> I checked the cases you've found, and all them clearly abuse
> copy_from_user(). For example, #2 in tlbflush_write_file():
>
> if (copy_from_user(buf, user_buf, len))
> return -EFAULT;
>
> buf[len] = '\0';
> if (kstrtoint(buf, 0, &ceiling))
> return -EINVAL;
>
> should be:
>
> len = strncpy_from_user(buf, user_buf, len);
> if (len < 0)
> return len;
>
> ret = kstrtoint(buf, 0, &ceiling);
> if (ret)
> return ret;
>
> See, if you use the right API, you don't need this weird
> copy_from_user_nul(). Also notice how nice the original version hides
> possible ERANGE in kstrtoint().
>
> Patches #3-5 in the series again copy strings with raw non-string API,
> so should be converted to some flavor of strcpy().
>
> #6 patches lib/kstrtox, which makes little sense because the whole
> purpose of that library is to handle raw pieces of memory as valid
> C strings. One would expect such patterns in library code, and I'd
> prefer having them explicit.
>
> I find copy_{from,to}_user_nul() useful for objects that must be
> null-terminated, and may have \0 somewhere in the middle. Those are
> not C strings. I suspect this isn't a popular format across the kernel.
>
> On the other hand, adding the _nul() version of copy_from_user() would
> make an API abuse like above simpler, which is a bad thing.
>
> Can you drop copy_from_user_nul() and submit a series that switches
> string manipulations to the dedicated string functions?
OK, I find some misuse of strncpy_from_user() + kstrtoXXX(). I will fix
them.
Regarding patches #3-5, as Steven mentioned, I believe we might need a
strscpy_from_user() for these cases that copy a non-NUL-terminated string
from userspace?
---
Regards,
WANG
> Thanks,
> Yury
