From nobody Mon Feb 9 04:30:26 2026 Received: from mail-oo1-f52.google.com (mail-oo1-f52.google.com [209.85.161.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC1418C1E for ; Wed, 10 Apr 2024 02:31:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716321; cv=none; b=OKCaAJDSa/lgM0w+GgcEOnf7xkVX9M+3l6OU8MfV5bReJM2sV2+V29NNgw9ViohViHjkqnUQfSztAXRPXEeb747Co7tqrCXhYsbB34TrSfRTmucwMP+NIC8NDMa4ms5s/weFspQnut9kk5JlVZXSIYLdNnKe2jjyCkv3ZQ4GAjQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716321; c=relaxed/simple; bh=qYbI18yUD5HzoNjKR0lGr4s6EGttBI6+PzDO8Wigddw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=RTN7GG5nLZQz1K7tRkta+HG8AyBixq8xP/tmJiW4CF396YU1EcJ3MUZVzuB5D/D9PCL83NrWDx/keDfrwwGfE16dUgX+xPBa1ywRBhlfRIyy6Wbtxsi8MVtB7iivt60Pp8e0qzUJ1pku8hFfhZu0IBt3Sdh28iRKXuOVL+XmTRM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=SIMSFdFr; arc=none smtp.client-ip=209.85.161.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="SIMSFdFr" Received: by mail-oo1-f52.google.com with SMTP id 006d021491bc7-5aa241232faso2841787eaf.0 for ; Tue, 09 Apr 2024 19:31:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1712716317; x=1713321117; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oDjOHXgs0t5VffxEwXD7O3lIN0U2S1tp9J0ba2VzLZ8=; b=SIMSFdFrpV24Dh4osCye8cAKO24bfcBL8ygq21+sqtVuoIQGv5yo0hhV5V+g+mf8h2 QHxa1uxV19PVOlS4jjce98p+XTgSPYeZAdoX02Rf/caMvnDsUcvniIF0frD42hEsFs1U 0o31dhrpeqoSPjURsMSuuKH6kJ0Z/OMb5xSPY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712716317; x=1713321117; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oDjOHXgs0t5VffxEwXD7O3lIN0U2S1tp9J0ba2VzLZ8=; b=KSwt0Xt2hpLGls8X78p2Z81He3fO7f116rRthIJcLziyGQANzNTkujy4mH7Wjbo8wL sZzFiK7AcSrJ0AaDEB6o5apSIA+cE8O46crwH7S2eWXO8B4e7g3OrZ8TOJhW6QntydlF B8QBYaMGmt1HenJaCf+MjVyKUnmI8saOKXIDNqJkUuVMc0+EeJ6w/z83eH9tEkxzLEDF VKH6Q/s5Jithd+4JVzCJdmJwHhj+NwWFcitNw39OlQY2pBpLPz5t/rl5NoGCpRHk0v/p r0m0RK0x3odNEpzlk8wImPdFfnfFFe9NHyHMVxhbmO+1mMF46Ka1oIPjVcpop7Yqfa39 K4PQ== X-Forwarded-Encrypted: i=1; AJvYcCUIGPx9wGoS+OtauY7HkwgKoGNQJ/KChmUBnUQymSsEi7IqKtjO3JOBMUnJeUVPJC2i2ThQafLGAeVD5/ADn4CWazpxVc0zeWBsnXu5 X-Gm-Message-State: AOJu0YyZMEeUlbytOufeZneA1KDuBzH8APqTlxrM59pc9px3SzNj6DqK i6rFi4hC21ic6ODJ++zTC18IFisVU8teGth3ISmaCsl4BZlMW5F13uU3xWj4cg== X-Google-Smtp-Source: AGHT+IEdVhbRhVxvlZGEV8PD92wXU0c32qZIHbZHZuV68VzxpmadMn0ygTyKEdkj2djHOvXGtGGRJw== X-Received: by 2002:a05:6871:e414:b0:22d:fcf9:f771 with SMTP id py20-20020a056871e41400b0022dfcf9f771mr1454166oac.25.1712716317026; Tue, 09 Apr 2024 19:31:57 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id x6-20020a634a06000000b005dc491ccdcesm8687444pga.14.2024.04.09.19.31.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 19:31:56 -0700 (PDT) From: Kees Cook To: "Martin K . Petersen" Cc: Kees Cook , Justin Stitt , Andy Shevchenko , linux-hardening@vger.kernel.org, Charles Bertsch , Bart Van Assche , Sathya Prakash , Sreekanth Reddy , Suganath Prabu Subramani , "James E.J. Bottomley" , Kashyap Desai , Sumit Saxena , Nilesh Javali , Andrew Morton , Himanshu Madhani , linux-kernel@vger.kernel.org, MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org, mpi3mr-linuxdrv.pdl@broadcom.com, GR-QLogic-Storage-Upstream@marvell.com Subject: [PATCH 1/5] string.h: Introduce memtostr() and memtostr_pad() Date: Tue, 9 Apr 2024 19:31:50 -0700 Message-Id: <20240410023155.2100422-1-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240410021833.work.750-kees@kernel.org> References: <20240410021833.work.750-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5667; i=keescook@chromium.org; h=from:subject; bh=qYbI18yUD5HzoNjKR0lGr4s6EGttBI6+PzDO8Wigddw=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmFfoaWcXhAXAR6w2spjXqaHGKBlcFEUONxSERz FNEYkxToeaJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZhX6GgAKCRCJcvTf3G3A JvUID/4kTVp7HimIZ7tPMOmwhBcYn3WrBON4y0CkYzZF0SQ+9kN7HWBLvgWaXqggaohXQvhnpmk 6MUOm4FVqA0KREKxu5e5YJguWsoxoa373Zzo8h6cFGBiPB8flDpyfNNCIp1oS4YZb0YpbJrEOw8 19NcJ/+IyMO31sMnB0PyTCohzwwZvNK2gte6sNtQ2gIXwMrBRcYBuULnrx06FamvNCK9fxG5lCO SUcYif1jkyrQWMyeq22IkN5My6M9I78KQzakBeL0fPfGLfgCZLdC5JGxWXZn8wysSuCsKeY5zxP 5qmlP3Fox+NU59rrSOU2bI1Rz1JarVbDI2mMM5a6usTbjYaO3YEdaOSxVpn3rgoJwcw0Ph/95Ur rliHIyJdE7v11/RmAeZ9lnh4CPK7I0PUBwvIhu45VQpgrPe9MV0hp2Glh6J0APUZSOPMc4cYsGR R7Wi8KtAWxA5IXiaEJC04jnxDbtllWUipnZ8MZGr6HOvDaoqwzX2XGIW+uzfNCH8VfZiEcpws1X 535CbiDDpbwF6YoRYunW1Q41Fs7yi6MPdcloKlqQ8rC8NIW35j/JWgwa6bLMbb5sPEpDejRcqiK XMvwfsy+yQOOoAf+LYUwOFxNAKauXCOHobRw29Q60nTmUYZIIMpd5jphYrMihQqcP5BHRIEpoSl a4Lgz+lLrPXu7NQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Another ambiguous use of strncpy() is to copy from