Message ID | 20231005-strncpy-drivers-net-ethernet-amazon-ena-ena_netdev-c-v1-1-ba4879974160@google.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:254a:b0:403:3b70:6f57 with SMTP id hf10csp498111vqb; Wed, 4 Oct 2023 17:56:47 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEs4SK9nK3dRS8B3EkeLrYMY6Q/993T2CTAH9yyUUILnVrbL1lQWvIlUb/REVWdO7XpOaSq X-Received: by 2002:a05:6870:a98b:b0:1d6:55a4:d97 with SMTP id ep11-20020a056870a98b00b001d655a40d97mr4203523oab.32.1696467407107; Wed, 04 Oct 2023 17:56:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696467407; cv=none; d=google.com; s=arc-20160816; b=tExOGlqgr+WF4cpzjGTftp7vXZ+u0bxjSUeAjm32leVDvjMgh+wnfJTCBmLhaCOXP7 so7L7MYl9e9VMn1btRMf4/YpRZc8KMfc/iL5mHORpmhLTtUDEa3ndbUzhgDoZH8aEMFl +M6nbrfbnWRhTfgCZ+ZSayylW1Hypp4SNHtN+35QO7vpMtIOpB5dw40M3U1nFJcPVpMQ JQNuKwIK/w/irXmjrvwV2oizJeLpYqNqPLUrg+zKq7Qzug2tyKBWIV+gM8dXYIhMEWG1 aY9uhw3lzGebZT9g6ODBK/vV2Jwxv2Pcc3A76nlNt2xNLJXTPK9cVY+q8UCNjUbA1OZh Or3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date :dkim-signature; bh=yS8Bb8q8kdoQqLbaTlLJ5dI+ywfic8t8uh1+wVPOGm4=; fh=+OUo/PzwcJKu1Fgs9b6msIhcO3wUdtMNASRynnq6q6M=; b=Y/eJa0aryUC8sj4WmMHVgb8bJ6ESbIB8wc9bzapZ7WCttgoKVArtct5Gh56I52avn5 8BjQ3kOcccIaFUafvypHUCV5gatq9ZaFkQvHE/00JYGY/JRdiKcy2p9AzpQzqS5Md6pi tO71Ysl+wc+1rBZ8QB6NTIiHZn/9bvPfFIdDjJrWMqvkts3//D0D3/cvX1upVUzHUEWD 0l+Vmm2olYkEU35O1VHTl82VEszxYoP6AQ36QHHTRZgtB5iHTXEUMmk2LzW91TvWhiTd BJa9HKKRRsU8Iu7QuZDDS/+XtvdtMY5GLADwxQN3PThrYU+Tpq7HnJ/ohUZK+Nx8f/+3 1rfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=BaQ9d6uj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id u134-20020a63798c000000b0055c1760dd8esi332192pgc.380.2023.10.04.17.56.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 17:56:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=BaQ9d6uj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id CF8F28229D10; Wed, 4 Oct 2023 17:56:44 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243808AbjJEA4V (ORCPT <rfc822;ezelljr.billy@gmail.com> + 19 others); Wed, 4 Oct 2023 20:56:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55872 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233173AbjJEA4U (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Wed, 4 Oct 2023 20:56:20 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8B88C6 for <linux-kernel@vger.kernel.org>; Wed, 4 Oct 2023 17:56:15 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-d817775453dso571547276.2 for <linux-kernel@vger.kernel.org>; Wed, 04 Oct 2023 17:56:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1696467375; x=1697072175; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=yS8Bb8q8kdoQqLbaTlLJ5dI+ywfic8t8uh1+wVPOGm4=; b=BaQ9d6ujiNiMxT8SflsFkzt0tk622nWZWBfE2j3no5QrHCY4OZlo4JWJhObUBPbqP5 j0xhx8bBNpYlna0YTjgyk2zpqtqnAStGK3JdJpba95sUKzKkj6BT2mMYlhYIp9EoDxWY rtAZg3CaGsv0W/tuNPohQ/q5wThF8YEpsgzr0qUveWyq3QYuIzqOOoKyrBDa84VQ4CX3 rqkw3u3QdqY0SF7lH+iIqQY11pw7janjRA9xvvrm3YEfUqO538kJK/gw9aoxZVhze92X