Re: [PATCH v2 2/3] bpf: cgroup: NUL-terminate replaced sysctl value

Next message: wang.yechao255: "[PATCH v2 1/4] RISC-V: KVM: Add the split page cache for ioctl context"
Previous message: Usama Arif: "Re: [PATCH] mm/mincore: handle non-swap entries before !CONFIG_SWAP guard"
In reply to: Yonghong Song: "Re: [PATCH v2 2/3] bpf: cgroup: NUL-terminate replaced sysctl value"
Next in thread: Dawei Feng: "Re: [PATCH v2 2/3] bpf: cgroup: NUL-terminate replaced sysctl value"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dawei Feng

Date: Wed Jun 03 2026 - 05:54:44 EST

Hi Yonghong,

On Mon, 1 Jun 2026 14:22:07 -0700, Yonghong Song wrote:
>The above log can be simplied.

Thanks. I will simplify the KASAN log in v3.

>> memcpy(ctx->new_val, buf, buf_len);
>> + ((char *)ctx->new_val)[buf_len] = '\0';
>
>Does memcpy(ctx->new_val, buf, buf_len + 1) work?

I do not think memcpy(ctx->new_val, buf, buf_len + 1) would be a good
fit here.

The helper interface only guarantees that buf is valid for buf_len
bytes, so reading one more byte would go past the declared input range.
Even if some callers happen to have a trailing '\0' right after the
payload, that is not part of the contract.

Appending the terminator on the destination side keeps the source read
strictly within buf_len, while still restoring the NUL-terminated
buffer semantics expected by downstream proc handlers. It is also safe
for the destination, since the helper already rejects
buf_len > PAGE_SIZE - 1.

Therefore, I would prefer to keep it as:

memcpy(ctx->new_val, buf, buf_len);
((char *)ctx->new_val)[buf_len] = '\0';

Best regards,
Dawei