Re: [PATCH] wifi: ipw2x00: refactor to use kstrtoul
From: Kees Cook
Date: Tue Aug 01 2023 - 21:16:36 EST
On August 1, 2023 5:51:59 PM PDT, Justin Stitt <justinstitt@xxxxxxxxxx> wrote:
>The current implementation seems to reinvent what `kstrtoul` already does
>in terms of functionality and error handling. Remove uses of `simple_strtoul()`
>in favor of `kstrtoul()`.
>
>There is the following note at `lib/vsprintf.c:simple_strtoull()` which
>further backs this change:
>| * This function has caveats. Please use kstrtoull (or kstrtoul) instead.
>
>And here, simple_str* are explicitly deprecated [3].
>
>This patch also removes an instance of the deprecated `strncpy` which helps [2].
>
>Link: https://lore.kernel.org/all/202308011602.3CC1C0244C@keescook/ [1]
>Link: https://github.com/KSPP/linux/issues/90 [2]
>Link: https://docs.kernel.org/process/deprecated.html#simple-strtol-simple-strtoll-simple-strtoul-simple-strtoull [3]
>Cc: linux-hardening@xxxxxxxxxxxxxxx
>Suggested-by: Kees Cook <keescook@xxxxxxxxxxxx>
>Signed-off-by: Justin Stitt <justinstitt@xxxxxxxxxx>
>---
>
>
>Link: https://lore.kernel.org/all/20230801-drivers-net-wireless-intel-ipw2x00-v1-1-ffd185c91292@xxxxxxxxxx/
>---
> drivers/net/wireless/intel/ipw2x00/ipw2200.c | 43 +++++++++-------------------
> 1 file changed, 14 insertions(+), 29 deletions(-)
>
>diff --git a/drivers/net/wireless/intel/ipw2x00/ipw2200.c b/drivers/net/wireless/intel/ipw2x00/ipw2200.c
>index dfe0f74369e6..ac10633f593e 100644
>--- a/drivers/net/wireless/intel/ipw2x00/ipw2200.c
>+++ b/drivers/net/wireless/intel/ipw2x00/ipw2200.c
>@@ -1176,23 +1176,20 @@ static ssize_t debug_level_show(struct device_driver *d, char *buf)
> static ssize_t debug_level_store(struct device_driver *d, const char *buf,
> size_t count)
> {
>- char *p = (char *)buf;
>- u32 val;
>+ unsigned long *val = NULL;
>
>- if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') {
>- p++;
>- if (p[0] == 'x' || p[0] == 'X')
>- p++;
>- val = simple_strtoul(p, &p, 16);
>- } else
>- val = simple_strtoul(p, &p, 10);
>- if (p == buf)
>+ int result = kstrtoul(buf, 0, val);
kstrtoul needs somewhere to write the value, so val need to be actually unsigned long, and a pointer passed to that:
unsigned long val;
...
... kstrtoul(but, 0, &val);
But otherwise, yeah, this looks like the right direction to me.
>+
>+ if (result == -EINVAL)
> printk(KERN_INFO DRV_NAME
> ": %s is not in hex or decimal form.\n", buf);
>+ else if (result == -ERANGE)
>+ printk(KERN_INFO DRV_NAME
>+ ": %s has overflowed.\n", buf);
> else
>- ipw_debug_level = val;
>+ ipw_debug_level = *val;
>
>- return strnlen(buf, count);
>+ return count;.
It might be worth mentioning this return value change, but I think it's correct: we're communicating how much was consumed (we consumed it all). When the return value != count, this function may be called again with the "rest" of the input. As this is a sysfs interface, that kind of behavior is very rare bordering on actively unwanted. :) So, I think these should either return a negative error or count.
-Kees
> }
> static DRIVER_ATTR_RW(debug_level);
>
>@@ -1461,33 +1458,21 @@ static ssize_t scan_age_store(struct device *d, struct device_attribute *attr,
> {
> struct ipw_priv *priv = dev_get_drvdata(d);
> struct net_device *dev = priv->net_dev;
>- char buffer[] = "00000000";
>- unsigned long len =
>- (sizeof(buffer) - 1) > count ? count : sizeof(buffer) - 1;
>- unsigned long val;
>- char *p = buffer;
>
> IPW_DEBUG_INFO("enter\n");
>
>- strncpy(buffer, buf, len);
>- buffer[len] = 0;
>+ unsigned long *val = NULL;
>+ int result = kstrtoul(buf, 0, val);
>
>- if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') {
>- p++;
>- if (p[0] == 'x' || p[0] == 'X')
>- p++;
>- val = simple_strtoul(p, &p, 16);
>- } else
>- val = simple_strtoul(p, &p, 10);
>- if (p == buffer) {
>+ if (result == -EINVAL || result == -ERANGE) {
> IPW_DEBUG_INFO("%s: user supplied invalid value.\n", dev->name);
> } else {
>- priv->ieee->scan_age = val;
>+ priv->ieee->scan_age = *val;
> IPW_DEBUG_INFO("set scan_age = %u\n", priv->ieee->scan_age);
> }
>
> IPW_DEBUG_INFO("exit\n");
>- return len;
>+ return count;
> }
>
> static DEVICE_ATTR_RW(scan_age);
>
>---
>base-commit: 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4
>change-id: 20230801-wifi-ipw2x00-refactor-fa6deb6c67ea
>
>Best regards,
>--
>Justin Stitt <justinstitt@xxxxxxxxxx>
>
--
Kees Cook