From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9CDF3E77197 for ; Thu, 9 Jan 2025 18:14:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2BC456B00BA; Thu, 9 Jan 2025 13:14:18 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 26D746B00BB; Thu, 9 Jan 2025 13:14:18 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 134436B00BD; Thu, 9 Jan 2025 13:14:18 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id EAE986B00BA for ; Thu, 9 Jan 2025 13:14:17 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 960DB140368 for ; Thu, 9 Jan 2025 18:14:17 +0000 (UTC) X-FDA: 82988712954.12.4D627FD Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by imf12.hostedemail.com (Postfix) with ESMTP id 992C04001E for ; Thu, 9 Jan 2025 18:14:15 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=wVQ9WJR0; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf12.hostedemail.com: domain of isaacmanjarres@google.com designates 209.85.214.169 as permitted sender) smtp.mailfrom=isaacmanjarres@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736446455; a=rsa-sha256; cv=none; b=HQeFj9ffUnHzcdP5TSQZ6sAt3U8vtdLQv5cQ7MVLh21OwYv4IDDWJt368tH1B6/Pw2cGox mB1wuR1Wq7zTiFsyx4qsbkOZFMU55vRGuHivVj0at7pG+B9qH3CPfg6R+VifWa7k2xXpZ1 DrBQ0VVJ1CQJ/QHFE44KeINdeb5laso= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=wVQ9WJR0; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf12.hostedemail.com: domain of isaacmanjarres@google.com designates 209.85.214.169 as permitted sender) smtp.mailfrom=isaacmanjarres@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736446455; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=bINg/gnprvUTwQzCA8pY7wFm7enPM0xkckdTziiODlQ=; b=e41WxVqitT2I6x6G2SPNM9ZXXaU2RyAy9W3KRTx7nEvqouiQC0c4GhZpzuZL2llgoQpy8L theRwGAKfYUwDQ8AikdyU3Qgach/E1F3+HTmMJWxj9q64FmwzPXDmpLQmNgotKvqZGTTv7 k4Awdhl6PDhN7UOJc9r+YjxoS9k7wy4= Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-21625b4f978so6765ad.0 for ; Thu, 09 Jan 2025 10:14:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1736446454; x=1737051254; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=bINg/gnprvUTwQzCA8pY7wFm7enPM0xkckdTziiODlQ=; b=wVQ9WJR0ANjYOFk2ObYTPEI5kANK0WH7ggTbn/790JJHLXumYZXIbneGnFQFGwNPtk oZb+r1SoR605+vwOpfV+ko+0SIfUm9c58/TKJzmMjU69vzOBmZhCoauu4PmU47sN9vFK sPO9CeOYENORuyDq2Dr6t/eXW4BbDVi19eMrz5KDXP14iGhJWLrNZV+Ve9ncggl4JKJV rkk2abuRKgQhkLMhiB3xks+jztNYJh6yiL9Zv00hKill6IwX49fWi27ejPSME7fuUktp zCYFLiLD9HvjOpAQEXI1sPCPr0wMqlQpdIy64xk8NJs3ZbJsJbmphvJJwPVseT9sDasM CL4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736446454; x=1737051254; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=bINg/gnprvUTwQzCA8pY7wFm7enPM0xkckdTziiODlQ=; b=IeUjAMoz1Dq6Q3pD/FPcYph/PUMNUCf5SP9RxJSI/3t8gY/zVFpzBiK0xr6gVhywXl