tracing: Replace all non-returning strlcpy with strscpy

azeemshaikh38 · kees · commit c7dce4c5d9f6 · 2023-05-26T13:52:19.000-07:00
strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated [1]. In an effort to remove strlcpy() completely [2], replace strlcpy() here with strscpy(). No return values were used, so direct replacement with strlcpy is safe. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [2] KSPP#89 Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20230516143956.1367827-1-azeemshaikh38@gmail.com
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
@@ -196,7 +196,7 @@ static int boot_snapshot_index;
 
 static int __init set_cmdline_ftrace(char *str)
 {
-	strlcpy(bootup_tracer_buf, str, MAX_TRACER_SIZE);
+	strscpy(bootup_tracer_buf, str, MAX_TRACER_SIZE);
 	default_bootup_tracer = bootup_tracer_buf;
 	/* We are using ftrace early, expand it */
 	ring_buffer_expanded = true;
@@ -281,7 +281,7 @@ static char trace_boot_options_buf[MAX_TRACER_SIZE] __initdata;
 
 static int __init set_trace_boot_options(char *str)
 {
-	strlcpy(trace_boot_options_buf, str, MAX_TRACER_SIZE);
+	strscpy(trace_boot_options_buf, str, MAX_TRACER_SIZE);
 	return 1;
 }
 __setup("trace_options=", set_trace_boot_options);
@@ -291,7 +291,7 @@ static char *trace_boot_clock __initdata;
 
 static int __init set_trace_boot_clock(char *str)
 {
-	strlcpy(trace_boot_clock_buf, str, MAX_TRACER_SIZE);
+	strscpy(trace_boot_clock_buf, str, MAX_TRACER_SIZE);
 	trace_boot_clock = trace_boot_clock_buf;
 	return 1;
 }
@@ -2521,7 +2521,7 @@ static void __trace_find_cmdline(int pid, char comm[])
 	if (map != NO_CMDLINE_MAP) {
 		tpid = savedcmd->map_cmdline_to_pid[map];
 		if (tpid == pid) {
-			strlcpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN);
+			strscpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN);
 			return;
 		}
 	}
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
@@ -2831,7 +2831,7 @@ static __init int setup_trace_triggers(char *str)
 	char *buf;
 	int i;
 
-	strlcpy(bootup_trigger_buf, str, COMMAND_LINE_SIZE);
+	strscpy(bootup_trigger_buf, str, COMMAND_LINE_SIZE);
 	ring_buffer_expanded = true;
 	disable_tracing_selftest("running event triggers");
 
@@ -3621,7 +3621,7 @@ static char bootup_event_buf[COMMAND_LINE_SIZE] __initdata;
 
 static __init int setup_trace_event(char *str)
 {
-	strlcpy(bootup_event_buf, str, COMMAND_LINE_SIZE);
+	strscpy(bootup_event_buf, str, COMMAND_LINE_SIZE);
 	ring_buffer_expanded = true;
 	disable_tracing_selftest("running event tracing");
 
diff --git a/kernel/trace/trace_events_inject.c b/kernel/trace/trace_events_inject.c
@@ -217,7 +217,7 @@ static int parse_entry(char *str, struct trace_event_call *call, void **pentry)
 			char *addr = (char *)(unsigned long) val;
 
 			if (field->filter_type == FILTER_STATIC_STRING) {
-				strlcpy(entry + field->offset, addr, field->size);
+				strscpy(entry + field->offset, addr, field->size);
 			} else if (field->filter_type == FILTER_DYN_STRING ||
 				   field->filter_type == FILTER_RDYN_STRING) {
 				int str_len = strlen(addr) + 1;
@@ -232,7 +232,7 @@ static int parse_entry(char *str, struct trace_event_call *call, void **pentry)
 				}
 				entry = *pentry;
 
