lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20260116084247.26024-1-fushuai.wang@linux.dev>
Date: Fri, 16 Jan 2026 16:42:47 +0800
From: Fushuai Wang <fushuai.wang@...ux.dev>
To: ynorov@...dia.com
Cc: akpm@...ux-foundation.org,
	aliceryhl@...gle.com,
	bp@...en8.de,
	brauner@...nel.org,
	cyphar@...har.com,
	dave.hansen@...ux.intel.com,
	fushuai.wang@...ux.dev,
	hpa@...or.com,
	jack@...e.cz,
	kees@...nel.org,
	linux-kernel@...r.kernel.org,
	linux-trace-kernel@...r.kernel.org,
	luto@...nel.org,
	mathieu.desnoyers@...icios.com,
	mhiramat@...nel.org,
	mingo@...hat.com,
	peterz@...radead.org,
	rostedt@...dmis.org,
	tglx@...nel.org,
	vmalik@...hat.com,
	wangfushuai@...du.com,
	x86@...nel.org,
	yury.norov@...il.com
Subject: Re: [PATCH v2 1/6] uaccess: Add copy_from_user_nul helper

> I checked the cases you've found, and all them clearly abuse
> copy_from_user(). For example, #2 in tlbflush_write_file():
> 
>         if (copy_from_user(buf, user_buf, len))
>                 return -EFAULT;
> 
>         buf[len] = '\0';
>         if (kstrtoint(buf, 0, &ceiling))
>                 return -EINVAL;
> 
> should be:
>         
>         len = strncpy_from_user(buf, user_buf, len);
>         if (len < 0)
>                 return len;
> 
>         ret = kstrtoint(buf, 0, &ceiling);
>         if (ret)
>                 return ret;
> 
> See, if you use the right API, you don't need this weird
> copy_from_user_nul(). Also notice how nice the original version hides
> possible ERANGE in kstrtoint().
> 
> Patches #3-5 in the series again copy strings with raw non-string API,
> so should be converted to some flavor of strcpy().
> 
> #6 patches lib/kstrtox, which makes little sense because the whole
> purpose of that library is to handle raw pieces of memory as valid
> C strings. One would expect such patterns in library code, and I'd
> prefer having them explicit.
> 
> I find copy_{from,to}_user_nul() useful for objects that must be
> null-terminated, and may have \0 somewhere in the middle. Those are
> not C strings. I suspect this isn't a popular format across the kernel. 
> 
> On the other hand, adding the _nul() version of copy_from_user() would
> make an API abuse like above simpler, which is a bad thing.
> 
> Can you drop copy_from_user_nul() and submit a series that switches
> string manipulations to the dedicated string functions?

OK, I find some misuse of strncpy_from_user() + kstrtoXXX(). I will fix
them.

Regarding patches #3-5, as Steven mentioned, I believe we might need a
strscpy_from_user() for these cases that copy a non-NUL-terminated string
from userspace?

---
Regards,
WANG

> Thanks,
> Yury

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