strings that may not be NUL-terminated. These cases depend on having the destination buffer be explicitly larger than the source buffer's maximum size, having the size of the copy exactly match the source buffer's maximum size, and for the destination buffer to get explicitly NUL terminated. This usually happens when parsing protocols or hardware character arrays that are not guaranteed to be NUL-terminated. The code pattern is effectively this: char dest[sizeof(src) + 1]; strncpy(dest, src, sizeof(src)); dest[sizeof(dest) - 1] =3D '\0'; In practice it usually looks like: struct from_hardware { ... char name[HW_NAME_SIZE] __nonstring; ... }; struct from_hardware *p =3D ...; char name[HW_NAME_SIZE + 1]; strncpy(name, p->name, HW_NAME_SIZE); name[NW_NAME_SIZE] =3D '\0'; This cannot be replaced with: strscpy(name, p->name, sizeof(name)); because p->name is smaller and not NUL-terminated, so FORTIFY will trigger when strnlen(p->name, sizeof(name)) is used. And it cannot be replaced with: strscpy(name, p->name, sizeof(p->name)); because then "name" may contain a 1 character early truncation of p->name. Provide an unambiguous interface for converting a maybe not-NUL-terminated string to a NUL-terminated string, with compile-time buffer size checking so that it can never fail at runtime: memtostr() and memtostr_pad(). Also add KUnit tests for both. Signed-off-by: Kees Cook Reviewed-by: Martin K. Petersen --- Cc: Justin Stitt Cc: Andy Shevchenko Cc: linux-hardening@vger.kernel.org --- include/linux/string.h | 49 ++++++++++++++++++++++++++++++++++++++++++ lib/strscpy_kunit.c | 26 ++++++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/include/linux/string.h b/include/linux/string.h index 793c27ad7c0d..bd42cf85a95b 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -424,6 +424,55 @@ void memcpy_and_pad(void *dest, size_t dest_len, const= void *src, size_t count, memcpy(dest, src, strnlen(src, min(_src_len, _dest_len))); \ } while (0) =20 +/** + * memtostr - Copy a possibly non-NUL-term string to a NUL-term string + * @dest: Pointer to destination NUL-terminates string + * @src: Pointer to character array (likely marked as __nonstring) + * + * This is a replacement for strncpy() uses where the source is not + * a NUL-terminated string. + * + * Note that sizes of @dest and @src must be known at compile-time. + */ +#define memtostr(dest, src) do { \ + const size_t _dest_len =3D __builtin_object_size(dest, 1); \ + const size_t _src_len =3D __builtin_object_size(src, 1); \ + const size_t _src_chars =3D strnlen(src, _src_len); \ + const size_t _copy_len =3D min(_dest_len - 1, _src_chars); \ + \ + BUILD_BUG_ON(!__builtin_constant_p(_dest_len) || \ + !__builtin_constant_p(_src_len) || \ + _dest_len =3D=3D 0 || _dest_len =3D=3D (size_t)-1 || \ + _src_len =3D=3D 0 || _src_len =3D=3D (size_t)-1); \ + memcpy(dest, src, _copy_len); \ + dest[_copy_len] =3D '\0'; \ +} while (0) + +/** + * memtostr_pad - Copy a possibly non-NUL-term string to a NUL-term string + * with NUL padding in the destination + * @dest: Pointer to destination NUL-terminates string + * @src: Pointer to character array (likely marked as __nonstring) + * + * This is a replacement for strncpy() uses where the source is not + * a NUL-terminated string. + * + * Note that sizes of @dest and @src must be known at compile-time. + */ +#define memtostr_pad(dest, src) do { \ + const size_t _dest_len =3D __builtin_object_size(dest, 1); \ + const size_t _src_len =3D __builtin_object_size(src, 1); \ + const size_t _src_chars =3D strnlen(src, _src_len); \ + const size_t _copy_len =3D min(_dest_len - 1, _src_chars); \ + \ + BUILD_BUG_ON(!__builtin_constant_p(_dest_len) || \ + !__builtin_constant_p(_src_len) || \ + _dest_len =3D=3D 0 || _dest_len =3D=3D (size_t)-1 || \ + _src_len =3D=3D 0 || _src_len =3D=3D (size_t)-1); \ + memcpy(dest, src, _copy_len); \ + memset(&dest[_copy_len], 0, _dest_len - _copy_len); \ +} while (0) + /** * memset_after - Set a value after a struct member to the end of a struct * diff --git a/lib/strscpy_kunit.c b/lib/strscpy_kunit.c index a6b6344354ed..ac0b5d1678b3 100644 --- a/lib/strscpy_kunit.c +++ b/lib/strscpy_kunit.c @@ -126,8 +126,34 @@ static void strscpy_test(struct kunit *test) KUNIT_EXPECT_EQ(test, strscpy(dest, "This is too long", ARRAY_SIZE(dest))= , -E2BIG); } =20 +static void memtostr_test(struct kunit *test) +{ + char nonstring[7] =3D { 'a', 'b', 'c', 'd', 'e', 'f', 'g' }; + char nonstring_small[3] =3D { 'a', 'b', 'c' }; + char dest[sizeof(nonstring) + 1]; + + /* Copy in a non-NUL-terminated string into exactly right-sized dest. */ + KUNIT_EXPECT_EQ(test, sizeof(dest), sizeof(nonstring) + 1); + memset(dest, 'X', sizeof(dest)); + memtostr(dest, nonstring); + KUNIT_EXPECT_STREQ(test, dest, "abcdefg"); + memset(dest, 'X', sizeof(dest)); + memtostr(dest, nonstring_small); + KUNIT_EXPECT_STREQ(test, dest, "abc"); + KUNIT_EXPECT_EQ(test, dest[7], 'X'); + + memset(dest, 'X', sizeof(dest)); + memtostr_pad(dest, nonstring); + KUNIT_EXPECT_STREQ(test, dest, "abcdefg"); + memset(dest, 'X', sizeof(dest)); + memtostr_pad(dest, nonstring_small); + KUNIT_EXPECT_STREQ(test, dest, "abc"); + KUNIT_EXPECT_EQ(test, dest[7], '\0'); +} + static struct kunit_case strscpy_test_cases[] =3D { KUNIT_CASE(strscpy_test), + KUNIT_CASE(memtostr_test), {} }; =20 --=20 2.34.1 From nobody Mon Feb 9 04:30:26 2026 Received: from mail-oa1-f44.google.com (mail-oa1-f44.google.com [209.85.160.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 43E108F6C for ; Wed, 10 Apr 2024 02:31:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716321; cv=none; b=Udq5TYihm80PFV6u+F47RX+fO1iggE8N8vM+yFzExtUzVpE1tNM+iRiRNW5Crx0krfY+cW7Cltt8bzgdBreXP9e3HTgO3vn+JQTc3fytuEMe5347IpDNMsjpmjouyUa+WGE1/XgwLN5TisnEhcAZdRjddnvYd6n3HDaCnBFwxaU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716321; c=relaxed/simple; bh=JCsgCprEWa1l4SCGDGbUB8ubZ+h1Yzs/Ma0V4GeDTGk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=OLozJfTsNqY+tQRJGi+tOYBP6BepuBWnM5rqAZWPQFBPCj6ftJRBiWb/wEGl8Xp4WoqCVDRHvpmhmBZlTSmdlrsYXnJtEPTtzB1rcKHTYciEEJXCVMn6jd3MP91eEWLMDp7frdQCJAdb2++b+iZ2eT5Tl+lXhLBOJ5qOWyaUzZA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=SrjgMzCH; arc=none smtp.client-ip=209.85.160.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="SrjgMzCH" Received: by mail-oa1-f44.google.com with SMTP id 586e51a60fabf-22a96054726so5361588fac.0 for ; Tue, 09 Apr 2024 19:31:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1712716318; x=1713321118; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vHRtLi+awmnGIE7fYkBoAx7My8kibiodg7yHDLCH7Io=; b=SrjgMzCHjCwLVE0DmA2jtUfljAsa64Y0dpMP2DqvpSH3EgnxOYJMEf3pb0WpYXdLOl bD+jrEop+NuUU2VOGumehkgikm/fVjFqCySQvpg6xJoo6ZVGpPjnoV7RL/Aa0q/GlXct tKtz0VMN3sSs1CDv8+V86ayWric/r32NNK03w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712716318; x=1713321118; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vHRtLi+awmnGIE7fYkBoAx7My8kibiodg7yHDLCH7Io=; b=ErblCGiwi22p16XiM5SpJdKW++cVyzdkp6C7y+gXK+m9XRG3cvULiNEUu61UsNm6ji ZHxZrdMsNtlf3ddWdUyliQMxkYihQWzq9M7jBbJqbGYnwfYj9j9qmwpK8rmV3hnZMT6C GuUwcEeFT2hm/Vlo+EARK1YjTCAKxe977NBfqspP8A+jVUocNnj9AlmU1R250DHyk2wH kySJ34hIYW353f3QnLH8V0Wx5g9S8Iym3WWh+EH7nmA/VCCNaYwU20cO18UFbBH5jKlb glhARsHPohxAjUDaMSsmLkCRKBNl9fsuIFmuSdfFdGnAYUNDO8cRkgVdgtP3E3Qyo+zy vImQ== X-Forwarded-Encrypted: i=1; AJvYcCUwcIsgGo+cbWKSx4vMGkXBPqGvc/uOcFKBRklB3B/fvFE8WGqaVL0HdAWNyQu5faXX3WAlrwyoSTASva+aAd4gb6f5sT+hB+KAiUZb X-Gm-Message-State: AOJu0YybEBmXQJA3j+ApSdAUZD+C8pEJUfC1J/xu843qvSTA3V1sxThT scx9I9wH8FmhU99byWA73Wo3myfg9k+8+YkbcmqyQMeF+LlfHK6aZrf99ieqJQ== X-Google-Smtp-Source: AGHT+IFRyXg0eTdw450Vq36zHeNUtw3iCaUhs4VSlyDJfb0DpKJHBxFM33ehx65aD4AK2nBbeg7RxQ== X-Received: by 2002:a05:6870:13c9:b0:220:6edc:1fd7 with SMTP id 9-20020a05687013c900b002206edc1fd7mr1259703oat.1.1712716318261; Tue, 09 Apr 2024 19:31:58 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id p4-20020a056a000b4400b006ed06399e0csm8065458pfo.72.2024.04.09.19.31.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 19:31:56 -0700 (PDT) From: Kees Cook To: "Martin K . Petersen" Cc: Kees Cook , Charles Bertsch , Justin Stitt , Sathya Prakash , Sreekanth Reddy , Suganath Prabu Subramani , MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org, Bart Van Assche , Andy Shevchenko , "James E.J. Bottomley" , Kashyap Desai , Sumit Saxena , Nilesh Javali , Andrew Morton , Himanshu Madhani , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, mpi3mr-linuxdrv.pdl@broadcom.com, GR-QLogic-Storage-Upstream@marvell.com Subject: [PATCH 2/5] scsi: mptfusion: Avoid possible run-time warning with long manufacturer strings Date: Tue, 9 Apr 2024 19:31:51 -0700 Message-Id: <20240410023155.2100422-2-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240410021833.work.750-kees@kernel.org> References: <20240410021833.work.750-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2470; i=keescook@chromium.org; h=from:subject; bh=JCsgCprEWa1l4SCGDGbUB8ubZ+h1Yzs/Ma0V4GeDTGk=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmFfoapA0jSRgfPR1sV3aqPHMnroQNsZpklKX1t cw5ZZgf3nmJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZhX6GgAKCRCJcvTf3G3A JtFpD/9RjRSGfqMioS+VbASHaxCQLXGu+eeHR8PmV46+1XHXwlDmiB4qhXcJVPn5SxTvumjfLdX