Thomas,
I appreciate you reviewing my patches.
On Fri, May 24, 2024 at 5:09 AM Thomas Gleixner wrote:
>
> On Fri, May 17 2024 at 20:22, Justin Stitt wrote:
> > time_maxerror is unconditionally incremented and the result is checked
> > against NTP_PHASE_LIMIT, but the in
Hi,
On Thu, May 16, 2024 at 6:13 PM Matthew Wilcox wrote:
>
> On Fri, May 17, 2024 at 12:29:06AM +, Justin Stitt wrote:
> > When running syzkaller with the newly reintroduced signed integer
> > overflow sanitizer we encounter this report:
>
> why do you keep saying i
Signed-off-by: Justin Stitt
---
Changes in v2:
- update commit log (thanks Thomas)
- check for sane user input during validation (thanks Thomas)
- Link to v1:
https://lore.kernel.org/r/20240507-b4-sio-ntp-usec-v1-1-15003fc9c...@google.com
---
Historically, the signed integer overflow sanitizer did
/352
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Changes in v2:
- Adjust commit log (thanks Thomas)
- massively simplify bounds checking for time_constant
- Link to v1:
https://lore.kernel.org/r/20240506-b4-sio-ntp-c-v1-1-a01281aa0...@google.com
---
Historically, the signed
: https://github.com/llvm/llvm-project/pull/82432 [1]
Closes: https://github.com/KSPP/linux/issues/358
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Changes in v3:
- use check_add_overflow() instead of min() to keep old -EINVAL behavior
(thanks Jan)
- shorten UBSAN splat
On Thu, May 16, 2024 at 4:40 PM Justin Stitt wrote:
> Isn't this usually supplied from the user and can be some pretty
> random stuff? Are you suggesting we update
> timekeeping_validate_timex() to include a check to limit the maxerror
> field to (NTP_PHASE_LIMIT-(MAXFREQ / N
Hi,
On Tue, May 14, 2024 at 3:38 AM Thomas Gleixner wrote:
>
> On Tue, May 07 2024 at 04:34, Justin Stitt wrote:
> > Using syzkaller alongside the newly reintroduced signed integer overflow
> > sanitizer spits out this report:
> >
> > [ 138.
Hi,
On Thu, May 16, 2024 at 7:09 AM Peter Zijlstra wrote:
>
> On Thu, May 16, 2024 at 06:30:32AM -0700, Kees Cook wrote:
> >
> > I am a broken record. :) This is _not_ about undefined behavior.
>
> And yet you introduced CONFIG_UBSAN_SIGNED_WRAP... *UB*san, get it?
We should think of UBSAN as
Hi Peter,
On Wed, May 15, 2024 at 12:36 AM Peter Zijlstra wrote:
>
> On Wed, May 08, 2024 at 04:47:25PM -0700, Linus Torvalds wrote:
> > For example, the most common case of overflow we've ever had has very
> > much been array indexing. Now, sometimes that has actually been actual
> > undefined
On Mon, May 13, 2024 at 01:01:57PM -0700, Kees Cook wrote:
> On Thu, May 09, 2024 at 11:42:07PM +0000, Justin Stitt wrote:
> > fs/read_write.c | 18 +++---
> > fs/remap_range.c | 12 ++--
> > 2 files changed, 17 insertions(+), 13 deletions(-)
>
(long long); then we can use that
sum for the following check.
