lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z74e-ZHCu6cV4dfi@gmail.com>
Date: Tue, 25 Feb 2025 20:50:17 +0100
From: Ingo Molnar <mingo@...nel.org>
To: Thorsten Blum <thorsten.blum@...ux.dev>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
	Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
	"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/mtrr: Remove unnecessary strlen() in mtrr_write()


* Thorsten Blum <thorsten.blum@...ux.dev> wrote:

> On 25. Feb 2025, at 14:35, Ingo Molnar wrote:
> > * Thorsten Blum <thorsten.blum@...ux.dev> wrote:
> > 
> >> The local variable length already holds the string length after calling
> >> strncpy_from_user(). Using another local variable linlen and calling
> >> strlen() is therefore unnecessary and can be removed. Remove linlen
> >> and strlen() and use length instead.
> >> 
> >> Compile-tested only.
> >> 
> >> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
> >> ---
> > 
> > I see no corner-case analysis in the changelog about what may happen if 
> > the copy fails partially.
> 
> Hi Ingo,
> 
> I'm not sure what you mean. Why would I describe something I didn't
> change? This patch only removes an unnecessary string (line) length
> calculation and shouldn't affect the logic in any way.
> 
> If strncpy_from_user() fails, we immediately return length from
> mtrr_write(), but my patch doesn't change this - unless I'm missing
> something?

My bad: I was fixated on this 'some data may have been copied' language 
in the strncpy_from_user() documentation:

 * If access to userspace fails, returns -EFAULT (some data may have been
 * copied).

which would make the strlen() result ambiguous. But this doesn't matter 
here - if there was a fault then we get an unconditional -EFAULT from 
strncpy_from_user(), so your patch should be equivalent to the previous 
logic.

Thanks,

	Ingo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