lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZYTkAV-CE3ZslR7U@mtj.duckdns.org>
Date: Fri, 22 Dec 2023 10:18:57 +0900
From: Tejun Heo <tj@...nel.org>
To: Kees Cook <keescook@...omium.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Zefan Li <lizefan.x@...edance.com>,
	Johannes Weiner <hannes@...xchg.org>,
	Waiman Long <longman@...hat.com>, cgroups@...r.kernel.org,
	Azeem Shaikh <azeemshaikh38@...il.com>,
	Christophe JAILLET <christophe.jaillet@...adoo.fr>,
	linux-kernel@...r.kernel.org, bpf@...r.kernel.org,
	linux-hardening@...r.kernel.org
Subject: Re: [PATCH v3 3/3] kernfs: Convert kernfs_path_from_node_locked()
 from strlcpy() to strscpy()

Hello,

On Tue, Dec 12, 2023 at 01:17:40PM -0800, Kees Cook wrote:
...
> @@ -127,7 +127,7 @@ static struct kernfs_node *kernfs_common_ancestor(struct kernfs_node *a,
>   *
>   * [3] when @kn_to is %NULL result will be "(null)"
>   *
> - * Return: the length of the full path.  If the full length is equal to or
> + * Return: the length of the constructed path.  If the path would have been
>   * greater than @buflen, @buf contains the truncated path with the trailing
>   * '\0'.  On error, -errno is returned.
>   */
...
>  	/* Calculate how many bytes we need for the rest */

We probably should drop this comment.

>  	for (i = depth_to - 1; i >= 0; i--) {
>  		for (kn = kn_to, j = 0; j < i; j++)
>  			kn = kn->parent;
> -		len += strlcpy(buf + len, "/",
> -			       len < buflen ? buflen - len : 0);
> -		len += strlcpy(buf + len, kn->name,
> -			       len < buflen ? buflen - len : 0);
> +
> +		len += scnprintf(buf + len, buflen - len, "/%s", kn->name);

scnprintf doesn't return -E2BIG on overflow, right? It just returns the
truncated length, so the overflow behavior would be different depending on
where this function overflows, right? Not a huge problem but it may be
better to keep calling strscpy to keep things consistent?

> --- a/kernel/cgroup/cgroup.c
> +++ b/kernel/cgroup/cgroup.c
> @@ -1893,7 +1893,7 @@ int cgroup_show_path(struct seq_file *sf, struct kernfs_node *kf_node,
>  	len = kernfs_path_from_node(kf_node, ns_cgroup->kn, buf, PATH_MAX);
>  	spin_unlock_irq(&css_set_lock);
>  
> -	if (len >= PATH_MAX)
> +	if (len == -E2BIG)
>  		len = -ERANGE;

I'd just pass up -E2BIG.

>  	else if (len > 0) {
>  		seq_escape(sf, buf, " \t\n\\");
> @@ -6301,7 +6301,7 @@ int proc_cgroup_show(struct seq_file *m, struct pid_namespace *ns,
>  		if (cgroup_on_dfl(cgrp) || !(tsk->flags & PF_EXITING)) {
>  			retval = cgroup_path_ns_locked(cgrp, buf, PATH_MAX,
>  						current->nsproxy->cgroup_ns);
> -			if (retval >= PATH_MAX)
> +			if (retval == -E2BIG)
>  				retval = -ENAMETOOLONG;

Ditto.

> diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
> index 615daaf87f1f..fb29158ae825 100644
> --- a/kernel/cgroup/cpuset.c
> +++ b/kernel/cgroup/cpuset.c
> @@ -4941,7 +4941,7 @@ int proc_cpuset_show(struct seq_file *m, struct pid_namespace *ns,
>  	retval = cgroup_path_ns(css->cgroup, buf, PATH_MAX,
>  				current->nsproxy->cgroup_ns);
>  	css_put(css);
> -	if (retval >= PATH_MAX)
> +	if (retval == -E2BIG)

Ditto.

Thanks.

-- 
tejun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