QZigAZ/H27Xv4aNEuGvbyedZwwRhFgu/aC9Xh3z6QocdJ3IoYk9Inn0fG1O1QN40JmQj wkkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696467375; x=1697072175; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=yS8Bb8q8kdoQqLbaTlLJ5dI+ywfic8t8uh1+wVPOGm4=; b=uX9GgUTnKyGnFecT0F2BZZGba1xC4wR9gPQtb4YJfHf2TaXrpdRoE6hMi9x9K74sJI QDUtkTaxaC+pbFvx8/Y7srfVposRwv1BXaa341S0Fh2jGimGjenb1dlyG6IOXzI7iEyO GEUGpFL2d+rfCnsmpyrsW5aZQLr0Fv2IO24TWrpMz3AS17Nrq0jSYUZ4ARDuy2CK69+Y 4iu/WiljnEKP/47OSuy0xRjM7uSqTXjIyJDdFChjekekO3E462k/62GGiYRJm6BMCi/c UctmXWGckuSwVUYDtBqGX26Mc0HyWkF3zYrbf5+YWUMXbG3HycmUNFtz0E/cudiPhHjs SFUA== X-Gm-Message-State: AOJu0YwVtEDd8uLEfaO18PqQ8fPlglPXGLR5WpKTwdpMSAZJvn6jdly/ nmgl7+GFiHUOODnrX/h3IJCB6RgasJCdNGOaXw== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a25:4d45:0:b0:c78:c530:6345 with SMTP id a66-20020a254d45000000b00c78c5306345mr51482ybb.7.1696467375122; Wed, 04 Oct 2023 17:56:15 -0700 (PDT) Date: Thu, 05 Oct 2023 00:56:08 +0000 Mime-Version: 1.0 X-B4-Tracking: v=1; b=H4sIAKcJHmUC/x2NwQrCMBBEf6Xs2YW0xij+ihRZktXuwW3ZhKCW/ ruph4F57zCzQmYTznDtVjCukmXWBv2hgziRPhklNYbBDcfeuRPmYhqXDyaTypZRuSCXiW0v9KL vrMhKe+5NJa4YMUR/cd6HQHSGNr0YP+T9v72N2/YDecqbyIYAAAA= X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1696467374; l=1950; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=KCtAufgjQfpYF459amayClzlw1GlaQTMZbPkAkOzZV8=; b=kGMw+9Ze9IpgvGvYiqL18X42iKGg/7yLSWlDsNgalIPMRHTQZhWkM6xDbrRLpbd27XWyB08c0 UeYN1Xxszo2BuMDzYK5TY23IPaGRM1+AeM2bdSL6SLiQenwlAvlN5lF X-Mailer: b4 0.12.3 Message-ID: <20231005-strncpy-drivers-net-ethernet-amazon-ena-ena_netdev-c-v1-1-ba4879974160@google.com> Subject: [PATCH] net: ena: replace deprecated strncpy with strscpy From: Justin Stitt <justinstitt@google.com> To: Shay Agroskin <shayagr@amazon.com>, Arthur Kiyanovski <akiyano@amazon.com>, David Arinzon <darinzon@amazon.com>, Noam Dagan <ndagan@amazon.com>, Saeed Bishara <saeedb@amazon.com>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com> Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, Justin Stitt <justinstitt@google.com> Content-Type: text/plain; charset="utf-8" X-Spam-Status: No, score=-4.8 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Wed, 04 Oct 2023 17:56:44 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1778875008072164566 X-GMAIL-MSGID: 1778875008072164566 |
Series |
net: ena: replace deprecated strncpy with strscpy
|
|
Commit Message
Justin Stitt
Oct. 5, 2023, 12:56 a.m. UTC
`strncpy` is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.
NUL-padding is not necessary as host_info is initialized to
`ena_dev->host_attr.host_info` which is ultimately zero-initialized via
alloc_etherdev_mq().
A suitable replacement is `strscpy` [2] due to the fact that it
guarantees NUL-termination on the destination buffer without
unnecessarily NUL-padding.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
---
Note: build-tested only.