cdsWdPitwCDd1rmdkhZFQBFbApN7JZY19OPk1IznV224pMgEJ4Wr3CjGYAKwQhkLPfr+FJ4WBeQ YAZWx8wxcI9qFgauL79FwHCAksDToU5TsQTVoIjEUThMSk0bbOqxzurszTfbe0CiwGXs6ihSFvZ 6SSrzNj9YZADh+Vb25DzyScDWlEdcsnhbvjgjQUofPfR9l9VnqbnXxtUy6f/Rq26f6cL8VDnTI8 EiJbj6cZy+Os+xtOACFtn11kqXedJhygwP3STSt8nhs4vHK/ZnTEiQV+ZV9jKBXPJTuCFpcUf5n LcmgL5exH6LePjRTgbfTBxjcN2nj4Byc4uEG1InJQWdyhQW2CuHfNgLfjldBNVE2ovcAcrBVSma tj20k1udmZ3v+YmUNKx9p5idV3ouKxHF0mZQeVFPCzkdHEWZuLJp7m9oFGu/B6tTZ1tIb0HmDoQ gln22cDiz9N0izlWpnyyseCi5ph1I6BDaOMRX45SXJ956/M2yor0WSprV24qbsHQQtVNBd/qx+t PpZRkeOXgc3/6Kk6dE0eFaSgNcq51hvmrE3Gq/T7Mj+1kL1UnGf0sNdJZvXj0mLL2emiFR9g2r9 S3cIpGQntVIb/GQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The prior strscpy() replacement of strncpy() here expected the manufacture_reply strings to be NUL-terminated, but it is possible they are not, as the code pattern here shows, e.g., edev->vendor_id being exactly 1 character larger than manufacture_reply->vendor_id, and the replaced strncpy() was copying only up to the size of the source character array. Replace this with memtostr(), which is the unambiguous way to convert a maybe not-NUL-terminated character array into a NUL-terminated string. Reported-by: Charles Bertsch Closes: https://lore.kernel.org/all/5445ba0f-3e27-4d43-a9ba-0cc22ada2fce@co= x.net/ Fixes: 45e833f0e5bb ("scsi: message: fusion: Replace deprecated strncpy() w= ith strscpy()") Signed-off-by: Kees Cook Reviewed-by: Martin K. Petersen --- Cc: Justin Stitt Cc: Sathya Prakash Cc: Sreekanth Reddy Cc: Suganath Prabu Subramani Cc: MPT-FusionLinux.pdl@broadcom.com Cc: linux-scsi@vger.kernel.org --- drivers/message/fusion/mptsas.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsa= s.c index 300f8e955a53..0f80c840afc3 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -2964,17 +2964,13 @@ mptsas_exp_repmanufacture_info(MPT_ADAPTER *ioc, goto out_free; =20 manufacture_reply =3D data_out + sizeof(struct rep_manu_request); - strscpy(edev->vendor_id, manufacture_reply->vendor_id, - sizeof(edev->vendor_id)); - strscpy(edev->product_id, manufacture_reply->product_id, - sizeof(edev->product_id)); - strscpy(edev->product_rev, manufacture_reply->product_rev, - sizeof(edev->product_rev)); + memtostr(edev->vendor_id, manufacture_reply->vendor_id); + memtostr(edev->product_id, manufacture_reply->product_id); + memtostr(edev->product_rev, manufacture_reply->product_rev); edev->level =3D manufacture_reply->sas_format; if (manufacture_reply->sas_format) { - strscpy(edev->component_vendor_id, - manufacture_reply->component_vendor_id, - sizeof(edev->component_vendor_id)); + memtostr(edev->component_vendor_id, + manufacture_reply->component_vendor_id); tmp =3D (u8 *)&manufacture_reply->component_id; edev->component_id =3D tmp[0] << 8 | tmp[1]; edev->component_revision_id =3D --=20 2.34.1 From nobody Mon Feb 9 04:30:26 2026 Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 857015CB5 for ; Wed, 10 Apr 2024 02:31:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716320; cv=none; b=OMtmNkTPZQPPjGtPUFYAeaEdG+fTOKjNf1XhzZQQuds2SiufoF7dQGXslALiPJhFzcXysBGYksGjlSIZ3qq6/NgPRcaDG4v93yZrE2KMDd+PScahMKVnXPE28WGcXcSUMpp56U3ZauL0GMWYmRqm8JXLWAyriON+iMpT9gqSFwM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716320; c=relaxed/simple; bh=U04NgByTSLz3ezEZdZ9fh7Nk8N6aKk3aFVSqTRfRHjg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ambKiowpgDkyWTs2Qsv5WyLAGO84Rs8RlcG/+E0fzwzRP2iTb3PEMevyPAx/mh6eSuz2eYZWm8AZsWTix0QBw0zDLlGFGR+l2NMdwDsVLj1c0t0yMO5uPHOBagnaZMpn1wq4zud5risdZ7zaAfjD+w8Dh4JUBSzrYvbdv6osqrs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=RhBMpdHB; arc=none smtp.client-ip=209.85.215.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="RhBMpdHB" Received: by mail-pg1-f178.google.com with SMTP id 41be03b00d2f7-5cf2d73a183so4922387a12.1 for ; Tue, 09 Apr 2024 19:31:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1712716317; x=1713321117; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HlPZnmbgI1osTC93HPkRH848zgm3O+BOnZN3oq69oh0=; b=RhBMpdHBSMCgij83Cs2UFmtMNeQloXFhW7aAz58ETUvP416Mn4xplkZzzpgF5ndy2O zBTm8ciEzPQ/AKq4SCyQuW8ob+mD9MB6Fj7pWwEuHeV4VvcfvLTZCbwCbxmpfl6CpWND 9NrPmpFUSDoHiBJVcFv822FYVxARwa9avku2c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712716317; x=1713321117; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HlPZnmbgI1osTC93HPkRH848zgm3O+BOnZN3oq69oh0=; b=k/X29Dontegh+RU1ukoitm3Acm679dpteiVm4qOne0DOjfCDDQpFzPuDdKjWU4VOZS 8CLtU02DEmWCCmf5EqdFdi6AkSIxe5XtIAPAcm8oHXRASFLjmIArVH+UlJFekR9gdBnc NaJojyYQCDsqjTUBVg7V1qdCZwcGbldkDL6C33H/AvhtxREG3uLk8i4QHYaNsf5LHqfi dhTWhHpFWIOdk5gjSRW6Q4VAzJ1+MuoEqm79KePHLeEczf7MbMQMCtPCHVRWQZ/7Azhq