| Message ID | 20240328140512.4148825-9-arnd@kernel.org (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | address remaining stringop-truncation warnings | expand |
On Thu, 28 Mar 2024 15:04:52 +0100 Arnd Bergmann <arnd@kernel.org> wrote: > From: Arnd Bergmann <arnd@arndb.de> > > gcc-9 warns about a possibly non-terminated string copy: > > kernel/trace/blktrace.c: In function 'do_blk_trace_setup': > kernel/trace/blktrace.c:527:2: error: 'strncpy' specified bound 32 equals destination size [-Werror=stringop-truncation] > > Newer versions are fine here because they see the following explicit > nul-termination. Using strscpy_pad() avoids the warning and > simplifies the code a little. The padding helps give a clean > buffer to userspace. > > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > --- > kernel/trace/blktrace.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c > index d5d94510afd3..95a00160d465 100644 > --- a/kernel/trace/blktrace.c > +++ b/kernel/trace/blktrace.c > @@ -524,8 +524,7 @@ static int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev, > if (!buts->buf_size || !buts->buf_nr) > return -EINVAL; > > - strncpy(buts->name, name, BLKTRACE_BDEV_SIZE); > - buts->name[BLKTRACE_BDEV_SIZE - 1] = '\0'; > + strscpy(buts->name, name, BLKTRACE_BDEV_SIZE); The commit message says "Using strscpy_pad()" but it doesn't do so in the patch. Rule 12 of debugging: "When the comment and the code do not match, they are probably both wrong" -- Steve > > /* > * some device names have larger paths - convert the slashes
On Thu, Mar 28, 2024, at 15:14, Steven Rostedt wrote: > On Thu, 28 Mar 2024 15:04:52 +0100 >> >> diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c >> index d5d94510afd3..95a00160d465 100644 >> --- a/kernel/trace/blktrace.c >> +++ b/kernel/trace/blktrace.c >> @@ -524,8 +524,7 @@ static int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev, >> if (!buts->buf_size || !buts->buf_nr) >> return -EINVAL; >> >> - strncpy(buts->name, name, BLKTRACE_BDEV_SIZE); >> - buts->name[BLKTRACE_BDEV_SIZE - 1] = '\0'; >> + strscpy(buts->name, name, BLKTRACE_BDEV_SIZE); > > The commit message says "Using strscpy_pad()" but it doesn't do so in the > patch. > > Rule 12 of debugging: "When the comment and the code do not match, they are > probably both wrong" Thanks for double-checking this, I had a hard time deciding which one to use here and ended up with an obviously inconsistent version. I've changed it now to strscpy_pad() for v2, which is the slightly safer choice here. The non-padding version would still not leak kernel data but would write back user-provided data after the padding instead of always zeroing it. Arnd
diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c index d5d94510afd3..95a00160d465 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c @@ -524,8 +524,7 @@ static int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev, if (!buts->buf_size || !buts->buf_nr) return -EINVAL; - strncpy(buts->name, name, BLKTRACE_BDEV_SIZE); - buts->name[BLKTRACE_BDEV_SIZE - 1] = '\0'; + strscpy(buts->name, name, BLKTRACE_BDEV_SIZE); /* * some device names have larger paths - convert the slashes