Link: https://github.com/llvm/llvm-project/pull/82432 [1]
Closes: https://github.com/KSPP/linux/issues/356
Cc: linux-hardening@vger.kernel.org
Reviewed-by: Kees Cook
Signed-off-by: Justin Stitt
---
Changes in v2:
- drop the sum < 0
On Fri, May 10, 2024 at 8:15 AM Jan Kara wrote:
>
> On Thu 09-05-24 21:34:58, Justin Stitt wrote:
> > ---
> > fs/read_write.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/fs/read_write.c b/fs/read_write.c
> > index d4c0
Hi,
On Fri, May 10, 2024 at 02:04:51AM +0100, Al Viro wrote:
> On Fri, May 10, 2024 at 01:49:06AM +0100, Al Viro wrote:
> > On Fri, May 10, 2024 at 12:35:51AM +0000, Justin Stitt wrote:
> > > @@ -147,7 +147,9 @@ loff_t dcache_dir_lseek(struct file *file, loff_t
> &
/issues/359
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Historically, the signed integer overflow sanitizer did not work in the
kernel due to its interaction with `-fwrapv` but this has since been
changed [1] in the newest version of Clang. It was re-enabled in the
kernel
return -EINVAL;
/* Ensure the infile range is within the infile. */
---
base-commit: 0106679839f7c69632b3b9833c3268c316c0a9fc
change-id: 20240509-b4-sio-read_write-04a17d40620e
Best regards,
--
Justin Stitt
On Thu, May 9, 2024 at 8:53 AM Jan Kara wrote:
> > @@ -319,8 +320,12 @@ int vfs_fallocate(struct file *file, int mode, loff_t
> > offset, loff_t len)
> > if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))
> > return -ENODEV;
> >
> > - /* Check for wrap through zero
...
Link: https://github.com/llvm/llvm-project/pull/82432 [1]
Closes: https://github.com/KSPP/linux/issues/358
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Here's the syzkaller reproducer:
| # {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 S
Simon Horman
This patch looks good and follows similar replacements [1] I've made in
the past.
Acked-by: Justin Stitt
> ---
> drivers/net/ethernet/google/gve/gve_ethtool.c | 42
> +++
> 1 file changed, 17 insertions(+), 25 deletions(-)
>
> diff --git a/dr
fff. There are some "magic" numbers here but I did not
want to change more than what was necessary.
Link: https://github.com/llvm/llvm-project/pull/82432 [1]
Closes: https://github.com/KSPP/linux/issues/357
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Changes in v2:
- cha
ps://github.com/KSPP/linux/issues/357
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Here's the syzkaller reproducer:
r0 = openat$cdrom(0xff9c, &(0x7f000140), 0x800, 0x0)
ioctl$CDROM_SELECT_SPEED(r0, 0x5322, 0x7ee9f7c1)
... which was used against Kees' tr
(long long); then we can use that
sum for the following check.
Link: https://github.com/llvm/llvm-project/pull/82432 [1]
Closes: https://github.com/KSPP/linux/issues/356
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
I wonder, though, why isn't loff_t an unsigned type? We ha
oject/pull/82432 [1]
Closes: https://github.com/KSPP/linux/issues/354
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
drivers/cdrom/cdrom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index a5e07270e0d4..20
at against NTP_PHASE_LIMIT to
properly limit the max size of time_maxerror without overflowing during
the check itself.
Link: https://github.com/llvm/llvm-project/pull/82432 [1]
Closes: https://github.com/KSPP/linux/issues/354
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
include/lin
On Wed, May 1, 2024 at 2:39 PM Christophe JAILLET
wrote:
> Hi,
>
> Nit: The { } around each branch can now also be removed.
There was one line before and there's one line now.
I'll remove the brackets but I will briefly wait to see if any other
concerns come in.
Thanks
>
> CJ
>
t_for_each_entry(asoc, &(sp->ep->asocs), asocs) {
| ids->gaids_assoc_id[num++] = asoc->assoc_id;
| }
So this looks good to me.
Reviewed-by: Justin Stitt
> };
>
> /*
> --
> 2.25.1
>
Thanks
Justin
[3]
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
---
include/linux/printk.h | 2 +-
kernel/printk/printk.c | 20 +---
2 files changed, 10 insertions(+), 12 deletions(-)
diff --git a/include/linux/printk.h b/include/linux/printk.h
index 955e31860095..b3a29c27abe9 100
ngs
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
kernel/power/hiberna
let's do that."
To help prevent new instances of snprintf() from popping up, let's add a
check to checkpatch.pl.
