From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED54AC369C9 for ; Thu, 17 Apr 2025 21:07:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BAC822800D1; Thu, 17 Apr 2025 17:07:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B5CF2280005; Thu, 17 Apr 2025 17:07:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A4D6B2800D1; Thu, 17 Apr 2025 17:07:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 6FBF0280005 for ; Thu, 17 Apr 2025 17:07:18 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id B0FEC5971C for ; Thu, 17 Apr 2025 21:07:18 +0000 (UTC) X-FDA: 83344771356.01.6BC5B5F Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by imf07.hostedemail.com (Postfix) with ESMTP id CF6D24000C for ; Thu, 17 Apr 2025 21:07:16 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Kl2lMTks; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf07.hostedemail.com: domain of andrii.nakryiko@gmail.com designates 209.85.210.173 as permitted sender) smtp.mailfrom=andrii.nakryiko@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1744924036; a=rsa-sha256; cv=none; b=kMEC7vMgqKXGEbe3ZEmC4iiA+xn9uLMTJ3XWgrJ0nciAIkdj1l7s5CmX3hZzqyFYyj/VeD RIr9R4IdNkpdwV2E90k2A3mzYTddHgIRA0j4m8MxLEpj2XY/trfIB6WGEnHP56iQ5CylR8 Mr/TgU/n+hHlzM9i9I9SDukF341BpUM= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Kl2lMTks; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf07.hostedemail.com: domain of andrii.nakryiko@gmail.com designates 209.85.210.173 as permitted sender) smtp.mailfrom=andrii.nakryiko@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1744924036; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8hGDO9m37F8olfB2fdhlZB0IsLu+CvliE5NlH9VjBk0=; b=HirGUDVd4w6BbsoN57UUh9SjsbW2Zl9SLqRy1emyxe0Cox2qB+eZvQpOq0Y1ZUARqDHm99 B8MnsEkMa+gcYibc60l1ogS4tTq3ZLa7hJ2IFPuEhGzeRk3MW7DGYnQiysxj9GLTlyQrCR rVRahXpALtBhyJTiaNl3EQMkijS4nAI= Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-7376dd56f8fso1661262b3a.2 for ; Thu, 17 Apr 2025 14:07:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1744924036; x=1745528836; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=8hGDO9m37F8olfB2fdhlZB0IsLu+CvliE5NlH9VjBk0=; b=Kl2lMTks90r44vGVPsECJ9rZ40JpNNWuh9wMsotKMD7gDlDV2rz/c2fIxbsAFwSSE6 UUA7cuIFRM5YTy2VUdrGqnewwXnEP111yv0TSRdQ5FRrTNYhnTYVq0YRwHJ4dq6m1W3C u+qCXS6kFMgf2R6Q5QF8d7p5TCrnP7NTIHhh1yogZq/KBZPtaZaOw2FXh9t98w3QHJ5H rzuaG3NgqVAXtfGoBnZx3eUSXmyKLEP1fd6YuEvP9uCwFLjYYrPl6v2cmjOzvSwHdwI4 95DauFPmDwwh1uDL9LPQtx3O0PKio/ndvYiF+E1iFhjL52VI0xHTmE//HU+ZjYve7NZq 1nRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744924036; x=1745528836; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8hGDO9m37F8olfB2fdhlZB0IsLu+CvliE5NlH9VjBk0=; b=csdATuYpBWHMX9P7FMX3LHEzSR9y6YVb5vBpDhLEJteV1jBV5kJYOEqDCmWNUmBQYu hpHR47B9wZGhKsuv64oq2wna1zjZUONGtXnrC0Xv+sCfTmsNEKnjeMS4PTnYW1N4SlrU oHqZjsLQkoOcfd6sgvGNv/0Ijb8okVoF3n9JE+bEo1qgRgmDwj5woRBnXH2Ii4D163MK KlrsEm9Yqwuowaub1Clhu3az1QrlwGvSx0/R2D7T2Leqv0t7rRwtiH0FNBpmA9eU7fQC h2w5yDQpCqGYXgSvb408atcq1m4zoJR7Iy9WciygEEMl2BNMYNQPUEvAI8CO2bVAJXmQ 6VCQ== X-Forwarded-Encrypted: i=1; AJvYcCW4wfxmtWKE0qome0iw8ldxbv243+CM8+6C2eWKIeBqP2qlY3tWbfia1rdxM5TsXM+h/y65TRATZg==@kvack.org X-Gm-Message-State: AOJu0Yzd77vkvbs0qEHCKVULEBBe6I6WRcQ63i/tsxJv5hQMIZQGbnBS gBJ9HTh8a9jka4x5VWlG1L3XyyTvzCJinbjgU2YGow3E8LJ8W5NJu8hy3wPOXqtnQpovGsplKhm kOMeTv5+nypPFGP0W/IIg9S7Ml3c= X-Gm-Gg: ASbGnctD4YAGk3/EVpW/O4M0AWdlv/RNKmVWHIrmxVCJHv3taTVQW/2id2GiZQQYhje 9D6jPxPU2HSwFHFeAT4Nwd18QGxOjwmhzxHKACIFgCRWEkit5TNaxdjCWSgiovtVNjxpAgACYt/ XB7IGD/Y5xeLseb2D0laepXs/4jBx2AE8Kx1lzSg== X-Google-Smtp-Source: AGHT+IEp2h1PChq+hq+IZtAH+fTv1kA9Edtc3QCZPZK50mz8+fRy67JCrHzW/SDMcLPwXeh0/h2rV3TwJ095hr7FSik= X-Received: by 2002:a05:6a00:3990:b0:730:99cb:7c2f with SMTP id d2e1a72fcca58-73dc148fabcmr386498b3a.6.1744924035769; Thu, 17 Apr 2025 14:07:15 -0700 (PDT) MIME-Version: 1.0 References: <20250417152808.722409-1-mykyta.yatsenko5@gmail.com> <20250417134006.60e0d6b3fc963bcbec1255b0@linux-foundation.org> In-Reply-To: <20250417134006.60e0d6b3fc963bcbec1255b0@linux-foundation.org> From: Andrii Nakryiko Date: Thu, 17 Apr 2025 14:07:04 -0700 X-Gm-Features: ATxdqUEFTmpRrsv6w29jFE4h3SsG8NbT9GQel-Hr3_4AXYZwwT22CpCkhYoG-0w Message-ID: Subject: Re: [PATCH mm] maccess: fix strncpy_from_user_nofault empty string handling To: Andrew Morton Cc: Mykyta Yatsenko , linux-mm@kvack.org, rostedt@goodmis.org, mhiramat@kernel.org, andrii@kernel.org, kernel-team@meta.com, linux-kernel@vger.kernel.org, Mykyta Yatsenko Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: CF6D24000C X-Stat-Signature: jwwkkozh4gipn13rm5rioqo14pdsr5ms X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1744924036-620026 X-HE-Meta: U2FsdGVkX19BO3i6+YUlRZX1SjFZGbI1n242dWMZRXL94FW09x3j4AqzhkOVUhgWcps2suIW30aC5xCebU96CNNVLE3o+XtDr49X2K3aQY4oWISV3XcnBcgFuElT+DvNGv0fHhlEeYWCBobgJkysRb/DoQ2KcFiVGfh/zdd+b4G0+UH3DRVsoE53TqOQwT8vBRm8sFiT77d0VcGxoV/vb7OyUxlWWzP2bh9Lonh4WJELHI+b3qtOx7+ogns0I0iA6/v5MYmTlSyCaBt7ru8FRLukaxK2Mb5hS5iFN5u+N4Gi11emMNV3HYUNGFU07w7knkybSsefmNiq5Ysdwe062nzxrTNycxSSEucdQ81rDdShhmenSbTfPfqYfu1GLFdOxLOAKqfsXBBACksf3MW51AdPmm34m/3t2h2na5EOliSyn85WpJgAJ7YxKy3qtU3BM+oLvI87Wob8agguq7DaTm1tciGkpXO6cOuey/SITaGlYuKfP/nhXGahuHZPjVqLjBQh9vgKGY3m9j4D8M+mUVfDw5MHNmSA8khOY0fW6Cr3SjRHOJyh7bG5VVW/N0AVQ2sOlQ67KjS8XiNxdRtlUzFFtd8ISJxUE7szB+LdE6ZolMErCaOjVRU2lOjy1GaCE5PHBB5YXr1VH/FWB3+0C+fd9L2gaqzYxpJVN7hoTROqWvBoHihsw+Yp6RSxysqfXz0k6YBq1N1cEI6wwimMR4glNBTzu0m4rljLzJCssMNawMu8Pfp/RBgOIjalHKbJmLEj/xir/JIXkqR0R8zRhAUsfDg6V1jZri/AK4oV4ESps8XXhpPOaEGf8Uv1FeMJTXPygn4OpvKaMXbLo6TGAJ5VxLy8loMKGyTXzxjlAEHCDRrRhjVSqEdLxeokbI6RejLt9vg8kvHQWphk/73zF9TsrMazwb8y9rFlMVlWecm7lhx+U3LyXaY7059HHz4hQC8g5HwyBM2DtUiDLEH 5U2oL3Tv T4+anfps5u8Ndl48qh32UdAc+ZbPI1DNIzWX2PT0BafPRFZ3XJ4OxepngU2QXAPUPWmEn5NekJZgSN90cW2tvyZDEEPyLTfZSHx++Kjgm2Q/xAyhk3M0XIIFzb2+wclRAKwTNZ8wyg630p/0V1T5K7ukSj/dDyzHLvdi8iqX5LhQgGMYj8/06H5qlo9mOcfY65ESyOfK8DOzqHleaubYAodJHOh/1Nd9FPn4XVRcGtVMoJX9XhT8PAUto5UsTHdbNIOQOiQPBym+T1zI96vxNXRQtYj5uXyTyJ+ikS7g21+Z/ouxnHwZOn/R8HqZ7t3g/rs+gq0sWgJYelCJFBKxHEXTPaw52WgpoEAyzUl3PJ9fc3AboOb7ag3e6JHZuNMnvFyZS2ZqDlicutAIXyOCWlskUz45xvwYrhmcLW2etix8A7uIyx1LRsdw3AIEtdWOxwLmZVRfCbxHfwLtkVe3ElpfWZz8QASU8aTLnMYkkSmJ+iref8TF2MgbY98O6Bdv0zQWGs6LZAgz54BIiJJsRfzQcRG95BicAIVOlstF+/bgRG/s= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000459, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Apr 17, 2025 at 1:40=E2=80=AFPM Andrew Morton wrote: > > On Thu, 17 Apr 2025 16:28:08 +0100 Mykyta Yatsenko wrote: > > > strncpy_from_user_nofault should return the length of the copied string > > including the trailing NUL, but if the argument unsafe_addr points to > > an empty string ({'\0'}), the return value is 0. > > > > This happens as strncpy_from_user copies terminal symbol into dst > > and returns 0 (as expected), but strncpy_from_user_nofault does not > > modify ret as it is not equal to count and not greater than 0, so 0 is > > returned, which contradicts the contract. > > Looks right, I think. > > But why do strncpy_from_user() and strncpy_from_user_nofault() have > different interfaces? > > /** > * strncpy_from_user: - Copy a NUL terminated string from userspace. > * ... > * On success, returns the length of the string (not including the traili= ng > * NUL). > > /** > * strncpy_from_user_nofault: - Copy a NUL terminated string from unsafe = user > * address. > * ... > * On success, returns the length of the string INCLUDING the trailing NU= L. > > This is surprising and I'm wondering what led us to do this? Agreed, this is very surprising and error-prone. strncpy_from_user() semantics is a bit better, IMO, in that it allows to "detect" empty string even if buffer size is 1 byte. And there isn't a lot of places where we use strncpy_from_user_nofault (only 6, it seems). Maybe we should just change the semantics of strncpy_from_user_nofault?