---
drivers/net/ethernet/amazon/ena/ena_netdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
---
base-commit: cbf3a2cb156a2c911d8f38d8247814b4c07f49a2
change-id: 20231005-strncpy-drivers-net-ethernet-amazon-ena-ena_netdev-c-6c4804466aa7
Best regards,
--
Justin Stitt <justinstitt@google.com>
Comments
On Thu, Oct 05, 2023 at 12:56:08AM +0000, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > NUL-padding is not necessary as host_info is initialized to > `ena_dev->host_attr.host_info` which is ultimately zero-initialized via > alloc_etherdev_mq(). > > A suitable replacement is `strscpy` [2] due to the fact that it > guarantees NUL-termination on the destination buffer without > unnecessarily NUL-padding. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> Looks right to me. Length nicely adjusted. :) Reviewed-by: Kees Cook <keescook@chromium.org>
> -----Original Message----- > From: Justin Stitt <justinstitt@google.com> > Sent: Thursday, October 5, 2023 3:56 AM > To: Agroskin, Shay <shayagr@amazon.com>; Kiyanovski, Arthur > <akiyano@amazon.com>; Arinzon, David <darinzon@amazon.com>; Dagan, > Noam <ndagan@amazon.com>; Bshara, Saeed <saeedb@amazon.com>; David > S. Miller <davem@davemloft.net>; Eric Dumazet <edumazet@google.com>; > Jakub Kicinski <kuba@kernel.org>; Paolo Abeni <pabeni@redhat.com> > Cc: netdev@vger.kernel.org; linux-kernel@vger.kernel.org; linux- > hardening@vger.kernel.org; Justin Stitt <justinstitt@google.com> > Subject: [EXTERNAL] [PATCH] net: ena: replace deprecated strncpy with strscpy > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you can confirm the sender and know the > content is safe. > > > > `strncpy` is deprecated for use on NUL-terminated destination strings [1] and as > such we should prefer more robust and less ambiguous string interfaces. > > NUL-padding is not necessary as host_info is initialized to `ena_dev- > >host_attr.host_info` which is ultimately zero-initialized via > alloc_etherdev_mq(). > > A suitable replacement is `strscpy` [2] due to the fact that it guarantees NUL- > termination on the destination buffer without unnecessarily NUL-padding. > > Link: > https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on- > nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html > [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> > --- > Note: build-tested only. > --- > drivers/net/ethernet/amazon/ena/ena_netdev.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.c > b/drivers/net/ethernet/amazon/ena/ena_netdev.c > index f955bde10cf9..3118a617c9b6 100644 > --- a/drivers/net/ethernet/amazon/ena/ena_netdev.c > +++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c > @@ -3276,8 +3276,8 @@ static void ena_config_host_info(struct > ena_com_dev *ena_dev, struct pci_dev *pd > strscpy(host_info->kernel_ver_str, utsname()->version, > sizeof(host_info->kernel_ver_str) - 1); > host_info->os_dist = 0; > - strncpy(host_info->os_dist_str, utsname()->release, > - sizeof(host_info->os_dist_str) - 1); > + strscpy(host_info->os_dist_str, utsname()->release, > + sizeof(host_info->os_dist_str)); > host_info->driver_version = > (DRV_MODULE_GEN_MAJOR) | > (DRV_MODULE_GEN_MINOR << > ENA_ADMIN_HOST_INFO_MINOR_SHIFT) | > > --- > base-commit: cbf3a2cb156a2c911d8f38d8247814b4c07f49a2 > change-id: 20231005-strncpy-drivers-net-ethernet-amazon-ena-ena_netdev-c- > 6c4804466aa7 > > Best regards, > -- > Justin Stitt <justinstitt@google.com> > Thanks for submitting this change. The change looks good but the sentence "NUL-padding is not necessary as host_info is initialized to `ena_dev->host_attr.host_info` which is ultimately zero-initialized via alloc_etherdev_mq()." is inaccurate. host_info allocation is done in ena_com_allocate_host_info() via dma_alloc_coherent() and is not zero initialized by alloc_etherdev_mq(). I looked at both the documentation of dma_alloc_coherent() in https://www.kernel.org/doc/Documentation/DMA-API.txt as well as the code itself, and (maybe I'm wrong but) I didn't see 100% guarantees the that the memory is zero-initialized. However zero initialization of the destination doesn't matter in this case, because strscpy() guarantees a NULL termination. So please just remove this sentence from the commit message. Thanks, Arthur Kiyanovski
