lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7c44c161-9c86-8c60-f031-6d77d6c28c20@huawei.com>
Date: Thu, 10 Aug 2023 15:45:50 +0800
From: Jijie Shao <shaojijie@...wei.com>
To: Leon Romanovsky <leon@...nel.org>
CC: <shaojijie@...wei.com>, <yisen.zhuang@...wei.com>,
	<salil.mehta@...wei.com>, <davem@...emloft.net>, <edumazet@...gle.com>,
	<kuba@...nel.org>, <pabeni@...hat.com>, <shenjian15@...wei.com>,
	<wangjie125@...wei.com>, <liuyonglong@...wei.com>, <chenhao418@...wei.com>,
	<netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<stable@...r.kernel.org>
Subject: Re: [PATCH net] net: hns3: fix strscpy causing content truncation
 issue


on 2023/8/9 15:03, Leon Romanovsky wrote:
> On Wed, Aug 09, 2023 at 10:09:02AM +0800, Jijie Shao wrote:
>> From: Hao Chen <chenhao418@...wei.com>
>>
>> hns3_dbg_fill_content()/hclge_dbg_fill_content() is aim to integrate some
>> items to a string for content, and we add '\n' and '\0' in the last
>> two bytes of content.
>>
>> strscpy() will add '\0' in the last byte of destination buffer(one of
>> items), it result in finishing content print ahead of schedule and some
>> dump content truncation.
>>
>> One Error log shows as below:
>> cat mac_list/uc
>> UC MAC_LIST:
>>
>> Expected:
>> UC MAC_LIST:
>> FUNC_ID  MAC_ADDR            STATE
>> pf       00:2b:19:05:03:00   ACTIVE
>>
>> The destination buffer is length-bounded and not required to be
>> NUL-terminated, so just change strscpy() to memcpy() to fix it.
> I think that you should change to strtomem() and not use plain memcpy().
>
> Thanks

Hi:

We tried to replace memcpy with strtomem, but errors was reported during 
compilation:
/kernel/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c: In 
function ‘hclge_dbg_fill_content.part.0’:
/kernel/include/linux/compiler_types.h:397:38: error: call to 
‘__compiletime_assert_519’ declared with attribute error: BUILD_BUG_ON 
failed: !__builtin_constant_p(_dest_len) || _dest_len == (size_t)-1
   397 |  _compiletime_assert(condition, msg, __compiletime_assert_, 
__COUNTER__)
       |                                      ^
/kernel/include/linux/compiler_types.h:378:4: note: in definition of 
macro ‘__compiletime_assert’
   378 |    prefix ## suffix();    \
       |    ^~~~~~
/kernel/include/linux/compiler_types.h:397:2: note: in expansion of 
macro ‘_compiletime_assert’
   397 |  _compiletime_assert(condition, msg, __compiletime_assert_, 
__COUNTER__)
       |  ^~~~~~~~~~~~~~~~~~~
/kernel/include/linux/build_bug.h:39:37: note: in expansion of macro 
‘compiletime_assert’
    39 | #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), 
msg)
       |                                     ^~~~~~~~~~~~~~~~~~
/kernel/include/linux/build_bug.h:50:2: note: in expansion of macro 
‘BUILD_BUG_ON_MSG’
    50 |  BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
       |  ^~~~~~~~~~~~~~~~
/kernel/include/linux/string.h:302:2: note: in expansion of macro 
‘BUILD_BUG_ON’
   302 |  BUILD_BUG_ON(!__builtin_constant_p(_dest_len) ||  \
       |  ^~~~~~~~~~~~
/kernel/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c:115:4: 
note: in expansion of macro ‘strtomem’
   115 |    strtomem(pos, result[i]);
       |    ^~~~~~~~

In the strtomem macro, __builtin_object_size is used to calculate the 
_dest_len.
We tried to print the _dest_len directly, and the result was -1.
How can we solve this?

Regards
Jijie Shao


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