lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Feb 2019 14:43:24 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Tejun Heo <tj@...nel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Ma Shimiao <mashimiao.fnst@...fujitsu.com>, Arnd Bergmann <arnd@...db.de>, Chris Metcalf <cmetcalf@...hip.com> Subject: [PATCH 4.4 076/143] string: drop __must_check from strscpy() and restore strscpy() usages in cgroup 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Tejun Heo <tj@...nel.org> commit 08a77676f9c5fc69a681ccd2cd8140e65dcb26c7 upstream. e7fd37ba1217 ("cgroup: avoid copying strings longer than the buffers") converted possibly unsafe strncpy() usages in cgroup to strscpy(). However, although the callsites are completely fine with truncated copied, because strscpy() is marked __must_check, it led to the following warnings. kernel/cgroup/cgroup.c: In function ‘cgroup_file_name’: kernel/cgroup/cgroup.c:1400:10: warning: ignoring return value of ‘strscpy’, declared with attribute warn_unused_result [-Wunused-result] strscpy(buf, cft->name, CGROUP_FILE_NAME_MAX); ^ To avoid the warnings, 50034ed49645 ("cgroup: use strlcpy() instead of strscpy() to avoid spurious warning") switched them to strlcpy(). strlcpy() is worse than strlcpy() because it unconditionally runs strlen() on the source string, and the only reason we switched to strlcpy() here was because it was lacking __must_check, which doesn't reflect any material differences between the two function. It's just that someone added __must_check to strscpy() and not to strlcpy(). These basic string copy operations are used in variety of ways, and one of not-so-uncommon use cases is safely handling truncated copies, where the caller naturally doesn't care about the return value. The __must_check doesn't match the actual use cases and forces users to opt for inferior variants which lack __must_check by happenstance or spread ugly (void) casts. Remove __must_check from strscpy() and restore strscpy() usages in cgroup. Signed-off-by: Tejun Heo <tj@...nel.org> Suggested-by: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Ma Shimiao <mashimiao.fnst@...fujitsu.com> Cc: Arnd Bergmann <arnd@...db.de> Cc: Chris Metcalf <cmetcalf@...hip.com> [backport only the string.h portion to remove build warnings starting to show up - gregkh] Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- include/linux/string.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/string.h +++ b/include/linux/string.h @@ -26,7 +26,7 @@ extern char * strncpy(char *,const char size_t strlcpy(char *, const char *, size_t); #endif #ifndef __HAVE_ARCH_STRSCPY -ssize_t __must_check strscpy(char *, const char *, size_t); +ssize_t strscpy(char *, const char *, size_t); #endif #ifndef __HAVE_ARCH_STRCAT extern char * strcat(char *, const char *);
Powered by blists - more mailing lists