| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aWaIOT_o-99G-_r-@yury>
Date: Tue, 13 Jan 2026 13:00:25 -0500
From: Yury Norov <ynorov@...dia.com>
To: Fushuai Wang <fushuai.wang@...ux.dev>
Cc: tglx@...nel.org, peterz@...radead.org, mathieu.desnoyers@...icios.com,
akpm@...ux-foundation.org, aliceryhl@...gle.com,
yury.norov@...il.com, vmalik@...hat.com, kees@...nel.org,
dave.hansen@...ux.intel.com, luto@...nel.org, mingo@...hat.com,
bp@...en8.de, hpa@...or.com, rostedt@...dmis.org,
mhiramat@...nel.org, brauner@...nel.org, jack@...e.cz,
cyphar@...har.com, linux-kernel@...r.kernel.org, x86@...nel.org,
linux-trace-kernel@...r.kernel.org, wangfushuai@...du.com
Subject: Re: [PATCH v2 1/6] uaccess: Add copy_from_user_nul helper
On Mon, Jan 12, 2026 at 03:30:34PM +0800, Fushuai Wang wrote:
> From: Fushuai Wang <wangfushuai@...du.com>
>
> Many places call copy_from_user() to copy a buffer from user space,
> and then manually add a NULL terminator to the destination buffer,
> e.g.:
6 is not many
>
> if (copy_from_user(dest, src, len))
> return -EFAULT;
> dest[len] = '\0';
>
> This is repetitive and error-prone. Add a copy_from_user_nul() helper to
> simplify such patterns. It copied n bytes from user space to kernel space,
> and NUL-terminates the destination buffer.
>
> Signed-off-by: Fushuai Wang <wangfushuai@...du.com>
I checked the cases you've found, and all them clearly abuse
copy_from_user(). For example, #2 in tlbflush_write_file():
if (copy_from_user(buf, user_buf, len))
return -EFAULT;
buf[len] = '\0';
if (kstrtoint(buf, 0, &ceiling))
return -EINVAL;
should be:
len = strncpy_from_user(buf, user_buf, len);
if (len < 0)
return len;
ret = kstrtoint(buf, 0, &ceiling);
if (ret)
return ret;
See, if you use the right API, you don't need this weird
copy_from_user_nul(). Also notice how nice the original version hides
possible ERANGE in kstrtoint().
Patches #3-5 in the series again copy strings with raw non-string API,
so should be converted to some flavor of strcpy().
#6 patches lib/kstrtox, which makes little sense because the whole
purpose of that library is to handle raw pieces of memory as valid
C strings. One would expect such patterns in library code, and I'd
prefer having them explicit.
I find copy_{from,to}_user_nul() useful for objects that must be
null-terminated, and may have \0 somewhere in the middle. Those are
not C strings. I suspect this isn't a popular format across the kernel.
On the other hand, adding the _nul() version of copy_from_user() would
make an API abuse like above simpler, which is a bad thing.
Can you drop copy_from_user_nul() and submit a series that switches
string manipulations to the dedicated string functions?
Thanks,
Yury
Powered by blists - more mailing lists