IMBJC7ntycX32pYLeevfS9HvGNEjzUjnXrMU8UpPye59K6KAmfHyMZ9UZHjSatftkMaM ES4rBAij4FE12RGcsfNEQkCIgd7dStzXRVSII40KPalT//Mw4u/3xrZKEVlisA2eZHCc 2FCFHK3tcnQ2r87MSRqd+7eAfTCI9QlLru1ycrCsQG72kJSxYuL8L1rCE6zEQ9MoWwIO yx6qcgc7dyYMAUGbz4yvvaGbxAix9X73obNZ0sSEoqsjk7wLd8IyCmofVEUDg955jv5l Q67A== X-Forwarded-Encrypted: i=1; AJvYcCXbgOBQ8amAZIOKtShLBPCWNUhUsakt2CNPc/ycrYx1Lz/cr3nWy1tnbeKhzDD3qzjEQK+b53Otjw==@kvack.org X-Gm-Message-State: AOJu0Yxn6jvcy3RecLmIDahm0HEvncIxylMSYYxPH7zmGWuRaHhh8Z16 SGOZQxoCw0psMGDH03kSA4L2lM/ux5Wa9PJD2xArDoSggNtH6najFi6nXgfvLg== X-Gm-Gg: ASbGncs0crCc5q+qVaTQpK8GoRwR2570iKggxFVfCKdoLsce4+z1oveg0W/FDyFKzB9 OvBDecLyT19pJZ9JzaGvRfY7UP43ACoQbXnpcs8qSvezJAqEKWuUzqc5Advy5zsabojJUuxlnog QNCoqmPTaSfAI1RKZVx+Eus6vkmNQxWjgOMJvV+NaSnAS5Qk1UtCNf3QnNaXcl3cRp855R1DYhj 26jLz/0jHywMVdb+S+Nn6HJLS2RImT265ylwc6zrh4nLuJ9zdwevvCKnA== X-Google-Smtp-Source: AGHT+IEzlkvSLAwKZQsIRypnWj8w1B6QkECfu1OuKbwjVtb8GtlSzWtAVLCnKsIjaRBjZzQ+WA0LsA== X-Received: by 2002:a17:902:f7c5:b0:21a:87e8:3897 with SMTP id d9443c01a7336-21a8ed272f9mr3002245ad.4.1736446454149; Thu, 09 Jan 2025 10:14:14 -0800 (PST) Received: from google.com ([2620:15c:2d:3:e84d:972b:9ee4:3ad7]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72d4054893esm92029b3a.20.2025.01.09.10.14.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jan 2025 10:14:13 -0800 (PST) Date: Thu, 9 Jan 2025 10:14:09 -0800 From: Isaac Manjarres To: Lorenzo Stoakes Cc: Andrew Morton , kaleshsingh@google.com, jstultz@google.com, aliceryhl@google.com, surenb@google.com, kernel-team@android.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 2/2] mm/memfd: Use strncpy_from_user() to read memfd name Message-ID: References: <20250107184804.4074147-1-isaacmanjarres@google.com> <20250107184804.4074147-3-isaacmanjarres@google.com> <4291d9f0-4483-40e5-a54b-d006eb52c8cb@lucifer.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Stat-Signature: ouw4fu5esnhqhry6768ab1omkdg5k3ux X-Rspam-User: X-Rspamd-Queue-Id: 992C04001E X-Rspamd-Server: rspam08 X-HE-Tag: 1736446455-920023 X-HE-Meta: U2FsdGVkX1+lRfXtlhhZ+1rkaeMi9KGja9ocXjZT5IQZgurtPrf8lPdPVEj43LDwVUOrO8316pCYegY3tmFZtHAiZM283X0uDBiPgY/s3yxgY5gRgmQmjUDnofaCTd3S+MugLqt1zVko9zCniFvAlJ5kBNkyaXAZcH1wFb0/zo9R7eVKxtJnMOCoIhyuKlUf0TPxPk/PLUvUiI6xan2QEl+7YNUp9INHInxckbAHgyUg6XP5oKagJTmNs0l0zlN3ElJTnckMijqNdkr+ibr3iZD4VaxoZUUpPK00qqL+giBAi7Y+ql/6TzZuq7f4w4ea89JYA37H+PAXDz6NZgiT4Gt3yltbz2TOc6p00CIOwMKkWzpLiUL11x9QqLsWhdC4ySnLZMIXw4GyCT3EL/pVbY7tISngUsejc/g4MKPGt/GmmRNywFUrviltqrw01biLyPBhqdVrnVPKXaZBNNOGuqt6BfeZslSV+LToITsZ5JqU+JRTRXmoZQuvZUpmV1e+48fjbWw5VoyLhXrU+hAv7CTNGMdkH+dLwOofvTuz7UEpZVU2RMop3iKEiOStyPOSe2cCdOqzbL7ColH1L0Eei75PXeg12qNpXWUeo1QfI9YQzKPDla3ZQ1sJbSSCwtaFvsGAO8SrPBontQxgIqfAPvHEr0wxz04o8654OSBp5BH+y+cTqZW25XXnUUocBiHZBHe86Y4PtReKlhD5q8iphIIwNDhUQPEfDtNdWwSBG2jUxjsQWkCLnfiKVAejhPhfgcqrZc4yCC2uJk3aQ7AhABb9rY9xlgR2BdbLXK4AxNZV/aap9mXW1vQGtDc7oeB65AO1N5SzXpqj5ERM5v5YXKq0UttKgK3N/IjclbFwQPr3dLXE8DMqacSqO85FVfC1+rTZPQWWouBxD04nOpdZayP0VKIQJZTyz7o58WEEJtLaTw1Oxup9URL2juFpxM/b3PxnkOnidSNalOA9B5a XkZw3wnt ccBB9l7vYqLFKetrTovoT8CkL1sU4a5P59yxBk5T1iKWy/fJoT5brENvlXlkqblTgVIA5N1j9qf5c0Ra9u024dZZfRsGlz/gHP3Zvxy1NABun+VC7Z7n31h0zppcy0rIMlaEQmYNidcD3xZJpVtZy/wsagvDxEOf+BQvH4k4kRojaHlViumiNdzBc8qSDOgLpoyR7wxJ+/5yaaHCo9j3zKFmOGoa6JPPtdtiWOqQG9Wz1Kr1mws954wzwN5WBpLSsGtS+x93iQChHCsBjBGiDQCdfIpCvFqxIxZr8aDC/mm3iSUTmpXQWc1NwwjqJZAE0tmdUH46JK9xardlLv5Eu8iSru1DTMBQL7aKTIsGV46EmurOG/mcyIBPhgJDiRtcm/HrFc0w0BzBf8xrpvHDVRwcKwmogW7RQpduv X-Bogosity: Unsure, tests=bogofilter, spamicity=0.476083, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Jan 09, 2025 at 11:31:59AM +0000, Lorenzo Stoakes wrote: > On Wed, Jan 08, 2025 at 06:15:36PM -0800, Isaac Manjarres wrote: > > On Wed, Jan 08, 2025 at 06:58:00PM +0000, Lorenzo Stoakes wrote: > > > On Tue, Jan 07, 2025 at 10:48:02AM -0800, Isaac J. Manjarres wrote: > > > > goto err_name; > > > > - } > > > > - > > > > - /* terminating-zero may have changed after strnlen_user() returned */ > > > > - if (name[len + MFD_NAME_PREFIX_LEN - 1]) { > > > > - error = -EFAULT; > > > > + } else if (len > MFD_NAME_MAX_LEN) { > > > > + error = -EINVAL; > > > > > > I don't think this can ever happen? It just truncates, looking at the code > > > for strncpy_from_user(). > > > > > > > I double checked, and this case is possible. The maximum we allow to > > strncpy_from_user() to read is MFD_NAME_MAX_LEN + 1 via the count > > argument, so that includes the NULL terminator in the userspace buffer. > > > > > strncpy_from_user() then returns the length of the string without the > > NULL terminator. The check is for just MFD_NAME_MAX_LEN, so this is > > meant to catch the case where the string, not including the NULL > > terminator, is greater than MFD_NAME_MAX_LEN, which is invalid, as > > well as the case where the string becomes malformed/corrupted mid-copy. > > Actually you're right :) apologies, I misread the strncpy_from_user() > implementation. > > So I think you should be good here - have you tested this scenario in > practice just to confirm? > > Cheers! No worries! Yes, I tested this out and confirmed that we do return -EINVAL in this case before and after this change, so it should be fine. Thanks for the review :)! I'll be sending out v3 of this series shortly. --Isaac