lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aWaMTOzgYV04EcaB@yury>
Date: Tue, 13 Jan 2026 13:17:48 -0500
From: Yury Norov <ynorov@...dia.com>
To: Fushuai Wang <fushuai.wang@...ux.dev>
Cc: tglx@...nel.org, peterz@...radead.org, mathieu.desnoyers@...icios.com,
	akpm@...ux-foundation.org, aliceryhl@...gle.com,
	yury.norov@...il.com, vmalik@...hat.com, kees@...nel.org,
	dave.hansen@...ux.intel.com, luto@...nel.org, mingo@...hat.com,
	bp@...en8.de, hpa@...or.com, rostedt@...dmis.org,
	mhiramat@...nel.org, brauner@...nel.org, jack@...e.cz,
	cyphar@...har.com, linux-kernel@...r.kernel.org, x86@...nel.org,
	linux-trace-kernel@...r.kernel.org, wangfushuai@...du.com
Subject: Re: [PATCH v2 1/6] uaccess: Add copy_from_user_nul helper

On Tue, Jan 13, 2026 at 01:00:25PM -0500, Yury Norov wrote:
> On Mon, Jan 12, 2026 at 03:30:34PM +0800, Fushuai Wang wrote:
> > From: Fushuai Wang <wangfushuai@...du.com>
> > 
> > Many places call copy_from_user() to copy a buffer from user space,
> > and then manually add a NULL terminator to the destination buffer,
> > e.g.:
> 
> 6 is not many
> 
> > 
> > 	if (copy_from_user(dest, src, len))
> > 		return -EFAULT;
> > 	dest[len] = '\0';
> > 
> > This is repetitive and error-prone. Add a copy_from_user_nul() helper to
> > simplify such patterns. It copied n bytes from user space to kernel space,
> > and NUL-terminates the destination buffer.
> > 
> > Signed-off-by: Fushuai Wang <wangfushuai@...du.com>
> 
> I checked the cases you've found, and all them clearly abuse
> copy_from_user(). For example, #2 in tlbflush_write_file():
> 
>         if (copy_from_user(buf, user_buf, len))
>                 return -EFAULT;
> 
>         buf[len] = '\0';
>         if (kstrtoint(buf, 0, &ceiling))
>                 return -EINVAL;
> 
> should be:
>         
>         len = strncpy_from_user(buf, user_buf, len);
>         if (len < 0)
>                 return len;
> 
>         ret = kstrtoint(buf, 0, &ceiling);
>         if (ret)
>                 return ret;
> 
> See, if you use the right API, you don't need this weird
> copy_from_user_nul(). Also notice how nice the original version hides
> possible ERANGE in kstrtoint().

Huh, we actually already have kstrtoint_from_user, so this should be a
one-liner.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