Suggested-by: Finn Thain
Signed-off-by: Justin Stitt
---
Changes in v6:
- move capture group to only include symbol name (not spaces or paren)
- Link to v5:
https://lore.kernel.o
Ryabinin
> Cc: Nathan Chancellor
> Cc: Nick Desaulniers
> Cc: Bill Wendling
> Cc: Justin Stitt
> Cc: l...@lists.linux.dev
> Cc: kasan-...@googlegroups.com
> Cc: linux-hardening@vger.kernel.org
> v2:
>- use email address in Reported-by
>- link to upstream ll
://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
[1]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Cc: Kees Cook
Suggested-by: Alexander Lobakin
Reviewed-by: Kees Cook
Signed-off-by: Justin Stitt
---
Changes in v4
On Mon, Apr 15, 2024 at 11:15:05AM -0700, Kees Cook wrote:
> On Thu, Apr 11, 2024 at 11:11:05AM -0700, Nathan Chancellor wrote:
> > [0.189542] Internal error: UBSAN: unrecognized failure code:
> > f2005515 [#1] PREEMPT SMP
>
> Oops! Yes, I didn't update the (arm64) trap handler to
let's do that."
To help prevent new instances of snprintf() from popping up, let's add a
check to checkpatch.pl.
Suggested-by: Finn Thain
Signed-off-by: Justin Stitt
---
Changes in v5:
- use capture groups to let the user know which variation they used
- Link to v4:
https://lore.kernel.org/r/2024
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
---
kernel/module/kallsyms.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module/kallsyms.c b/kernel/module/kallsyms.c
index ef73ae7c8909..62fb57bb9f16 100644
--- a/kernel/module/kallsyms.c
+++ b/ker
On Thu, Apr 11, 2024 at 1:56 PM Joe Perches wrote:
> It could.
>
> # {v}snprintf uses that should likely be {v}scnprintf
> if ($line =~ /\b((v?)snprintf)\s*\(/) {
> WARN("SNPRINTF",
> "Prefer ${2}scnprintf over $1 - see:
>
On Tue, Apr 9, 2024 at 9:22 AM Kees Cook wrote:
> >
> > - /* 1 larger than sb_fname, so this ensures a trailing NUL char */
> > - memset(label, 0, sizeof(label));
> > spin_lock(>m_sb_lock);
> > - strncpy(label, sbp->sb_fname, XFSLABEL_MAX);
> > + strscpy_pad(label,
ing@vger.kernel.org
Signed-off-by: Justin Stitt
---
Changes in v2:
- use memtostr_pad (thanks Kees)
- Link to v1:
https://lore.kernel.org/r/20240405-strncpy-xfs-split1-v1-1-3e3df465a...@google.com
---
Note: This patch relies on the memtostr{_pad} implementation from Kees' patch:
https://lore.kernel.
/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Changes in v2:
- use "%.*s" format specifier
- use != instead of < to check for truncation (Christoph H.)
- Link to v1:
https://lore.kernel.org/r/20240405-strncpy-xattr-split2-v1-1-90ab18232...@google.c
On Tue, Apr 9, 2024 at 5:23 PM Justin Stitt wrote:
>
> Hi,
>
> On Tue, Apr 9, 2024 at 6:32 AM Christoph Hellwig wrote:
> >
> > On Fri, Apr 05, 2024 at 07:45:08PM +, Justin Stitt wrote:
> > > - memcpy(offset, prefix, prefix_len);
> > > -
Hi,
On Tue, Apr 9, 2024 at 6:32 AM Christoph Hellwig wrote:
>
> On Fri, Apr 05, 2024 at 07:45:08PM +, Justin Stitt wrote:
> > - memcpy(offset, prefix, prefix_len);
> > - offset += prefix_len;
> > - strncpy(offset, (char *)name, namelen);
function.
>
> This way, the code is more readable and safer.
>
> This code was detected with the help of Coccinelle, and audited and
> modified manually.
>
> Link:
> https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-argu
On Mon, Apr 8, 2024 at 2:35 PM Justin Stitt wrote:
>
> Hi,
>
> On Sat, Apr 06, 2024 at 04:23:35PM +0200, Erick Archer wrote:
> > The "struct mana_cfg_rx_steer_req_v2" uses a dynamically sized set of
> > trailing elements. Specifically, it uses a "mana_han
;
> Link:
> https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments
> [1]
> Link: https://github.com/KSPP/linux/issues/160 [2]
> Signed-off-by: Erick Archer
Reviewed-by: Justin Stitt
> ---
> drivers/infiniband/hw/mana/q
n-coded-arithmetic-in-allocator-arguments
> [2]
> Signed-off-by: Erick Archer
I think this could have all been one patch, I found myself jumping
around the three patches here piecing together context.
