From: Tejun Heo <tj@kernel.org>
To: Azeem Shaikh <azeemshaikh38@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
security@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] kernfs: Prefer strscpy over strlcpy calls
Date: Wed, 10 May 2023 08:51:16 -1000 [thread overview]
Message-ID: <ZFvnpCZM-XbOFFVh@slm.duckdns.org> (raw)
In-Reply-To: <CADmuW3XiYpGK7BessXJWjGnnxZti_3mawDSX7QPawsfmATxCng@mail.gmail.com>
Hello,
On Wed, May 10, 2023 at 12:03:41PM -0400, Azeem Shaikh wrote:
> > > static int kernfs_name_locked(struct kernfs_node *kn, char *buf, size_t buflen)
> > > {
> > > if (!kn)
> > > - return strlcpy(buf, "(null)", buflen);
> > > + return strscpy_mock_strlcpy(buf, "(null)", buflen);
> > >
> > > - return strlcpy(buf, kn->parent ? kn->name : "/", buflen);
> > > + return strscpy_mock_strlcpy(buf, kn->parent ? kn->name : "/", buflen);
> > > }
> >
> > Can you follow the users and convert the users accordingly rather than
> > masking it from here? ie. make kernfs_name() and friends return -E2BIG when
> > source is too long like strscpy(). I don't think anybody cares, actually.
> >
>
> I found 4 transitive callers of kernfs_name across the kernel, all of
> whom eventually ignored the return value:
>
> 1. fs/kernfs/dir.c: calls kernfs_name. Ignores return value.
> 2. include/linux/cgroup.h: calls kernfs_name from cgroup_name. returns
> the value of kernfs_name.
> 3. kernel/cgroup/debug.c: calls cgroup_name. Ignores return value.
> 4.mm/page_owner.c: calls cgroup_name. Ignores return value.
>
> So replacing directly with strscpy here should be safe. Let me know
> what you think.
That sounds great to me. I have a hard time imagining needing the length
return for single component name.
> > > /* kernfs_node_depth - compute depth from @from to @to */
> > > @@ -141,13 +148,13 @@ static int kernfs_path_from_node_locked(struct kernfs_node *kn_to,
...
> > Ditto, please convert all the users accordingly. If that's not feasible, I
> > think it'd be better to leave it as-is. I don't see how the new code is
> > better.
>
> kernfs_path_from_node has quite a few transitive callers. I'll leave
> this as-is for now and consider tackling this separately.
Yeah, I could be misremembering but istr some place which actually uses the
length return to extend buffer allocation, so this might be challenging.
Thanks.
--
tejun
prev parent reply other threads:[~2023-05-10 18:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-10 1:11 [PATCH v2] kernfs: Prefer strscpy over strlcpy calls Azeem Shaikh
2023-05-10 1:24 ` Tejun Heo
2023-05-10 16:03 ` Azeem Shaikh
2023-05-10 18:51 ` Tejun Heo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZFvnpCZM-XbOFFVh@slm.duckdns.org \
--to=tj@kernel.org \
--cc=azeemshaikh38@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=security@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox