| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7c44c161-9c86-8c60-f031-6d77d6c28c20@huawei.com>
Date: Thu, 10 Aug 2023 15:45:50 +0800
From: Jijie Shao <shaojijie@...wei.com>
To: Leon Romanovsky <leon@...nel.org>
CC: <shaojijie@...wei.com>, <yisen.zhuang@...wei.com>,
<salil.mehta@...wei.com>, <davem@...emloft.net>,
<edumazet@...gle.com>, <kuba@...nel.org>, <pabeni@...hat.com>,
<shenjian15@...wei.com>, <wangjie125@...wei.com>,
<liuyonglong@...wei.com>, <chenhao418@...wei.com>,
<netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<stable@...r.kernel.org>
Subject: Re: [PATCH net] net: hns3: fix strscpy causing content truncation
issue
on 2023/8/9 15:03, Leon Romanovsky wrote:
> On Wed, Aug 09, 2023 at 10:09:02AM +0800, Jijie Shao wrote:
>> From: Hao Chen <chenhao418@...wei.com>
>>
>> hns3_dbg_fill_content()/hclge_dbg_fill_content() is aim to integrate some
>> items to a string for content, and we add '\n' and '\0' in the last
>> two bytes of content.
>>
>> strscpy() will add '\0' in the last byte of destination buffer(one of
>> items), it result in finishing content print ahead of schedule and some
>> dump content truncation.
>>
>> One Error log shows as below:
>> cat mac_list/uc
>> UC MAC_LIST:
>>
>> Expected:
>> UC MAC_LIST:
>> FUNC_ID MAC_ADDR STATE
>> pf 00:2b:19:05:03:00 ACTIVE
>>
>> The destination buffer is length-bounded and not required to be
>> NUL-terminated, so just change strscpy() to memcpy() to fix it.
> I think that you should change to strtomem() and not use plain memcpy().
>
> Thanks
Hi:
We tried to replace memcpy with strtomem, but errors was reported during
compilation:
/kernel/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c: In
function ‘hclge_dbg_fill_content.part.0’:
/kernel/include/linux/compiler_types.h:397:38: error: call to
‘__compiletime_assert_519’ declared with attribute error: BUILD_BUG_ON
failed: !__builtin_constant_p(_dest_len) || _dest_len == (size_t)-1
397 | _compiletime_assert(condition, msg, __compiletime_assert_,
__COUNTER__)
| ^
/kernel/include/linux/compiler_types.h:378:4: note: in definition of
macro ‘__compiletime_assert’
378 | prefix ## suffix(); \
| ^~~~~~
/kernel/include/linux/compiler_types.h:397:2: note: in expansion of
macro ‘_compiletime_assert’
397 | _compiletime_assert(condition, msg, __compiletime_assert_,
__COUNTER__)
| ^~~~~~~~~~~~~~~~~~~
/kernel/include/linux/build_bug.h:39:37: note: in expansion of macro
‘compiletime_assert’
39 | #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond),
msg)
| ^~~~~~~~~~~~~~~~~~
/kernel/include/linux/build_bug.h:50:2: note: in expansion of macro
‘BUILD_BUG_ON_MSG’
50 | BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
| ^~~~~~~~~~~~~~~~
/kernel/include/linux/string.h:302:2: note: in expansion of macro
‘BUILD_BUG_ON’
302 | BUILD_BUG_ON(!__builtin_constant_p(_dest_len) || \
| ^~~~~~~~~~~~
/kernel/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c:115:4:
note: in expansion of macro ‘strtomem’
115 | strtomem(pos, result[i]);
| ^~~~~~~~
In the strtomem macro, __builtin_object_size is used to calculate the
_dest_len.
We tried to print the _dest_len directly, and the result was -1.
How can we solve this?
Regards
Jijie Shao
Powered by blists - more mailing lists