On Thu, Oct 05, 2023 at 10:25:08PM +0000, Kiyanovski, Arthur wrote: > > -----Original Message----- > > From: Justin Stitt <justinstitt@google.com> > > Sent: Thursday, October 5, 2023 3:56 AM > > To: Agroskin, Shay <shayagr@amazon.com>; Kiyanovski, Arthur > > <akiyano@amazon.com>; Arinzon, David <darinzon@amazon.com>; Dagan, > > Noam <ndagan@amazon.com>; Bshara, Saeed <saeedb@amazon.com>; David > > S. Miller <davem@davemloft.net>; Eric Dumazet <edumazet@google.com>; > > Jakub Kicinski <kuba@kernel.org>; Paolo Abeni <pabeni@redhat.com> > > Cc: netdev@vger.kernel.org; linux-kernel@vger.kernel.org; linux- > > hardening@vger.kernel.org; Justin Stitt <justinstitt@google.com> > > Subject: [EXTERNAL] [PATCH] net: ena: replace deprecated strncpy with strscpy > > > > CAUTION: This email originated from outside of the organization. Do not click > > links or open attachments unless you can confirm the sender and know the > > content is safe. > > > > > > > > `strncpy` is deprecated for use on NUL-terminated destination strings [1] and as > > such we should prefer more robust and less ambiguous string interfaces. > > > > NUL-padding is not necessary as host_info is initialized to `ena_dev- > > >host_attr.host_info` which is ultimately zero-initialized via > > alloc_etherdev_mq(). > > > > A suitable replacement is `strscpy` [2] due to the fact that it guarantees NUL- > > termination on the destination buffer without unnecessarily NUL-padding. > > > > Link: > > https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on- > > nul-terminated-strings [1] > > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html > > [2] > > Link: https://github.com/KSPP/linux/issues/90 > > Cc: linux-hardening@vger.kernel.org > > Signed-off-by: Justin Stitt <justinstitt@google.com> > > --- > > Note: build-tested only. > > --- > > drivers/net/ethernet/amazon/ena/ena_netdev.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.c > > b/drivers/net/ethernet/amazon/ena/ena_netdev.c > > index f955bde10cf9..3118a617c9b6 100644 > > --- a/drivers/net/ethernet/amazon/ena/ena_netdev.c > > +++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c > > @@ -3276,8 +3276,8 @@ static void ena_config_host_info(struct > > ena_com_dev *ena_dev, struct pci_dev *pd > > strscpy(host_info->kernel_ver_str, utsname()->version, > > sizeof(host_info->kernel_ver_str) - 1); > > host_info->os_dist = 0; > > - strncpy(host_info->os_dist_str, utsname()->release, > > - sizeof(host_info->os_dist_str) - 1); > > + strscpy(host_info->os_dist_str, utsname()->release, > > + sizeof(host_info->os_dist_str)); > > host_info->driver_version = > > (DRV_MODULE_GEN_MAJOR) | > > (DRV_MODULE_GEN_MINOR << > > ENA_ADMIN_HOST_INFO_MINOR_SHIFT) | > > > > --- > > base-commit: cbf3a2cb156a2c911d8f38d8247814b4c07f49a2 > > change-id: 20231005-strncpy-drivers-net-ethernet-amazon-ena-ena_netdev-c- > > 6c4804466aa7 > > > > Best regards, > > -- > > Justin Stitt <justinstitt@google.com> > > > > Thanks for submitting this change. > > The change looks good but the sentence "NUL-padding is not necessary as > host_info is initialized to `ena_dev->host_attr.host_info` which is ultimately > zero-initialized via alloc_etherdev_mq()." is inaccurate. > > host_info allocation is done in