yx+0erQlwuYppfvAwWjy2J5+9hYEkLdom5KMCLam1VnRyv/VykX+KPZis+OfPXYvDplr 9b6g== X-Forwarded-Encrypted: i=1; AJvYcCVMUNqAsiIUuKWBsx4MazBKcEklerJHwjPi13IrCLvCxM5MsI60BPgmbFGqlqYmLQQyYjPaBgzjH/7QEfDCigoYUZ6Y7AP4aw6hETG3 X-Gm-Message-State: AOJu0Yx/stC+3dWHEdX9Q0X9b6683okpRveioYqv/8rBe5Lk2SbCILB7 CdWJ3PsCgAQkNIFyPDTy3jajhdDcJL9XqlJIeO9fVf6VUP4KEeSKIHU8oOnAiQ== X-Google-Smtp-Source: AGHT+IHfu78WL0uAZuDeq/rlPxqp3NVD2u7O2q3IqroeTJfRqm4Rp6+M6UwBBFdMN6WcRcmEZ3JqtA== X-Received: by 2002:a17:90a:d918:b0:29b:fb23:863e with SMTP id c24-20020a17090ad91800b0029bfb23863emr1952806pjv.17.1712716316789; Tue, 09 Apr 2024 19:31:56 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id y15-20020a17090a1f4f00b002a2b06ce909sm377923pjy.17.2024.04.09.19.31.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 19:31:56 -0700 (PDT) From: Kees Cook To: "Martin K . Petersen" Cc: Kees Cook , Justin Stitt , Sathya Prakash , Sreekanth Reddy , Suganath Prabu Subramani , "James E.J. Bottomley" , MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org, Charles Bertsch , Bart Van Assche , Andy Shevchenko , Kashyap Desai , Sumit Saxena , Nilesh Javali , Andrew Morton , Himanshu Madhani , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, mpi3mr-linuxdrv.pdl@broadcom.com, GR-QLogic-Storage-Upstream@marvell.com Subject: [PATCH 3/5] scsi: mpt3sas: Avoid possible run-time warning with long manufacturer strings Date: Tue, 9 Apr 2024 19:31:52 -0700 Message-Id: <20240410023155.2100422-3-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240410021833.work.750-kees@kernel.org> References: <20240410021833.work.750-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3122; i=keescook@chromium.org; h=from:subject; bh=U04NgByTSLz3ezEZdZ9fh7Nk8N6aKk3aFVSqTRfRHjg=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmFfoaalwyvrfJyK8QIq7jmpi8j+mOqTzMVE7Um sEjOcCl/WSJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZhX6GgAKCRCJcvTf3G3A JmufD/9ZRH3yvaQcFC4/t2XLUlydOVs8JOSZfUGQuJvfCw04zGXkb1ifJ2XBR1NnzlI8BmHEzKa GXMKW0wDvIaC6h9gSbRqVZUIr6BM5BNfW6mDoywzySg0bfALOE7RA0lEYN4SNMRIURimdHR/+x2 RKtaoqzrJRBzhQxoVBmUvM/K/HIoJrGfKjVvq9vz9asbgVPFlUKh2vtmtlF2TGM5dfJ0RvJBlXn RGfNjoCmh6HQieSmaroLtXhKPs301s7PjJzIC4KvxBro1mMf2dksl5wKXtuJGlfo05gwqaNvPVK tBG4Nb71gynpv7I9pzqPi/rviXyauLY5A8firvTXxSoYPbZrrxXDzbtbEpiVsD/7qb8H4lmKnEA PLNDtqVKSZmeDn9tJ0MZEKlP2HC6DcAuCUoKoahUv5d6vcAEc2cJ/rE48qirb9xpivUo+zhRLK3 JymNPRKUukbz45C85+u7NjdSAytO0HLyb2QZa9aVX3epJ25QZwwRNbVroRe/lq8rIYelMGoUR8g d6RpVTr/gVw+h/BYTvSC4kBwIHFEmtBKkeTqvDLc/YFjsdGzJit3yzVjRKTaucTgNn2kgyOPWf8 eoMNopJ9h7NfqQd9yx5LH/58wQl367q0F9kbBZJGKwhEKY1HDeo8Afm+ZyXX9j1Uf77yKOoYixP r8BS5P3p6k2SJtg== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The prior strscpy() replacement of strncpy() here expected the manufacture_reply strings to be NUL-terminated, but it is possible they are not, as the code pattern here shows, e.g., edev->vendor_id being exactly 1 character larger than manufacture_reply->vendor_id, and the replaced strncpy() was copying only up to the size of the source character array. Replace this with memtostr(), which is the unambiguous way to convert a maybe not-NUL-terminated character array into a NUL-terminated string. Fixes: b7e9712a02e8 ("scsi: mpt3sas: Replace deprecated strncpy() with strs= cpy()") Signed-off-by: Kees Cook Reviewed-by: Ewan D. Milne Tested-by: Marco Patalano --- Cc: Justin Stitt Cc: Sathya Prakash Cc: Sreekanth Reddy Cc: Suganath Prabu Subramani Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: MPT-FusionLinux.pdl@broadcom.com Cc: linux-scsi@vger.kernel.org --- drivers/scsi/mpt3sas/mpt3sas_base.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_transport.c | 14 +++++--------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt= 3sas_base.c index 258647fc6bdd..1320e06727df 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_base.c +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c @@ -4774,7 +4774,7 @@ _base_display_ioc_capabilities(struct MPT3SAS_ADAPTER= *ioc) char desc[17] =3D {0}; u32 iounit_pg1_flags; =20 - strscpy(desc, ioc->manu_pg0.ChipName, sizeof(desc)); + memtostr(desc, ioc->manu_pg0.ChipName); ioc_info(ioc, "%s: FWVersion(%02d.%02d.%02d.