-				strlcpy(entry + (entry_size - str_len), addr, str_len);
+				strscpy(entry + (entry_size - str_len), addr, str_len);
 				str_item = (u32 *)(entry + field->offset);
 				if (field->filter_type == FILTER_RDYN_STRING)
 					str_loc -= field->offset + field->size;
diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
@@ -30,7 +30,7 @@ static char kprobe_boot_events_buf[COMMAND_LINE_SIZE] __initdata;
 
 static int __init set_kprobe_boot_events(char *str)
 {
-	strlcpy(kprobe_boot_events_buf, str, COMMAND_LINE_SIZE);
+	strscpy(kprobe_boot_events_buf, str, COMMAND_LINE_SIZE);
 	disable_tracing_selftest("running kprobe events");
 
 	return 1;
diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
@@ -254,7 +254,7 @@ int traceprobe_parse_event_name(const char **pevent, const char **pgroup,
 			trace_probe_log_err(offset, GROUP_TOO_LONG);
 			return -EINVAL;
 		}
-		strlcpy(buf, event, slash - event + 1);
+		strscpy(buf, event, slash - event + 1);
 		if (!is_good_system_name(buf)) {
 			trace_probe_log_err(offset, BAD_GROUP_NAME);
 			return -EINVAL;

Original file line number	Diff line number	Diff line change
`@@ -196,7 +196,7 @@ static int boot_snapshot_index;`
`196`	`196`
`197`	`197`	`static int __init set_cmdline_ftrace(char *str)`
`198`	`198`	`{`
`199`		`- strlcpy(bootup_tracer_buf, str, MAX_TRACER_SIZE);`
	`199`	`+ strscpy(bootup_tracer_buf, str, MAX_TRACER_SIZE);`
`200`	`200`	`default_bootup_tracer = bootup_tracer_buf;`
`201`	`201`	`/* We are using ftrace early, expand it */`
`202`	`202`	`ring_buffer_expanded = true;`
`@@ -281,7 +281,7 @@ static char trace_boot_options_buf[MAX_TRACER_SIZE] __initdata;`
`281`	`281`
`282`	`282`	`static int __init set_trace_boot_options(char *str)`
`283`	`283`	`{`
`284`		`- strlcpy(trace_boot_options_buf, str, MAX_TRACER_SIZE);`
	`284`	`+ strscpy(trace_boot_options_buf, str, MAX_TRACER_SIZE);`
`285`	`285`	`return 1;`
`286`	`286`	`}`
`287`	`287`	`__setup("trace_options=", set_trace_boot_options);`
`@@ -291,7 +291,7 @@ static char *trace_boot_clock __initdata;`
`291`	`291`
`292`	`292`	`static int __init set_trace_boot_clock(char *str)`
`293`	`293`	`{`
`294`		`- strlcpy(trace_boot_clock_buf, str, MAX_TRACER_SIZE);`
	`294`	`+ strscpy(trace_boot_clock_buf, str, MAX_TRACER_SIZE);`
`295`	`295`	`trace_boot_clock = trace_boot_clock_buf;`
`296`	`296`	`return 1;`
`297`	`297`	`}`
`@@ -2521,7 +2521,7 @@ static void __trace_find_cmdline(int pid, char comm[])`
`2521`	`2521`	`if (map != NO_CMDLINE_MAP) {`
`2522`	`2522`	`tpid = savedcmd->map_cmdline_to_pid[map];`
`2523`	`2523`	`if (tpid == pid) {`
`2524`		`- strlcpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN);`
	`2524`	`+ strscpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN);`
`2525`	`2525`	`return;`
`2526`	`2526`	`}`
`2527`	`2527`	`}`
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ static char kprobe_boot_events_buf[COMMAND_LINE_SIZE] __initdata;`
`30`	`30`
`31`	`31`	`static int __init set_kprobe_boot_events(char *str)`
`32`	`32`	`{`
`33`		`- strlcpy(kprobe_boot_events_buf, str, COMMAND_LINE_SIZE);`
	`33`	`+ strscpy(kprobe_boot_events_buf, str, COMMAND_LINE_SIZE);`
`34`	`34`	`disable_tracing_selftest("running kprobe events");`
`35`	`35`
`36`	`36`	`return 1;`
Original file line number	Diff line number	Diff line change
`@@ -254,7 +254,7 @@ int traceprobe_parse_event_name(const char pevent, const char pgroup,`
`254`	`254`	`trace_probe_log_err(offset, GROUP_TOO_LONG);`
`255`	`255`	`return -EINVAL;`
`256`	`256`	`}`
`257`		`- strlcpy(buf, event, slash - event + 1);`
	`257`	`+ strscpy(buf, event, slash - event + 1);`
`258`	`258`	`if (!is_good_system_name(buf)) {`
`259`	`259`	`trace_probe_log_err(offset, BAD_GROUP_NAME);`
`260`	`260`	`return -EINVAL;`