lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <5216B227-6174-4C0A-9126-B8861473A0D3@linux.dev>
Date: Fri, 7 Mar 2025 10:15:00 +0100
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Finn Thain <fthain@...ux-m68k.org>
Cc: Geert Uytterhoeven <geert@...ux-m68k.org>,
 Jean-Michel Hautbois <jeanmichel.hautbois@...eli.org>,
 linux-m68k@...ts.linux-m68k.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] m68k: mm: Remove size argument when calling strscpy()

Hi Finn,

On 7. Mar 2025, at 00:24, Finn Thain wrote:
> On Thu, 6 Mar 2025, Geert Uytterhoeven wrote:
>> On Mon, 3 Mar 2025 at 00:07, Thorsten Blum wrote:
>>> The size parameter of strscpy() is optional and specifying the size of
>>> the destination buffer is unnecessary. Remove it to simplify the code.
>>> 
>>> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
>> 
>> Reviewed-by: Geert Uytterhoeven <geert@...ux-m68k.org>
>> i.e. will queue in the m68k tree for v6.15.
>> 
> The commit message says "simplify the code" which is only true if you 
> never scratch the surface (i.e. it's simple code if the reader is simple 
> too...)

strscpy() automatically determines the length of the destination buffer
using sizeof() if the size argument is omitted. This makes the explicit
sizeof(m68k_command_line) unnecessary, so removing it shortens the code
without changing its behavior.

Both macro calls expand to the same code, and I find the shorter version
simpler to read (this doesn't mean that strscpy() itself is simple).

> Commit 30035e45753b ("string: provide strscpy()") was a good idea. It was 
> easily auditable. But that's not what we have now.
> 
> Patches like this one (which appear across the whole tree) need reviewers 
> (lots of them) that know what kind of a bounds check you end up with when 
> you ask an arbitary compiler to evaluate this:
> 
> sizeof(dst) + __must_be_array(dst) + __must_be_cstr(dst) + __must_be_cstr(src)
> 
> Frankly, I can't be sure. But it's a serious question, and not what I'd 
> call a "simple" one.

I'm not sure I fully understand this part or how it's related to this
change. This patch doesn't change bounds checking, it just removes an
unnecessary macro argument.

Thanks,
Thorsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