| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Aug 2023 16:39:56 -0700
From: Kees Cook <keescook@...omium.org>
To: Bill Wendling <morbo@...gle.com>
Cc: Justin Stitt <justinstitt@...gle.com>,
Richard Weinberger <richard@....at>,
Anton Ivanov <anton.ivanov@...bridgegreys.com>,
Johannes Berg <johannes@...solutions.net>,
linux-hardening@...r.kernel.org, linux-um@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] um: refactor deprecated strncpy to strtomem
On Mon, Aug 07, 2023 at 03:36:55PM -0700, Bill Wendling wrote:
> On Mon, Aug 7, 2023 at 2:18 PM Justin Stitt <justinstitt@...gle.com> wrote:
> >
> > Use `strtomem` here since `console_buf` is not expected to be
> > NUL-terminated. We should probably also just use `MCONSOLE_MAX_DATA`
How is it known that console_buf is not a C-string?
> > instead of using `ARRAY_SIZE()` for every iteration of the loop.
> >
> Is this change necessary? I have a general preference for ARRAY_SIZE,
> because a change in size is less likely to be overlooked (unless that
> goes against the coding standard).
I would prefer this stay either ARRAY_SIZE or sizeof, as it keeps it
tied to the variable in question.
>
> > Also mark char buffer as `__nonstring` as per Kees' suggestion here [1]
> >
> > Finally, follow checkpatch's recommendation of using `min_t` over `min`
> >
> > Link: https://github.com/KSPP/linux/issues/90 [1]
> > Cc: linux-hardening@...r.kernel.org
> > Signed-off-by: Justin Stitt <justinstitt@...gle.com>
> > ---
> > Notes:
> > I only build tested this patch.
> > ---
> > arch/um/drivers/mconsole_kern.c | 7 ++++---
> > 1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/arch/um/drivers/mconsole_kern.c b/arch/um/drivers/mconsole_kern.c
> > index 5026e7b9adfe..fd4c024202ae 100644
> > --- a/arch/um/drivers/mconsole_kern.c
> > +++ b/arch/um/drivers/mconsole_kern.c
> > @@ -4,6 +4,7 @@
> > * Copyright (C) 2001 - 2008 Jeff Dike (jdike@...dtoit,linux.intel}.com)
> > */
> >
> > +#include "linux/compiler_attributes.h"
>
> nit: Should this include be in angle brackets?
>
> #include <linux/compiler_attributes.h>
True, though this shouldn't need to be included at all. What was
missing?
>
> > #include <linux/console.h>
> > #include <linux/ctype.h>
> > #include <linux/string.h>
> > @@ -554,7 +555,7 @@ struct mconsole_output {
> >
> > static DEFINE_SPINLOCK(client_lock);
> > static LIST_HEAD(clients);
> > -static char console_buf[MCONSOLE_MAX_DATA];
> > +static char console_buf[MCONSOLE_MAX_DATA] __nonstring;
> >
> > static void console_write(struct console *console, const char *string,
> > unsigned int len)
> > @@ -566,8 +567,8 @@ static void console_write(struct console *console, const char *string,
> > return;
> >
> > while (len > 0) {
> > - n = min((size_t) len, ARRAY_SIZE(console_buf));
> > - strncpy(console_buf, string, n);
> > + n = min_t(size_t, len, MCONSOLE_MAX_DATA);
> > + strtomem(console_buf, string);
> > string += n;
> > len -= n;
> >
> >
> > ---
> > base-commit: c1a515d3c0270628df8ae5f5118ba859b85464a2
> > change-id: 20230807-arch-um-3ef24413427e
> >
> > Best regards,
> > --
> > Justin Stitt <justinstitt@...gle.com>
> >
--
Kees Cook
Powered by blists - more mailing lists