Reviewed-by: Justin Stitt
> ---
> include/net/mana/mana.h | 1 +
> 1 fil
://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
[1]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Cc: Kees Cook
Signed-off-by: Justin Stitt
Suggested-by: Alexander Lobakin
---
Changes in v3:
- use ethtool_puts over
let's do that."
To help prevent new instances of snprintf() from popping up, let's add a
check to checkpatch.pl.
Suggested-by: Finn Thain
Signed-off-by: Justin Stitt
---
Changes in v4:
- also check for vsnprintf variant (thanks Bill)
- Link to v3:
https://lore.kernel.org/r/20240315-snprintf-ch
el.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Split f
/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Split from
https://lore.kernel.org/all/20240401-strncpy-fs-xfs-xfs_ioctl-c-v1-1-02b9feb19...@google.com/
with feedback from Christoph H.
---
fs/xfs/xfs_xattr.c | 16 +++-
1 file changed, 11 insertions(+), 5
On Wed, Apr 3, 2024 at 12:32 PM Phillip Lougher wrote:
> A better way to remove the strncpy() is to remove the unnecessary string
> copy, which I have done in this patch here:
Great! Cleaning up this code while removing strncpy() is a two for one.
.html#strncpy-on-nul-terminated-strings
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "strncpy\(&qu
/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
init/do_mounts.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/init/do_mounts.c b/init/do_mounts.c
index 3c
.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only
ink: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
fs/xfs/xfs_ioctl.c | 4 +---
fs
ww.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-t
.8/strscpy.9.en.html
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Changes in v2:
- include NUL-byte in length (thanks Kees)
- reword commit message slightly
- Link to v1:
https://lore.kernel.org/r/20240321-strncpy-fs-hfsplus-xatt
/process/deprecated.html#strncpy-on-nul-terminated-strings
[1]
Link: https://github.com/KSPP/linux/issues/90 [2]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
[3]
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found
4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
fs/smb/client/cifssmb.c | 6 ++
fs/smb/client/smb2ops.c | 2 +-
fs/smb/client/smb2transport.c | 2 +-
3 files changed, 4 insertions(+), 6 delet
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
I realize this file has been marked as "obsolete" as told by checkpatch:
| WARNING: f
.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
fs/pstore/blk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/pstore/blk.c
hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
fs/orangefs/dcache.c | 4 +---
fs/orangefs/namei.c | 26 --
fs/orangefs/super.c | 17 ++---
3 files changed, 15 insertions(+),
ink: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
---
fs/hfsplus/xattr.c | 19 +--
1 file changed, 5 insertions(+), 14 deletions(-)
diff --git a
mirror that in binfmt_elf_fdpic.c
Link:
https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
[1]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Changes in v2:
- use get_task_comm
Hi,
On Thu, Mar 21, 2024 at 9:23 AM Eric W. Biederman wrote:
>
> I am perplexed. Why not use get_task_comm fill_psinfo like binfmt_elf
> does?
>
> It seems very silly to copy half the function without locking and then
> not copy it's locking as well.
>
> Given that the more highly tested
KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
fs/ext4/file.c | 3 +--
fs/ext4/ioctl.c | 3 +--
fs/ext4/super.c | 7 +++
3 files changed, 5 insertions(+), 8 deletions(-)
diff --git a
ed.html#strncpy-on-nul-terminated-strings
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "str
ted.html#strncpy-on-nul-terminated-strings
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg &qu
ps://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Reviewed-by: Kees Cook
Signed-off-by: Justin Stitt
---
Changes in v3:
- Prefer strtomem_pad (thanks Bjorn)
- Reword commit message (thanks Bjorn)
- Carry over Kees' RB as this new version is functionally the same and
mat
Hi,
On Mon, Mar 18, 2024 at 8:37 PM Bjorn Andersson wrote:
>
> On Mon, Mar 18, 2024 at 10:49:23PM +, Justin Stitt wrote:
> > strncpy() is deprecated for use on NUL-terminated destination strings
> > [1] and as such we should prefer more robust and less ambiguous str
Hi,
On Tue, Mar 19, 2024 at 2:11 AM Maarten Brock wrote:
>
> Hi Justin,
>
> > ---
> > Note: build-tested only.
>
> Really? Without warnings?
>
> > --- a/drivers/tty/n_gsm.c
> > +++ b/drivers/tty/n_gsm.c
> > @@ -4010,7 +4010,7 @@ static int gsm_create_network(struct gsm_dlci *dlci,
> > struct
/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
drivers/usb/gadget/udc/mv_u3d_core.c | 4 ++--
1 file changed, 2 insertions
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
drivers/usb/gadget/function/u_ether.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/function/u_ether.c
b/drivers/usb/gadget/function/u_ether.c
index 3c
on-nul-terminated-strings
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
dri
-by: Justin Stitt
---
Changes in v2:
- use strtomem instead of memcpy (thanks Kees)
- Link to v1:
https://lore.kernel.org/r/20240314-strncpy-drivers-soc-qcom-cmd-db-c-v1-1-70f5d5e70...@google.com
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
drivers/soc/qcom/cmd-db.c | 9 ++
On Mon, Mar 18, 2024 at 2:52 PM Kees Cook wrote:
>
> On Thu, Mar 14, 2024 at 10:29:37PM +, Justin Stitt wrote:
> > strncpy() is deprecated for use on NUL-terminated destination strings
> > [1] and as such we should prefer more robust and less ambiguous string
> > in
ithub.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
drivers/thermal/intel/int340x_thermal/acpi_thermal_rel.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dr
ps://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
drivers/target/target_core_transport.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drive
/process/deprecated.html#strncpy-on-nul-terminated-strings
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only.
Found with: $ rg
let's do that."
To help prevent new instances of snprintf() from popping up, let's add a
check to checkpatch.pl.
Suggested-by: Finn Thain
Signed-off-by: Justin Stitt
---
Changes in v3:
- fix indentation
- add reference link (https://github.com/KSPP/linux/issues/105) (thanks Joe)
- Link
/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Note: build-tested only
On Wed, Feb 28, 2024 at 4:18 PM Kees Cook wrote:
>
> On Wed, Feb 28, 2024 at 10:59:00PM +, Justin Stitt wrote:
> > This series contains multiple replacements of strncpy throughout the
> > scsi subsystem.
> >
> > strncpy() is deprecated for use on NUL-termina
this code making it easier to read.
Even considering the path where @str is falsey, the manual NUL-byte
assignment is useless as setup_buffer is declared with static storage
duration in the top-level scope which should NUL-initialize the whole
buffer.
Reviewed-by: Kees Cook
Signed-off-by: Justin
appropriately with great care taken to manually NUL-terminate the
destination buffer. Nonetheless, let's make the swap over to strscpy()
for robustness' (and readability's) sake.
Reviewed-by: Kees Cook
Signed-off-by: Justin Stitt
---
drivers/scsi/smartpqi/smartpqi_init.c | 5 ++---
1 file changed,
of the code is more clear (I probably didn't even need
to add a comment -- that's how clear it is).
Reviewed-by: Kees Cook
Signed-off-by: Justin Stitt
---
drivers/scsi/scsi_devinfo.c | 18 ++
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/scsi/scsi_devinfo.c b
tem but it is trivial
and related to this patch).
We can see the drv_version.name size here:
| struct qed_mcp_drv_version {
| u32 version;
| u8 name[MCP_DRV_VER_STR_SIZE - 4];
| };
Reviewed-by: Kees Cook
Signed-off-by: Justin Stitt
---
drivers/net/ethernet/qlo
uint8_t password[ISCSI_CHAP_AUTH_SECRET_MAX_LEN];
...
| };
| strscpy(chap_rec->password, chap_table->secret,
| QL4_CHAP_MAX_SECRET_LEN);
Reviewed-by: Kees Cook
Signed-off-by: Justin Stitt
---
drivers/scsi/qla4xxx/ql4_mbx.c | 17 -
.
