With static analisys tools we found that strncpy() is used in rpmsg. This function is not safe and can lead to buffer overflow. This patchset replaces strncpy() with strscpy_pad().
This patchset backports the following commit from v5.16: commit 766279a8f85d ("rpmsg: qcom: glink: replace strncpy() with strscpy_pad()")
Link: https://lore.kernel.org/all/20220519073330.7187-1-krzysztof.kozlowski@linaro...
Found by Linux Verification Center (linuxtesting.org) with SVACE.
The use of strncpy() is considered deprecated for NULL-terminated strings[1]. Replace strncpy() with strscpy_pad(), to keep existing pad-behavior of strncpy, strncpy was found on line 1424 of /drivers/rpmsg/qcom_glink_native.c.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Andrew Chernyakov acherniakov@astralinux.ru --- drivers/rpmsg/qcom_glink_native.c | 2 +- drivers/rpmsg/qcom_smd.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c index 4840886532ff..66a63b205744 100644 --- a/drivers/rpmsg/qcom_glink_native.c +++ b/drivers/rpmsg/qcom_glink_native.c @@ -1424,7 +1424,7 @@ static int qcom_glink_rx_open(struct qcom_glink *glink, unsigned int rcid, }
rpdev->ept = &channel->ept; - strncpy(rpdev->id.name, name, RPMSG_NAME_SIZE); + strscpy_pad(rpdev->id.name, name, RPMSG_NAME_SIZE); rpdev->src = RPMSG_ADDR_ANY; rpdev->dst = RPMSG_ADDR_ANY; rpdev->ops = &glink_device_ops; diff --git a/drivers/rpmsg/qcom_smd.c b/drivers/rpmsg/qcom_smd.c index 0b1e853d8c91..b5167ef93abf 100644 --- a/drivers/rpmsg/qcom_smd.c +++ b/drivers/rpmsg/qcom_smd.c @@ -1073,7 +1073,7 @@ static int qcom_smd_create_device(struct qcom_smd_channel *channel)
/* Assign public information to the rpmsg_device */ rpdev = &qsdev->rpdev; - strncpy(rpdev->id.name, channel->name, RPMSG_NAME_SIZE); + strscpy_pad(rpdev->id.name, channel->name, RPMSG_NAME_SIZE); rpdev->src = RPMSG_ADDR_ANY; rpdev->dst = RPMSG_ADDR_ANY;
@@ -1304,7 +1304,7 @@ static void qcom_channel_state_worker(struct work_struct *work)
spin_unlock_irqrestore(&edge->channels_lock, flags);
- strncpy(chinfo.name, channel->name, sizeof(chinfo.name)); + strscpy_pad(chinfo.name, channel->name, sizeof(chinfo.name)); chinfo.src = RPMSG_ADDR_ANY; chinfo.dst = RPMSG_ADDR_ANY; rpmsg_unregister_device(&edge->dev, &chinfo);
Hi,
Thanks for your patch.
FYI: kernel test robot notices the stable kernel rule is not satisfied.
Rule: 'Cc: stable@vger.kernel.org' or 'commit <sha1> upstream.' Subject: [PATCH 5.10 1/1] Backport of rpmsg: qcom: glink: replace strncpy() with strscpy_pad() Link: https://lore.kernel.org/stable/20221007104120.75208-2-acherniakov%40astralin...
The check is based on https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
Dear Andrew,
For backporting patches you should follow the following pattern:
--------------------------------------------- Subject: [PATCH 5.10 1/1] {ORIGINAL COMMIT SUBJECT}
From: {ORIGINAL AUTHOR EMAIL}
commit {ORIGINAL COMMIT HASH} upstream.
{ORIGINAL COMMIT TEXT INCLUDING ALL SIGGNED_OFF}
Signed-off-by: {YOUR EMAIL} --- {ORIGINAL PATCH} ---------------------------------------------
e.g. --------------------------------------------- Subject: [PATCH 5.10 1/1] rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
From: Krzysztof Kozlowski krzysztof.kozlowski@linaro.org
commit 766279a8f85df32345dbda03b102ca1ee3d5ddea upstream.