%02d), ChipRevision(0x%02x)\n= ", desc, (ioc->facts.FWVersion.Word & 0xFF000000) >> 24, diff --git a/drivers/scsi/mpt3sas/mpt3sas_transport.c b/drivers/scsi/mpt3sa= s/mpt3sas_transport.c index 76f9a9177198..d84413b77d84 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_transport.c +++ b/drivers/scsi/mpt3sas/mpt3sas_transport.c @@ -458,17 +458,13 @@ _transport_expander_report_manufacture(struct MPT3SAS= _ADAPTER *ioc, goto out; =20 manufacture_reply =3D data_out + sizeof(struct rep_manu_request); - strscpy(edev->vendor_id, manufacture_reply->vendor_id, - sizeof(edev->vendor_id)); - strscpy(edev->product_id, manufacture_reply->product_id, - sizeof(edev->product_id)); - strscpy(edev->product_rev, manufacture_reply->product_rev, - sizeof(edev->product_rev)); + memtostr(edev->vendor_id, manufacture_reply->vendor_id); + memtostr(edev->product_id, manufacture_reply->product_id); + memtostr(edev->product_rev, manufacture_reply->product_rev); edev->level =3D manufacture_reply->sas_format & 1; if (edev->level) { - strscpy(edev->component_vendor_id, - manufacture_reply->component_vendor_id, - sizeof(edev->component_vendor_id)); + memtostr(edev->component_vendor_id, + manufacture_reply->component_vendor_id); tmp =3D (u8 *)&manufacture_reply->component_id; edev->component_id =3D tmp[0] << 8 | tmp[1]; edev->component_revision_id =3D --=20 2.34.1 From nobody Mon Feb 9 04:30:26 2026 Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 618E3BA41 for ; Wed, 10 Apr 2024 02:32:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716321; cv=none; b=cChQxAn5X8XL5YkmB4WQQVIHWWu5gxt1iQ0AupkPIwBRoyrg2sICwG3iPB4nnSqVf7R6sZpkKZLTyurn+bYj9NSx+AD6SlGwwZmIEreISb6jivvx/cKfuIeDM2ku9newHyj6Ha+bJX6g07Iztqx8GkMq/SKLvXNxLgAt3UEqZpc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716321; c=relaxed/simple; bh=wOiV2yfTENWLRGydHWukSXwdaF1bD6b3ubfyN5UQxMo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=V3BahLKt0Des113WP8AFRDZ6yDbhJ7s3Gwoq5EzsfrqMyIzCEUArJjJwSoA8j2I6vioqRtX99BKKkE/UPaqnYFYO3ZOM4L48B4CwWyYQAwtoQDmt7WQFzUCg4qjmDbtxhrgyHQiiseND6fPaHlmtsbKv1gf3oubzVED5Q+9BMCo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=dlV/75FZ; arc=none smtp.client-ip=209.85.214.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="dlV/75FZ" Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-1e45b9a5c53so18495765ad.3 for ; Tue, 09 Apr 2024 19:32:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1712716320; x=1713321120; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=r6X8WYL7fXMONqNFFELPH+FGxt8D533JimXjm1OqHfE=; b=dlV/75FZDkfL8NtgnkEK3zWH5uTbet9pNBEktSugJ0hvB+cOHj8UwlYWQbHy4s+a2y L/ZgOwkLOozi+tFwj13epg4QQEoSkPuxmnZwQtvXJPUbPz2LBGGOYPTBOFlBQO+Eju2D UJmDWzoSGPH7C1peLHOe2XBI8FvMPdQ0ONrbU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712716320; x=1713321120; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=r6X8WYL7fXMONqNFFELPH+FGxt8D533JimXjm1OqHfE=; b=r2mCPFezELsgeNoJOwzH/pZQAQEBQxRqQAb2FUIshdlVIQmH5S6bIyMM5U/gBzf5NC 6zduI/JgsJXqm3a2hF/bdpZQDLwtYpix9S1jzEV2EsAEWlhZLZII4b1Om5exBzstne3P QkmoHDawflYnyxKRBGds+FrCPSDphLq6NmAYfUGr7tOVvzvp5Kesu+6qjCLYCMPo/r9u UOUdXrp3A44eX9asqYJcJ6F+z5lK8uAToot0X/RihgvjxYh0CB6EiIya+650gJRzMMhW tJFCwc1qcatRvYjyh1Mc4h7VqzDEgp5iLy4N0M5LAPn3S6u5JMIZukIau28NiX0GA7b/ avpA== X-Forwarded-Encrypted: i=1; AJvYcCVIij4bVeSrwfiqYug/OyXAZouke7cflhIlUuZxudiCvGvVjdpbXR061hipW7itqnXCdhCB6paGnixpI2MN4Zp1hW/gBzCWs3zSIAwz X-Gm-Message-State: AOJu0YyQPMe8utUlrFldM4RFDq/3SuZi/atl+StWon1hdjlPp1vdbJCX Qi5epk5z7eDnEzu9/hKII3G3amOEBn9O7w8mIk5C0Kc9p8/DZAnytJhnR4javg== X-Google-Smtp-Source: AGHT+IEJI6UyNneK9SdMEc4oHZG0B61XTOkfsKSOPKOyL7mCh8bSG+wOr83riq+WpD5i+5tSc0uekA== X-Received: by 2002:a17:903:11cd:b0:1e4:b1c7:9a7a with SMTP id q13-20020a17090311cd00b001e4b1c79a7amr2229577plh.22.1712716319727; Tue, 09 Apr 2024 19:31:59 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id c17-20020a170902d49100b001e1071cf0bbsm6453240plg.302.2024.04.09.19.31.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 19:31:58 -0700 (PDT) From: Kees Cook To: "Martin K . Petersen" Cc: Kees Cook , Sreekanth Reddy , Sathya Prakash Veerichetty , Kashyap Desai , Sumit Saxena , "James E.J. Bottomley" , mpi3mr-linuxdrv.pdl@broadcom.com, linux-scsi@vger.kernel.org, Charles Bertsch , Justin Stitt , Bart Van Assche , Andy Shevchenko , Suganath Prabu Subramani , Nilesh Javali , Andrew Morton , Himanshu Madhani , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, MPT-FusionLinux.pdl@broadcom.com, GR-QLogic-Storage-Upstream@marvell.com Subject: [PATCH 4/5] scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings Date: Tue, 9 Apr 2024 19:31:53 -0700 Message-Id: <20240410023155.2100422-4-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240410021833.work.750-kees@kernel.org> References: <20240410021833.work.750-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2372; i=keescook@chromium.org; h=from:subject; bh=wOiV2yfTENWLRGydHWukSXwdaF1bD6b3ubfyN5UQxMo=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmFfoaOu7l1waaK4FQgneueH0+sHylFwmR30Rnw