCH 09/24] C6X: signal management Mark Salter
2011-09-01 9:50 ` Matt Fleming
2011-09-01 19:15 ` Mark Salter
2011-08-31 21:26 ` [PATCH 10/24] C6X: time management Mark Salter
2011-09-09 14:19 ` Thomas Gleixner
2011-09-12 14:12 ` Mark Salter
2011-09-13 1:16 ` john stultz
2011-09-13 3:18 ` Mark Salter
2011-09-13 3:44 ` john stultz
2011-08-31 21:26 ` [PATCH 11/24] C6X: interrupt handling Mark Salter
2011-09-09 14:33 ` Thomas Gleixner
2011-09-12 14:27 ` Mark Salter
2011-09-12 14:30 ` Thomas Gleixner
2011-09-12 20:01 ` Grant Likely
2011-08-31 21:26 ` [PATCH 12/24] C6X: syscalls Mark Salter
2011-08-31 21:26 ` [PATCH 13/24] C6X: traps Mark Salter
2011-08-31 21:26 ` [PATCH 14/24] C6X: clocks Mark Salter
2011-08-31 21:26 ` [PATCH 15/24] C6X: cache control Mark Salter
2011-08-31 21:26 ` [PATCH 16/24] C6X: loadable module support Mark Salter
2011-08-31 21:26 ` [PATCH 17/24] C6X: ptrace support Mark Salter
2011-08-31 21:26 ` [PATCH 18/24] C6X: headers Mark Salter
2011-08-31 21:26 ` [PATCH 19/24] C6X: library code Mark Salter
2011-08-31 21:26 ` [PATCH 20/24] C6X: general SoC support Mark Salter
2011-08-31 21:26 ` [PATCH 21/24] C6X: specific " Mark Salter
2011-08-31 21:26 ` [PATCH 22/24] C6X: EMIF - External Memory Interface Mark Salter
2011-08-31 21:26 ` [PATCH 23/24] C6X: Power and Sleep Controller Mark Salter
2011-08-31 21:34 ` [PATCH v2 00/24] C6X: New architecture patch set Mark Salter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E5EE5DB.3030101@gmail.com \
--to=rmallon@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=msalter@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox