From patchwork Fri Jan 10 16:59:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Isaac J. Manjarres" X-Patchwork-Id: 13935157 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F186E7719C for ; Fri, 10 Jan 2025 16:59:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 321818D0008; Fri, 10 Jan 2025 11:59:20 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2D0AD8D0003; Fri, 10 Jan 2025 11:59:20 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1718F8D0008; Fri, 10 Jan 2025 11:59:20 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id E1ABA8D0003 for ; Fri, 10 Jan 2025 11:59:19 -0500 (EST) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 9C8EF120C0E for ; Fri, 10 Jan 2025 16:59:19 +0000 (UTC) X-FDA: 82992152838.19.72E808E Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) by imf01.hostedemail.com (Postfix) with ESMTP id 9DC2340016 for ; Fri, 10 Jan 2025 16:59:17 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=PU5bIwuE; spf=pass (imf01.hostedemail.com: domain of 35FGBZw4KCM83Dvvx7v84vCCzD19916z.x97638FI-775Gvx5.9C1@flex--isaacmanjarres.bounces.google.com designates 209.85.214.201 as permitted sender) smtp.mailfrom=35FGBZw4KCM83Dvvx7v84vCCzD19916z.x97638FI-775Gvx5.9C1@flex--isaacmanjarres.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736528357; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=87gYSmAhUUPTZ2ifTvHPh1Wmr1y1LndPZnyTULuvJAc=; b=t2f1yubb6+ESuOFAyJZ6GP2/vlyNRw69Kq6DI/P88zoEbtvjydzc5fHeZL3cf3BsH8sHAG m+133g+7S9r/K+Tzo2Pt2WOJYQLJY6DxAJg/Hd6iuW1PjWccNqHrH9MxjHUo+DmvdQxehq Qk65MMRHbVD8ll5oddNpsTxfTL1ekK8= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=PU5bIwuE; spf=pass (imf01.hostedemail.com: domain of 35FGBZw4KCM83Dvvx7v84vCCzD19916z.x97638FI-775Gvx5.9C1@flex--isaacmanjarres.bounces.google.com designates 209.85.214.201 as permitted sender) smtp.mailfrom=35FGBZw4KCM83Dvvx7v84vCCzD19916z.x97638FI-775Gvx5.9C1@flex--isaacmanjarres.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736528357; a=rsa-sha256; cv=none; b=IFVrg5pQGG9d4oVezNHc4S7fPfsmhbUw4aXBOZsQh9C3znw8bfFtcuwXZ4wpsFowAfkeNa LIVIc5BQkFk2TBTDy5IkLdmvL3eVtZHXv9X28NEcruwp3QTZaweqOVFlj69fBJCYxdenPz LyhorA+nkkJFXoEy+BwHj4Y28qgjuJs= Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2166a1a5cc4so38721145ad.3 for ; Fri, 10 Jan 2025 08:59:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1736528356; x=1737133156; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=87gYSmAhUUPTZ2ifTvHPh1Wmr1y1LndPZnyTULuvJAc=; b=PU5bIwuEsAFgRzeKl2YUOXi17jOumBspQ7blN0sTngBQKHYr/g7kG5lIkiQTsgT2ui fe09e8+M2U8uCwHY3oX9Sl+VOaC06kHey1KVIDi2uGlUTcJARNKPoIvgJqUpLydSScVZ hZf+JmYcrQS3ti/xara+vOYyDxat2aobNVJbCTQOcJxEM008Jk+nXECxqi1wOOP3kd4L YfnH8Dp0GpwisAttPm/SVnb/rUkTHwP3iWIGs9VTBVge1Y2oNbqlyIKtLmsN/bFP/qrq FzaLS7KYnrFSv3NB17CkQpid0IuaJyWsiFp1KTxPrw1a4i0S5P2X/AJm3mVBTU9V9aBp cINg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736528356; x=1737133156; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=87gYSmAhUUPTZ2ifTvHPh1Wmr1y1LndPZnyTULuvJAc=; b=DVFXDDcfryoCIywH/HonfxomtGXzYhO+lda7h+AwkbTGbRX/+ttaZJjZCYY1YGz9dH pO0K+s273Vtd8j2TnkL+OUoUZpoDKd4/0/7xOmOiyKyeYSTMrUxNZN9yyaQIQefKF1FO hM9llRgFeUmSKUFPKK9rQesNGNh1+09y2VhE5qhNU2GDKOTNdIWdMtAhmtpVQLNj0ZFs lbapxR6Nqbw2O+fiXQJlVvnwkevYDA/nkJ2wKBSpymQxLcFIqNQ3VJDLrzZzGPieOoLK E+YmMxvzrtBWALxc3JQa45ZsK9aTM3wlTtZLHaBxceRZi91z8emjrygxBIhHJ5J4BOJy FpGw== X-Forwarded-Encrypted: i=1; AJvYcCUIHDxSCl7kvld8qxIX6xpVX+PyQPj1pdMG9IVBqQF6OFEu2FWalMSWg98K7wMIjD7ImVu20HCEng==@kvack.org X-Gm-Message-State: AOJu0YzdD89f2kyYN9FZPsXn8P+A0Dy66p8Pbxtv03oGUPuUWj4RpKmz OFEJtlh5fpzrmyjk7jttJ7+MpPB/20vpZlpg6vS9qeCt4Yyit2fkFydx/cyIVrYqGc7ag2xj02j ElA0uF12Yafn0uKO0gtAtR0nszzZNpklNCw== X-Google-Smtp-Source: AGHT+IHzLLNeN5JPm4/Gav9dB+0dA4OcMygrQgaBF3oyd/JvFuN6fVLk8F8FJEZyPWDxzBEBj30BV0B4BtXylqXJ/BYgkQ== X-Received: from pfbjw26.prod.google.com ([2002:a05:6a00:929a:b0:72a:83ec:b170]) (user=isaacmanjarres job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:a10f:b0:1e1:a829:bfb6 with SMTP id adf61e73a8af0-1e88cf7f5bdmr19575187637.3.1736528356234; Fri, 10 Jan 2025 08:59:16 -0800 (PST) Date: Fri, 10 Jan 2025 08:59:00 -0800 In-Reply-To: <20250110165904.3437374-1-isaacmanjarres@google.com> Mime-Version: 1.0 References: <20250110165904.3437374-1-isaacmanjarres@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20250110165904.3437374-3-isaacmanjarres@google.com> Subject: [PATCH v4 2/2] mm/memfd: Use strncpy_from_user() to read memfd name From: "Isaac J. Manjarres" To: lorenzo.stoakes@oracle.com, Andrew Morton Cc: kaleshsingh@google.com, jstultz@google.com, aliceryhl@google.com, surenb@google.com, "Isaac J. Manjarres" , kernel-team@android.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org X-Rspamd-Queue-Id: 9DC2340016 X-Stat-Signature: owbb8ipfnq6ewon8c4y1e5ajw1c8dc6g X-Rspam-User: X-Rspamd-Server: rspam11 X-HE-Tag: 1736528357-210192 X-HE-Meta: U2FsdGVkX1+6dAAFTSNE0h2cnNYXE+bcZt8q6ZJkTWez/sVnmmNaQpgZcLAKzFh/3L/7a4pOq+sHTmOAkJ0Xn+8VartRI3ATgD+wrUH9U76wMMKlmhLUNwu9CzYVSRK7gLG+7kBkEN3zzqP5fJ+YDmEPOFmgyPyTmT5mmr6Fw/lTjY5Dz33eyg05hBsRfVGqr6eo4ZSaDmXzz18gab17h+/rYk730GsF/VgyFut+3fUuy6cw4OM1bBX6D4g4mx0U87eHuNtQZeXGpI85DOMvF3VRm37TniAtHIedDcG4o25pSGFCfFzh+2IvjeAgnr0I8EJmW1r1cBtCuQzUOU/ZkzXzyDCyQdFS7LLdyUakXWVB4o3QcnWxXh1H1YzpB6Wv46gPs2Xlvto2uVOzhFMUmR+EQ+rAdYBP7VW8J8Ducg3JwEFl9R9BMhj/OT0w3IAEyupIy458LKnLLzmtF8KJjQU5RPlkV6LJKXTsXphO4CzVRQnLOdXjMPlySxHEI94z02QlXy/5Zxbe8SsZJ1+UZ+MmRU0MFqJwDcnK5JpmPf8eB1Pp29YxCO7jUHr8k2S86clUY4ow51xr0MIRnRos6pwNaWxWnezbfFUlOnxSAMxTPJfzUZQszmEFbG7mCX+dzg8qOlrHrjAOCCin4hI5Sqbtu0qxHhcHh5b5VZHiAwtxm2d1IU9LUeOCRAT2Z7Oa4/uCXkIOIW+zxfQCnaCvbgQhzUdodcFMoK2liIsuS9sikOsGf2TG736TRPKGRcLrdeZAfHMn7n6eytC+6zCygBOqcxtamhexI6xugLWB+fYYf3ktCx/XwOMt2ckSWj8pr0nGBNJSleqDrF+Zg7eYS/7mTaTZDe5u8QYk/I/O02aSlRgWiHJCV/vSSbXO2F9j4WphkfiYixnDrrVbOLUwz5RCljfRyC0PUDqRcH49JffVIXtwCF6h1xN6qi/db8y0clIDyM4jcmYwzHG156m W4/hcGll dQJIPWondyqTdJpbb/Dn5Q7WL2rKXvrL2Th2boW+L9Uo+LcP9awgPtOJ6IVtlmOrT7VJbZSdP5uyXNpHWGFLZOjbPuTtwi//9tlRQB/ZZu9dnxsGY4Od9ozqPDEvnVV5QUfQ3WFtL+Zw5HQoxNlSgVe+PQ4YYygYtBT748+0NmJ9xPCNuw4gM2htVvp/uZVg7lGa1YzIOTryvGxPXx9UVADv6WR5iQMP/VgNs8fQ3v6EsPdtPtdIECk052p/SACTpZ4LjhU2q3/0Jr9qXLS159zBt5C+7BAZdEWmaq/4hf22l5bSwUQmq5FslRLCfiXi9KGAsbtna7icR3szqrwvypaZStOdtPOdQUP+4Iz6k2q+qbXSwW+fFd5DLzZm5mjm1J5KsiPnr/+msTYDUoIR8EN2k8GVs50Rn1I8UgyNQr7KDft1ilrVLpvzoFaGJyWjHvIc7l+RlKI7Z07LG4/Bw/iOnt5I2XGiGRgv+qPZ4lM2mSAlZGb6jGbp1fUebcCzi4ZrJHZXjldWnX9MDjhG/aAXUgrz4IQA83DaSyVBL6ZVsjS6MxncN/Dkkxv+r4RAnMQtdPeYZRqnCryencZsVvYcnj9B9NqCsS/1B3aNlsdf13W+cV6soflImrytuURAJd8mDwW433q4uJQbYWRKe2Wd9M/ODGTcA84W/PdQ3zNiU2ss= X-Bogosity: Ham, tests=bogofilter, spamicity=0.008259, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The existing logic uses strnlen_user() to calculate the length of the memfd name from userspace and then copies the string into a buffer using copy_from_user(). This is error-prone, as the string length could have changed between the time when it was calculated and when the string was copied. The existing logic handles this by ensuring that the last byte in the buffer is the terminating zero. This handling is contrived and can better be handled by using strncpy_from_user(), which gets the length of the string and copies it in one shot. Therefore, simplify the logic for copying the memfd name by using strncpy_from_user(). No functional change. Reviewed-by: Alice Ryhl Reviewed-by: Lorenzo Stoakes Signed-off-by: Isaac J. Manjarres --- mm/memfd.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/mm/memfd.c b/mm/memfd.c index 04d9e2a23df8..37f7be57c2f5 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -396,26 +396,18 @@ static char *alloc_name(const char __user *uname) char *name; long len; - /* length includes terminating zero */ - len = strnlen_user(uname, MFD_NAME_MAX_LEN + 1); - if (len <= 0) - return ERR_PTR(-EFAULT); - if (len > MFD_NAME_MAX_LEN + 1) - return ERR_PTR(-EINVAL); - - name = kmalloc(len + MFD_NAME_PREFIX_LEN, GFP_KERNEL); + name = kmalloc(NAME_MAX + 1, GFP_KERNEL); if (!name) return ERR_PTR(-ENOMEM); strcpy(name, MFD_NAME_PREFIX); - if (copy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, len)) { + /* returned length does not include terminating zero */ + len = strncpy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, MFD_NAME_MAX_LEN + 1); + if (len < 0) { error = -EFAULT; goto err_name; - } - - /* terminating-zero may have changed after strnlen_user() returned */ - if (name[len + MFD_NAME_PREFIX_LEN - 1]) { - error = -EFAULT; + } else if (len > MFD_NAME_MAX_LEN) { + error = -EINVAL; goto err_name; }