irc5WiWS+mJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZhX6GgAKCRCJcvTf3G3A JuqBD/0aNjp+oEmj3j6I7sA8SUQFNKh6JfV/vEkMWHazs0KZ7epk6NGADFi94OJ4cuV+UpObs33 XdDhWdBGcLn2wHww3mVMp9FJb4wNdQpakLtRGDWqe5TFnSsww/KaDz/Fn/Z5q0AJULeOzZx9g2K vq9x87rN8jftZpBBvwsyJWOWQTqhqKdq1fGs7BD2D1BhG4dODBImgCD+Q+mpsaTB9DvuB3rGFNy gNkf9XgfrExDmJ8NmnbQhinqyc90rjZnIY8WNSR14gXLOdF63G83KE+lEqnVZ8eAfcP1kAHBI2r WPorcRhLLYv2hQm3hT7gX5UJim+X4BzVtKpkfc7mMQu4S0W8OL88MNp0+Ve/36sodn61bOgahYg xpiT9iU5DnOfJagWv0i3oa5uf1LoVx8yqoeffTlzzBH+YWFQBiHeD19ixC+PpOfj+jcaStLV+iY PlTiLmzMtz/L4FYH6Q966l6Qwhq5O8un5Gg+RqFkxBx1y5bP09JMxahmLL/yLykoH4EfklPHVIF C8PHlUG0XRzpQGxqDOLG8gIc8ifaYb0H5oRg9BMMq5ymAaFMsUdKbeB6VBU0hf6/b28hj9bpW02 ZQbNSpbuRCl6IQDnWP0OixUHzM4l7mgT5hjlUuqXsdep0o2Vj56Zw/uFcewnqeXya5cQp1mabaT zBjzfoS88J/NUfA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The prior use of strscpy() here expected the manufacture_reply strings to be NUL-terminated, but it is possible they are not, as the code pattern here shows, e.g., edev->vendor_id being exactly 1 character larger than manufacture_reply->vendor_id, and the strscpy() was copying only up to the size of the source character array. Replace this with memtostr(), which is the unambiguous way to convert a maybe not-NUL-terminated character array into a NUL-terminated string. Fixes: 2bd37e284914 ("scsi: mpi3mr: Add framework to issue MPT transport cm= ds") Signed-off-by: Kees Cook Reviewed-by: Martin K. Petersen --- Cc: Sreekanth Reddy Cc: Sathya Prakash Veerichetty Cc: Kashyap Desai Cc: Sumit Saxena Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: mpi3mr-linuxdrv.pdl@broadcom.com Cc: linux-scsi@vger.kernel.org --- drivers/scsi/mpi3mr/mpi3mr_transport.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr_transport.c b/drivers/scsi/mpi3mr/m= pi3mr_transport.c index dabb91f0f75d..3caceddb864a 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_transport.c +++ b/drivers/scsi/mpi3mr/mpi3mr_transport.c @@ -211,17 +211,13 @@ static int mpi3mr_report_manufacture(struct mpi3mr_io= c *mrioc, goto out; } =20 - strscpy(edev->vendor_id, manufacture_reply->vendor_id, - SAS_EXPANDER_VENDOR_ID_LEN); - strscpy(edev->product_id, manufacture_reply->product_id, - SAS_EXPANDER_PRODUCT_ID_LEN); - strscpy(edev->product_rev, manufacture_reply->product_rev, - SAS_EXPANDER_PRODUCT_REV_LEN); + memtostr(edev->vendor_id, manufacture_reply->vendor_id); + memtostr(edev->product_id, manufacture_reply->product_id); + memtostr(edev->product_rev, manufacture_reply->product_rev); edev->level =3D manufacture_reply->sas_format & 1; if (edev->level) { - strscpy(edev->component_vendor_id, - manufacture_reply->component_vendor_id, - SAS_EXPANDER_COMPONENT_VENDOR_ID_LEN); + memtostr(edev->component_vendor_id, + manufacture_reply->component_vendor_id); tmp =3D (u8 *)&manufacture_reply->component_id; edev->component_id =3D tmp[0] << 8 | tmp[1]; edev->component_revision_id =3D --=20 2.34.1 From nobody Mon Feb 9 04:30:26 2026 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B0437BE65 for ; Wed, 10 Apr 2024 02:32:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716322; cv=none; b=tAArxVW4FsPloXN1Eo55qdy/kswhJb2NZLlr35q7k//j0dS1I9wvAwg9sHElXW0pXcWWTdbt798X4JVjMCjgrju8VXnoFGZheFgmOUyeleORltOl2b5WXe3o9GP5gjT+dg6tk+6F+nAAYV0guAvcLtBD7o1tBvV4VAH1e/7J904= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712716322; c=relaxed/simple; bh=YjgtW4O6D2pXnUbiSWCX6yFlJl3/FlPx89ObJDsmd4s=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=oUuyuF+rrcaMGij1Vzk3uoqym9zRsm25cJKd0nQKPk5iHE4BLu4OqJw861ez7nqgPC9iGkVRa1dQQ+cgpW01UUDidsJZC7F4TvYFPeFNlGVbt5oRmvjRQs0uFv4zGKq+46Mxa0m3tB76KTxG+y48doWru2W3t7BUhzP+MLUMalY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=fjU7UDT3; arc=none smtp.client-ip=209.85.214.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="fjU7UDT3" Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1e455b630acso13654975ad.1 for ; Tue, 09 Apr 2024 19:32:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1712716320; x=1713321120; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0KD7JtgThpycUE0Aoq39Xz82TRgRPhpFUOyCtv6+6to=; b=fjU7UDT3MoWobcYGAgSKElcFxd34Vf0Pvi0Em5Uq9q0giX/FL1fw5F4KXEJt+abLlo 5ZDn47jZzpL10MEQmnz8BFiu08y2Xn5vdH/1HvU7Myo9StvcomJvaahHSGrOij2O0nRI vIl+xK9pNWKBXMmCdmiPHTJyRloA/JEGcCLHk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712716320; x=1713321120; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0KD7JtgThpycUE0Aoq39Xz82TRgRPhpFUOyCtv6+6to=; b=lD495CvhKxZVNQBovZ0rbGDFTq2+jsfekK7YdBNfuM3hWtdZeaBHfnvcsG1ylQyimu V6fnb4GjnQs+9p6KaYY3rfO8ZNbyRdl1WyNp6SEeI4hTJM0hyQ3q9BjEt8kXGsfAfRcQ sGEGp6Hk51Ky9AVnq2UYfUp3mKFa+MTViJg+6xtk3bESjOIfAQF1ZBU7tz3Y+rCM71fz 1R8BsbblM06Tkg7cZCzgk6p3WKQfc8SxYb25PpjEvyw9xpzYu9EaCkWT2mx7yadKe3Pg 7oBOOMP3cK5/v8U1ogMIGwbMdq7CWUuXuJBqbyoKdSDKeR5pWtVVr6RBcAGeOeO9yJzZ K16w== X-Forwarded-Encrypted: i=1; AJvYcCVO5W0NE5qoo4nYMnpuXXMAmxEQK402TF5pEKImTzhR057G7qZ+cfiOIOgbnHSuBFjGQG3eSstpgmxoUFFHTYwzEVdN0tIpse5sQMLQ X-Gm-Message-State: AOJu0YxZ3UHUVa1uDwOi5KtJsPW5DwXEcRDI9+Ug6s2iS7W6WRP7l7B/ /EOiZ8B4E+2t0luTP05DlmhNMkreBy+Lbtm9VJjwpRqL+OjD2+B4XAHTiGQnbA== X-Google-Smtp-Source: AGHT+IGK5+IVt9ffYwPxvjBBeO6J4R3cyKBA+dTzAWvukG+Y4c/pPGLemMX+MoytVkvXxRVdvhZjGQ== X-Received: by 2002:a17:902:c40b:b0:1e3:cce4:bfe8 with SMTP id k11-20020a170902c40b00b001e3cce4bfe8mr1604177plk.65.1712716320011; Tue, 09 Apr 2024 19:32:00 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id l9-20020a170903120900b001e469386fddsm3402718plh.40.2024.04.09.19.31.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 19:31:58 -0700 (PDT) From: Kees Cook To: "Martin K . Petersen" Cc: Kees Cook , Bart Van Assche , Nilesh Javali , GR-QLogic-Storage-Upstream@marvell.com, "James E.J. Bottomley" , linux-scsi@vger.kernel.org, Charles Bertsch , Justin Stitt , Andy Shevchenko , Sathya Prakash , Sreekanth Reddy , Suganath Prabu Subramani , Kashyap Desai , Sumit Saxena , Andrew Morton , Himanshu Madhani , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, MPT-FusionLinux.pdl@broadcom.com, mpi3mr-linuxdrv.pdl@broadcom.com Subject: [PATCH 5/5] scsi: qla2xxx: Avoid possible run-time warning with long model_num Date: Tue, 9 Apr 2024 19:31:54 -0700 Message-Id: <20240410023155.2100422-5-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240410021833.work.750-kees@kernel.org> References: <20240410021833.work.750-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1992; i=keescook@chromium.org; h=from:subject; bh=YjgtW4O6D2pXnUbiSWCX6yFlJl3/FlPx89ObJDsmd4s=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmFfoafjIE7L1Xkdq4ShmgZE4CB2Na7WaiwJOSS I9Jcsw3XHuJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZhX6GgAKCRCJcvTf3G3A JhtmD/9shMgZv7rVK+0Mwdq8ecrDZWaUePVJYR1eQqMEaRcD2YKHpUX3PXy0NKn0/DijSgeXsoF PYlUwU+BXXwfykEox5jZsEjNMxNDr3rnSxW8OaaSRQK+ZC9iawBZlCM257vLD9I35JGr88LnN34 ER1rAXVQaFRhM/6FD6zDgQmp37vJwZtGJcODZV2g17MQXMSCEyFKrrNWw5YDjG64WofATwOS+HI aThrvEabIPgDEG9i9IsnprEz9GuQnMes9MM+OzmeDxjL8Xc99JO2Fs0L9WN6Tj5KmUPTKCBlf+U WS3qDIbVz3GTzLs14JNnm0vZIR3knFZwaNXE4y6XddzWFf2TBGsZ9wQY1vyWJsEu/V1ysb65/LG RU6RyNmr5XUGOMKBUqGHqas+GBA854pMpyue5ny8qiRW+ZIVwDWj662+w0C4CCwSHwq24fAgCll 1rlUTo1TXclEKPELVV3nYd7+ArsRzpl+BuHP8c92XGuZTQ7r4xwEo5YK3w4XpkPQbItCCc0hjF6 jj992WUyLhiTMhPv5zcMEJWCDjcLpbFWhKDyOlrfXKWt8OZSZUImTG44ACawfksi4j7CphlfT3T VcYuCjQ7gmoYkYytfyB3KJW4TsuGHSrIWRT+8EbTlWys+nRFuCoqHnWpYPof+NikrvnggJQQF8H kXcrrYQNc/4FBwA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The prior strlcpy() replacement of strncpy() here (which was later replaced with strscpy()) expected pinfo->model_num (and pinfo->model_description) to be NUL-terminated, but it is possible it was not, as the code pattern here shows vha->hw->model_number (and vha->hw->model_desc) being exactly 1 character larger, and the replaced strncpy() was copying only up to the size of the source character array. Replace this with memtostr(), which is the unambiguous way to convert a maybe not-NUL-terminated character array into a NUL-terminated string. Fixes: 527e9b704c3d ("scsi: qla2xxx: Use memcpy() and strlcpy() instead of = strcpy() and strncpy()") Signed-off-by: Kees Cook Reviewed-by: Martin K. Petersen --- Cc: Bart Van Assche Cc: Nilesh Javali Cc: GR-QLogic-Storage-Upstream@marvell.com Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-scsi@vger.kernel.org --- drivers/scsi/qla2xxx/qla_mr.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/qla2xxx/qla_mr.c b/drivers/scsi/qla2xxx/qla_mr.c index 083f94e43fba..82a7e21ddc83 100644 --- a/drivers/scsi/qla2xxx/qla_mr.c +++ b/drivers/scsi/qla2xxx/qla_mr.c @@ -1909,10 +1909,8 @@ qlafx00_fx_disc(scsi_qla_host_t *vha, fc_port_t *fcp= ort, uint16_t fx_type) if (fx_type =3D=3D FXDISC_GET_CONFIG_INFO) { struct config_info_data *pinfo =3D (struct config_info_data *) fdisc->u.fxiocb.rsp_addr; - strscpy(vha->hw->model_number, pinfo->model_num, - ARRAY_SIZE(vha->hw->model_number)); - strscpy(vha->hw->model_desc, pinfo->model_description, - ARRAY_SIZE(vha->hw->model_desc)); + memtostr(vha->hw->model_number, pinfo->model_num); + memtostr(vha->hw->model_desc, pinfo->model_description); memcpy(&vha->hw->mr.symbolic_name, pinfo->symbolic_name, sizeof(vha->hw->mr.symbolic_name)); memcpy(&vha->hw->mr.serial_num, pinfo->serial_num, --=20 2.34.1