• Andrey Ryabinin's avatar
    lib/strscpy: Shut up KASAN false-positives in strscpy() · 1a3241ff
    Andrey Ryabinin authored
    strscpy() performs the word-at-a-time optimistic reads.  So it may may
    access the memory past the end of the object, which is perfectly fine
    since strscpy() doesn't use that (past-the-end) data and makes sure the
    optimistic read won't cross a page boundary.
    
    Use new read_word_at_a_time() to shut up the KASAN.
    
    Note that this potentially could hide some bugs.  In example bellow,
    stscpy() will copy more than we should (1-3 extra uninitialized bytes):
    
            char dst[8];
            char *src;
    
            src = kmalloc(5, GFP_KERNEL);
            memset(src, 0xff, 5);
            strscpy(dst, src, 8);
    Signed-off-by: 's avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
    Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
    1a3241ff
string.c 22.3 KB