For all cases, use the more idiomatic strscpy() usage of:
strscpy(dest, src, sizeof(dest))
Reviewed-by: Kees Cook
Signed-off-by: Justin Stitt
---
drivers/scsi/mpt3sas/mpt3sas_base.c | 2 +-
drivers/scsi/mpt3sas/mpt3sas_transport.c | 18 +-
2 files changed, 10 insertions(+), 10
://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Reviewed-by: Kees Cook
Signed-off-by: Justin Stitt
---
changes from v1->v2:
* use const char* assignments rather than strscpy (thanks Finn+Kees)
---
driv
/20240223-strncpy-drivers-scsi-mpi3mr-mpi3mr_fw-c-v1-0-9cd3882f0...@google.com
---
Justin Stitt (7):
scsi: mpi3mr: replace deprecated strncpy with assignments
scsi: mpt3sas: replace deprecated strncpy with strscpy
scsi: qedf: replace deprecated strncpy with strscpy
scsi
appropriately with great care taken to manually NUL-terminate the
destination buffer. Nonetheless, let's make the swap over to strscpy()
for robustness' (and readability's) sake.
Signed-off-by: Justin Stitt
---
drivers/scsi/smartpqi/smartpqi_init.c | 5 ++---
1 file changed, 2 insertions(+), 3 delet
this code making it easier to read.
Even considering the path where @str is falsey, the manual NUL-byte
assignment is useless as setup_buffer is declared with static storage
duration in the top-level scope which should NUL-initialize the whole
buffer.
Signed-off-by: Justin Stitt
---
drivers/scsi
of the code is more clear (I probably didn't even need
to add a comment -- that's how clear it is).
Signed-off-by: Justin Stitt
---
drivers/scsi/scsi_devinfo.c | 18 ++
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi
uint8_t password[ISCSI_CHAP_AUTH_SECRET_MAX_LEN];
...
| };
| strscpy(chap_rec->password, chap_table->secret,
| QL4_CHAP_MAX_SECRET_LEN);
Signed-off-by: Justin Stitt
---
drivers/scsi/qla4xxx/ql4_mbx.c | 17 -
drivers/scsi/
tem but it is trivial
and related to this patch).
We can see the drv_version.name size here:
| struct qed_mcp_drv_version {
| u32 version;
| u8 name[MCP_DRV_VER_STR_SIZE - 4];
| };
Signed-off-by: Justin Stitt
---
drivers/net/ethernet/qlogic/qed/qed_main.c
.
For all cases, use the more idiomatic strscpy() usage of:
strscpy(dest, src, sizeof(dest))
Signed-off-by: Justin Stitt
---
drivers/scsi/mpt3sas/mpt3sas_base.c | 2 +-
drivers/scsi/mpt3sas/mpt3sas_transport.c | 18 +-
2 files changed, 10 insertions(+), 10 deletions(-)
diff
://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
changes from v1->v2:
* use const char* assignments rather than strscpy (thanks Finn+Kees)
---
drivers/scsi/mpi3mr/mpi3mr_f
patch.
---
Changes in v2:
- for (1/7): change strscpy to simple const char* assignments
- Link to v1:
https://lore.kernel.org/r/20240223-strncpy-drivers-scsi-mpi3mr-mpi3mr_fw-c-v1-0-9cd3882f0...@google.com
---
Justin Stitt (7):
scsi: mpi3mr: replace deprecated strncpy with assignments
/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt
---
Changes in v2:
- keep strnlen (thanks Kees)
- Link to v1:
https://lore.kernel.org/all/20240222-strncpy-drivers-scsi-lpfc-lpfc_ct-c-v1-1-20c685bd1...@google.com/
---
drivers/scsi/lpfc/lpfc_ct.c | 4 ++--
1
this code making it easier to read.
Even considering the path where @str is falsey, the manual NUL-byte
assignment is useless as setup_buffer is declared with static storage
duration in the top-level scope which should NUL-initialize the whole
buffer.
Signed-off-by: Justin Stitt
---
drivers/scsi
appropriately with great care taken to manually NUL-terminate the
destination buffer. Nonetheless, let's make the swap over to strscpy()
for robustness' (and readability's) sake.
Signed-off-by: Justin Stitt
---
drivers/scsi/smartpqi/smartpqi_init.c | 5 ++---
1 file changed, 2 insertions(+), 3 delet
of the code is more clear (I probably didn't even need
to add a comment -- that's how clear it is).
Signed-off-by: Justin Stitt
---
drivers/scsi/scsi_devinfo.c | 18 ++
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi
1 - 100 of 330 matches
Mail list logo