ena_com_allocate_host_info() via > dma_alloc_coherent() and is not zero initialized by alloc_etherdev_mq(). > > I looked at both the documentation of dma_alloc_coherent() in > https://www.kernel.org/doc/Documentation/DMA-API.txt > as well as the code itself, and (maybe I'm wrong but) I didn't see 100% > guarantees the that the memory is zero-initialized. > > However zero initialization of the destination doesn't matter in this case, > because strscpy() guarantees a NULL termination. If this is in DMA memory, should the string buffer be %NUL-padded? (Or is it consumed strictly as a %NUL-terminated string?) -Kees
> -----Original Message----- > From: Kees Cook <keescook@chromium.org> > Sent: Friday, October 6, 2023 1:39 AM > To: Kiyanovski, Arthur <akiyano@amazon.com> > Cc: Justin Stitt <justinstitt@google.com>; Agroskin, Shay > <shayagr@amazon.com>; Arinzon, David <darinzon@amazon.com>; Dagan, > Noam <ndagan@amazon.com>; Bshara, Saeed <saeedb@amazon.com>; David > S. Miller <davem@davemloft.net>; Eric Dumazet <edumazet@google.com>; > Jakub Kicinski <kuba@kernel.org>; Paolo Abeni <pabeni@redhat.com>; > netdev@vger.kernel.org; linux-kernel@vger.kernel.org; linux- > hardening@vger.kernel.org > Subject: RE: [EXTERNAL] [PATCH] net: ena: replace deprecated strncpy with > strscpy > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you can confirm the sender and know the > content is safe. > > > > On Thu, Oct 05, 2023 at 10:25:08PM +0000, Kiyanovski, Arthur wrote: > > > -----Original Message----- > > > From: Justin Stitt <justinstitt@google.com> > > > Sent: Thursday, October 5, 2023 3:56 AM > > > To: Agroskin, Shay <shayagr@amazon.com>; Kiyanovski, Arthur > > > <akiyano@amazon.com>; Arinzon, David <darinzon@amazon.com>; Dagan, > > > Noam <ndagan@amazon.com>; Bshara, Saeed <saeedb@amazon.com>; > David > > > S. Miller <davem@davemloft.net>; Eric Dumazet <edumazet@google.com>; > > > Jakub Kicinski <kuba@kernel.org>; Paolo Abeni <pabeni@redhat.com> > > > Cc: netdev@vger.kernel.org; linux-kernel@vger.kernel.org; linux- > > > hardening@vger.kernel.org; Justin Stitt <justinstitt@google.com> > > > Subject: [EXTERNAL] [PATCH] net: ena: replace deprecated strncpy > > > with strscpy > > > > > > CAUTION: This email originated from outside of the organization. Do > > > not click links or open attachments unless you can confirm the > > > sender and know the content is safe. > > > > > > > > > > > > `strncpy` is deprecated for use on NUL-terminated destination > > > strings [1] and as such we should prefer more robust and less ambiguous > string interfaces. > > > > > > NUL-padding is not necessary as host_info is initialized to > > > `ena_dev- > > > >host_attr.host_info` which is ultimately zero-initialized via > > > alloc_etherdev_mq(). > > > > > > A suitable replacement is `strscpy` [2] due to the fact that it > > > guarantees NUL- termination on the destination buffer without > unnecessarily NUL-padding. > > > > > > Link: > > > https://www.kernel.org/doc/html/latest/process/deprecated.html#strnc > > > py-on- > > > nul-terminated-strings [1] > > > Link: > > > https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.ht > > > ml > > > [2] > > > Link: https://github.com/KSPP/linux/issues/90 > > > Cc: linux-hardening@vger.kernel.org > > > Signed-off-by: Justin Stitt <justinstitt@google.com> > > > --- > > > Note: build-tested only. > > > --- > > > drivers/net/ethernet/amazon/ena/ena_netdev.c | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.c > > > b/drivers/net/ethernet/amazon/ena/ena_netdev.c > > > index f955bde10cf9..3118a617c9b6 100644 > > > --- a/drivers/net/ethernet/amazon/ena/ena_netdev.c > > > +++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c > > > @@ -3276,8 +3276,8 @@ static void ena_config_host_info(struct > > > ena_com_dev *ena_dev, struct pci_dev *pd > > > strscpy(host_info->kernel_ver_str, utsname()->version, > > > sizeof(host_info->kernel_ver_str) - 1); > > > host_info->os_dist = 0; > > > - strncpy(host_info->os_dist_str, utsname()->release, > > > - sizeof(host_info->os_dist_str) - 1); > > > + strscpy(host_info->os_dist_str, utsname()->release, > > > + sizeof(host_info->os_dist_str)); > > > host_info->driver_version = > > > (DRV_MODULE_GEN_MAJOR) | > > > (DRV_MODULE_GEN_MINOR << > > > ENA_ADMIN_HOST_INFO_MINOR_SHIFT) | > > > > > > --- > > > base-commit: cbf3a2cb156a2c911d8f38d8247814b4c07f49a2 > > > change-id: > > > 20231005-strncpy-drivers-net-ethernet-amazon-ena-ena_netdev-c- > > > 6c4804466aa7 > > > > > > Best regards, > > > -- > > > Justin Stitt <justinstitt@google.com> > > > > > > > Thanks for submitting this change. > > > > The change looks good but the sentence "NUL-padding is not necessary > > as host_info is initialized to `ena_dev->host_attr.host_info` which is > > ultimately zero-initialized via alloc_etherdev_mq()." is inaccurate. > > > > host_info allocation is done in ena_com_allocate_host_info() via > > dma_alloc_coherent() and is not zero initialized by alloc_etherdev_mq(). > > > > I looked at both the documentation of dma_alloc_coherent() in > > https://www.kernel.org/doc/Documentation/DMA-API.txt > > as well as the code itself, and (maybe I'm wrong but) I didn't see > > 100% guarantees the that the memory is zero-initialized. > > > > However zero initialization of the destination doesn't matter in this > > case, because strscpy() guarantees a NULL termination. > > If this is in DMA memory, should the string buffer be %NUL-padded? (Or is it > consumed strictly as a %NUL-terminated string?) > > -Kees > > -- > Kees Cook No need for NULL-padding, It is consumed strictly as a NULL-terminated string Thanks, Arthur Kiyanovski
On Thu, 05 Oct 2023 00:56:08 +0000, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > NUL-padding is not necessary as host_info is initialized to > `ena_dev->host_attr.host_info` which is ultimately zero-initialized via > alloc_etherdev_mq(). > > [...] Applied to for-next/hardening, thanks! [1/1] net: ena: replace deprecated strncpy with strscpy https://git.kernel.org/kees/c/111f5a435d33 Take care,
On Thu, 30 Nov 2023 13:59:48 -0800 Kees Cook wrote: > [1/1] net: ena: replace deprecated strncpy with strscpy > https://git.kernel.org/kees/c/111f5a435d33 Again, please drop, Arthur requested for the commit message to be changed.
On Thu, Nov 30, 2023 at 10:41:34PM -0800, Jakub Kicinski wrote: > On Thu, 30 Nov 2023 13:59:48 -0800 Kees Cook wrote: > > [1/1] net: ena: replace deprecated strncpy with strscpy > > https://git.kernel.org/kees/c/111f5a435d33 > > Again, please drop, Arthur requested for the commit message > to be changed. Dropped, though I did change the commit message in the pulled commit. Justin, can you send a v2 with the commit change? Then it can go through regular netdev machinery?
diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.c b/drivers/net/ethernet/amazon/ena/ena_netdev.c index f955bde10cf9..3118a617c9b6 100644 --- a/drivers/net/ethernet/amazon/ena/ena_netdev.c +++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c @@ -3276,8 +3276,8 @@ static void ena_config_host_info(struct ena_com_dev *ena_dev, struct pci_dev *pd strscpy(host_info->kernel_ver_str, utsname()->version, sizeof(host_info->kernel_ver_str) - 1); host_info->os_dist = 0; - strncpy(host_info->os_dist_str, utsname()->release, - sizeof(host_info->os_dist_str) - 1); + strscpy(host_info->os_dist_str, utsname()->release, + sizeof(host_info->os_dist_str)); host_info->driver_version = (DRV_MODULE_GEN_MAJOR) | (DRV_MODULE_GEN_MINOR << ENA_ADMIN_HOST_INFO_MINOR_SHIFT) |