Re: [PATCH 01/24] fix default __strnlen_user macro

From: Ryan Mallon
Date: Wed Aug 31 2011 - 21:54:42 EST

Next message: Zhang Rui: "[PATCH] Revert "x86: Serialize EFI time accesses on rtc_lock""
Previous message: Herbert Xu: "Re: [PATCH 3/3] crc32c: Implement a self-test for CRC32c"
In reply to: Mark Salter: "Re: [PATCH 01/24] fix default __strnlen_user macro"
Next in thread: Mark Salter: "Re: [PATCH v2 00/24] C6X: New architecture patch set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/09/11 11:38, Mark Salter wrote:

On Thu, 2011-09-01 at 09:30 +1000, Ryan Mallon wrote:
On 01/09/11 07:26, Mark Salter wrote:
The existing __strnlen_user macro simply resolved to strnlen. However, the
count returned by strnlen_user should include the NULL byte. This patch
fixes the __strnlen_user macro to include the NULL byte in the count.

Signed-off-by: Mark Salter<msalter@xxxxxxxxxx>
---
include/asm-generic/uaccess.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
index ac68c99..1d0fdf8 100644
--- a/include/asm-generic/uaccess.h
+++ b/include/asm-generic/uaccess.h
@@ -289,7 +289,7 @@ strncpy_from_user(char *dst, const char __user *src, long count)
* Return 0 on exception, a value greater than N if too long
*/
#ifndef __strnlen_user
-#define __strnlen_user strnlen
+#define __strnlen_user(s, n) (strnlen((s), (n)) + 1)
#endif

I don't think this is correct because if you hit maxlen you will add one
to it. e.g. __strnlen_user("abcd\0", 3) would return 4 instead of 3.

Yes, one would think so, but that doesn't seem to be the case. Looking
at various places that call strnlen_user, you'll find checks for that.
For one example, mm/util.c:

char *strndup_user(const char __user *s, long n)
{
char *p;
long length;

length = strnlen_user(s, n);

if (!length)
return ERR_PTR(-EFAULT);

if (length> n)
return ERR_PTR(-EINVAL);

Sure, but that isn't a good reason to not write it correctly according to the API description. There are also places where that check doesn't happen like fs/exec.c and the rather dodgy looking usage in kernel/auditsc.c which appears to rely on it returning n + 1 in the maxlen case.

It should either be changed as I suggested, or the comment in uaccess.h should be updated to reflect the actual behaviour of the function (stating that it returns n + 1 in the case where n is reached). Either way, its probably worth doing a quick check through the arch specific versions to see what their behaviour really is. It looks like there are potentially some subtle bugs at the callsites.

~Ryan

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Zhang Rui: "[PATCH] Revert "x86: Serialize EFI time accesses on rtc_lock""
Previous message: Herbert Xu: "Re: [PATCH 3/3] crc32c: Implement a self-test for CRC32c"
In reply to: Mark Salter: "Re: [PATCH 01/24] fix default __strnlen_user macro"
Next in thread: Mark Salter: "Re: [PATCH v2 00/24] C6X: New architecture patch set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]