The use of strncpy() is considered deprecated for NUL-terminated strings[1]. Replace strncpy() with strscpy_pad(), to keep existing pad-behavior of strncpy, similarly to commit 08de420a8014 ("rpmsg: glink: Replace strncpy() with strscpy_pad()"). This fixes W=1 warning:
In function ‘qcom_glink_rx_close’, inlined from ‘qcom_glink_work’ at ../drivers/rpmsg/qcom_glink_native.c:1638:4: drivers/rpmsg/qcom_glink_native.c:1549:17: warning: ‘strncpy’ specified bound 32 equals destination size [-Wstringop-truncation] 1549 | strncpy(chinfo.name, channel->name, sizeof(chinfo.name));
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nu...
Signed-off-by: Krzysztof Kozlowski krzysztof.kozlowski@linaro.org Reviewed-by: Stephen Boyd sboyd@kernel.org Signed-off-by: Bjorn Andersson bjorn.andersson@linaro.org Link: https://lore.kernel.org/r/20220519073330.7187-1-krzysztof.kozlowski@linaro.o...
Signed-off-by: Andrew Chernyakov acherniakov@astralinux.ru --- ..... ---------------------------------------------
Please update the patch according the requirements and resend.
Thank you, Alexey
On 07.10.2022 13:41, Andrew Chernyakov wrote:
The use of strncpy() is considered deprecated for NULL-terminated strings[1]. Replace strncpy() with strscpy_pad(), to keep existing pad-behavior of strncpy, strncpy was found on line 1424 of /drivers/rpmsg/qcom_glink_native.c.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Andrew Chernyakov acherniakov@astralinux.ru
drivers/rpmsg/qcom_glink_native.c | 2 +- drivers/rpmsg/qcom_smd.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c index 4840886532ff..66a63b205744 100644 --- a/drivers/rpmsg/qcom_glink_native.c +++ b/drivers/rpmsg/qcom_glink_native.c @@ -1424,7 +1424,7 @@ static int qcom_glink_rx_open(struct qcom_glink *glink, unsigned int rcid, } rpdev->ept = &channel->ept;
strncpy(rpdev->id.name, name, RPMSG_NAME_SIZE);
strscpy_pad(rpdev->id.name, name, RPMSG_NAME_SIZE);diff --git a/drivers/rpmsg/qcom_smd.c b/drivers/rpmsg/qcom_smd.c index 0b1e853d8c91..b5167ef93abf 100644 --- a/drivers/rpmsg/qcom_smd.c +++ b/drivers/rpmsg/qcom_smd.c @@ -1073,7 +1073,7 @@ static int qcom_smd_create_device(struct qcom_smd_channel *channel) /* Assign public information to the rpmsg_device */ rpdev = &qsdev->rpdev;
- strncpy(rpdev->id.name, channel->name, RPMSG_NAME_SIZE);
- strscpy_pad(rpdev->id.name, channel->name, RPMSG_NAME_SIZE); rpdev->src = RPMSG_ADDR_ANY; rpdev->dst = RPMSG_ADDR_ANY;
@@ -1304,7 +1304,7 @@ static void qcom_channel_state_worker(struct work_struct *work) spin_unlock_irqrestore(&edge->channels_lock, flags);
strncpy(chinfo.name, channel->name, sizeof(chinfo.name));
strscpy_pad(chinfo.name, channel->name, sizeof(chinfo.name));
On 07/10/2022 12:41, Andrew Chernyakov wrote:
The use of strncpy() is considered deprecated for NULL-terminated strings[1]. Replace strncpy() with strscpy_pad(), to keep existing pad-behavior of strncpy, strncpy was found on line 1424 of /drivers/rpmsg/qcom_glink_native.c.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Andrew Chernyakov acherniakov@astralinux.ru
This is not a correct backport. You lost entire information about original patch and its history. You even dropped my authorship. The certificate of origin chain is broken and not correct.
You must follow the process of backporting of patches:
https://elixir.bootlin.com/linux/v5.19.14/source/Documentation/process/submi...
Best regards, Krzysztof
linux-stable-mirror@lists.linaro.org
-
Alexey Khoroshilov -
Andrew Chernyakov -
kernel test robot -
Krzysztof Kozlowski