On Tue, Dec 12, 2017 at 8:06 AM, Andrey Ryabinin
<[email protected]> wrote:
>
> See for yourself, strscpy() is the only sting function doing this.
No, strnlen_user() definitely does too.
It's just that KASAN doesn't track user pointers.
And the important strlen() in the kernel is the pathname hashing code,
which *definitely* accesses outside the source, but since it can
actually traverse to another page we have that one annotated too (with
load_unaligned_zeropad()).
So no, strscpy() isn't the only one doing it, it is just the only one
that KASAN catches.
Linus
