Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.16.67 2018-11-20T18:05:41Z 2018-11-20T18:05:41Z Ben Hutchings ben@decadent.org.uk 2018-11-07T20:57:03Z urn:sha1:aa727d5b1c8d03f747fb6630b57fa286654b5b2a This was done as part of commit 08a77676f9c5 upstream, from which the following description is taken: > strlcpy() is worse than strlcpy() because it unconditionally runs > strlen() on the source string, and the only reason we switched to > strlcpy() here was because it was lacking __must_check, which doesn't > reflect any material differences between the two function. It's just > that someone added __must_check to strscpy() and not to strlcpy(). > > These basic string copy operations are used in variety of ways, and > one of not-so-uncommon use cases is safely handling truncated copies, > where the caller naturally doesn't care about the return value. The > __must_check doesn't match the actual use cases and forces users to > opt for inferior variants which lack __must_check by happenstance or > spread ugly (void) casts. Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 2018-10-21T07:46:12Z Chris Metcalf cmetcalf@ezchip.com 2015-04-29T16:52:04Z urn:sha1:a648dc92acd6187bcf76fa3afeceabd762cf5df1 commit 30035e45753b708e7d47a98398500ca005e02b86 upstream. The strscpy() API is intended to be used instead of strlcpy(), and instead of most uses of strncpy(). - Unlike strlcpy(), it doesn't read from memory beyond (src + size). - Unlike strlcpy() or strncpy(), the API provides an easy way to check for destination buffer overflow: an -E2BIG error return value. - The provided implementation is robust in the face of the source buffer being asynchronously changed during the copy, unlike the current implementation of strlcpy(). - Unlike strncpy(), the destination buffer will be NUL-terminated if the string in the source buffer is too long. - Also unlike strncpy(), the destination buffer will not be updated beyond the NUL termination, avoiding strncpy's behavior of zeroing the entire tail end of the destination buffer. (A memset() after the strscpy() can be used if this behavior is desired.) - The implementation should be reasonably performant on all platforms since it uses the asm/word-at-a-time.h API rather than simple byte copy. Kernel-to-kernel string copy is not considered to be performance critical in any case. Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com> [bwh: Backported to 3.16: adjust context] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 2014-11-05T11:43:08Z Daniel Borkmann dborkman@redhat.com 2014-08-27T03:16:35Z urn:sha1:eb622aa247403320d572f652e6807d2e926c3b39 commit d4c5efdb97773f59a2b711754ca0953f24516739 upstream. zatimend has reported that in his environment (3.16/gcc4.8.3/corei7) memset() calls which clear out sensitive data in extract_{buf,entropy, entropy_user}() in random driver are being optimized away by gcc. Add a helper memzero_explicit() (similarly as explicit_bzero() variants) that can be used in such cases where a variable with sensitive data is being cleared out in the end. Other use cases might also be in crypto code. [ I have put this into lib/string.c though, as it's always built-in and doesn't need any dependencies then. ] Fixes kernel bugzilla: 82041 Reported-by: zatimend@hotmail.co.uk Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> [ kamal: backport to 3.13-stable: one more memzero_explicit in extract_buf() ] Signed-off-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Luis Henriques <luis.henriques@canonical.com> 2014-05-23T02:23:27Z Grant Likely grant.likely@linaro.org 2014-03-14T17:00:14Z urn:sha1:11d200e95f3e84c1102e4cc9863a3614fd41f3ad The strchrnul() variant helpfully returns a the end of the string instead of a NULL if the requested character is not found. This can simplify string parsing code since it doesn't need to expicitly check for a NULL return. If a valid string pointer is passed in, then a valid null terminated string will always come back out. Signed-off-by: Grant Likely <grant.likely@linaro.org> 2012-12-18T01:15:17Z Andy Shevchenko andriy.shevchenko@linux.intel.com 2012-12-18T00:01:18Z urn:sha1:b18888ab256f05626193be955a7a03f01d676f8c There are several places in the kernel that use functionality like basename(3) with the exception: in case of '/foo/bar/' we expect to get an empty string. Let's do it common helper for them. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Jason Baron <jbaron@redhat.com> Cc: YAMANE Toshiaki <yamanetoshi@gmail.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Frederic Weisbecker <fweisbec@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2012-10-13T09:46:48Z David Howells dhowells@redhat.com 2012-10-13T09:46:48Z urn:sha1:607ca46e97a1b6594b29647d98a32d545c24bdff Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Michael Kerrisk <mtk.manpages@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dave Jones <davej@redhat.com> 2012-08-21T23:45:03Z WANG Cong xiyou.wangcong@gmail.com 2012-08-21T23:16:00Z urn:sha1:c3a5ce0416b6c172a23bc8a3760d8704d3d1535b Fix the following warning: usr/include/linux/string.h:8: userspace cannot reference function or variable defined in the kernel Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com> Acked-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2012-07-31T00:25:16Z Akinobu Mita akinobu.mita@gmail.com 2012-07-30T21:40:55Z urn:sha1:639b9e34f15e4b2c30068a4e4485586af0cdf709 memweight() is the function that counts the total number of bits set in memory area. Unlike bitmap_weight(), memweight() takes pointer and size in bytes to specify a memory area which does not need to be aligned to long-word boundary. [akpm@linux-foundation.org: rename `w' to `ret'] Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Cc: Anders Larsen <al@alarsen.net> Cc: Alasdair Kergon <agk@redhat.com> Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Cc: Mark Fasheh <mfasheh@suse.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Jan Kara <jack@suse.cz> Cc: Andreas Dilger <adilger.kernel@dilger.ca> Cc: "Theodore Ts'o" <tytso@mit.edu> Cc: Matthew Wilcox <matthew@wil.cx> Cc: Mauro Carvalho Chehab <mchehab@infradead.org> Cc: Tony Luck <tony.luck@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-11-01T00:30:47Z Akinobu Mita akinobu.mita@gmail.com 2011-11-01T00:08:07Z urn:sha1:798248206b59acc6e1238c778281419c041891a7 memchr_inv() is mainly used to check whether the whole buffer is filled with just a specified byte. The function name and prototype are stolen from logfs and the implementation is from SLUB. Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Acked-by: Christoph Lameter <cl@linux-foundation.org> Acked-by: Pekka Enberg <penberg@kernel.org> Cc: Matt Mackall <mpm@selenic.com> Acked-by: Joern Engel <joern@logfs.org> Cc: Marcin Slusarz <marcin.slusarz@gmail.com> Cc: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-05-19T07:25:28Z Jonathan Cameron jic23@cam.ac.uk 2011-04-19T11:43:45Z urn:sha1:d0f1fed29e6e73d9d17f4c91a5896a4ce3938d45 This is a rename of the usr_strtobool proposal, which was a renamed, relocated and fixed version of previous kstrtobool RFC Signed-off-by: Jonathan Cameron <jic23@cam.ac.uk> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>