Re: [PATCH 0/3] add new strscpy() API for string copy

From: Chris Metcalf
Date: Fri May 15 2015 - 11:15:47 EST

Next message: Charles Keepax: "[PATCH] mfd: arizona: Add missing parenthesis"
Previous message: Alex BennÃe: "Re: [PATCH v4 03/12] KVM: arm64: guest debug, define API headers"
In reply to: Michael Ellerman: "Re: [PATCH 0/3] add new strscpy() API for string copy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/14/2015 07:10 PM, Michael Ellerman wrote:

On Thu, 2015-04-30 at 12:01 -0400, Chris Metcalf wrote:

This patch series addresses limitations in strncpy() and strlcpy();
both the old APIs are unpleasant, as Linus nicely summarized here
a couple of days ago:

https://lkml.org/lkml/2015/4/28/570

and of course as other folks (Greg K-H and Linus again) said last year:

https://plus.google.com/+gregkroahhartman/posts/1amLbuhWbh5

The proposed new API (strscpy(), for "s"afe string copy) has an
easy-to-use API for detecting buffer overflow, avoids unsafe truncation
by default, and isn't subject to thread-safety attacks like the current
strlcpy implementation. See patch 2/3 for more on why strscpy() is a
good thing.

+1 on the concept.

Thanks.

To make strscpy() work more efficiently I did the minimum tweaking
necessary to allow <asm/word-at-a-time.h> to work on all architectures,
though of course individual maintainers can still make their versions
more efficient as needed.

It's likely not necessary for per-architecture implementations of
strscpy() to be written, but I stuck with the standard __HAVE_ARCH_XXX
model just for consistency with the rest of <linux/string.h>.

I tested the implementation with a simple user-space harness, so I
believe it is correct for the corner cases I could think of. In
particular I pairwise-tested all the unaligned values of source and
dest, and tested the restriction on src page-crossing at all
unaligned offsets approaching the page boundary.

Can you please put that in tools/testing/selftests and merge it as part of the
series? That way I can run the tests and be confident it works on powerpc.

Unfortunately, the strscpy patch series only changes the one previous
user of the API, which is a tile-architecture-only driver piece, not
particularly useful for anyone else for testing.

The testing I did pulled strscpy() and word-at-a-time out into a
separate, standalone userspace implementation, and tested it there,
rather than doing tests through the syscall API like tools/testing/selftests.
So I don't really see a way of committing my test framework, other
than as a real Kconfig-enabled boot-time self-test or some such;
I can certainly do that but I don't know how excited people are to
have that additional level of source-code and Kconfig bloat.

--
Chris Metcalf, EZChip Semiconductor
http://www.ezchip.com

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Charles Keepax: "[PATCH] mfd: arizona: Add missing parenthesis"
Previous message: Alex BennÃe: "Re: [PATCH v4 03/12] KVM: arm64: guest debug, define API headers"
In reply to: Michael Ellerman: "Re: [PATCH 0/3] add new strscpy() API for string copy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]