fortify: Short-circuit known-safe calls to strscpy()

Replacing compile-time safe calls of strcpy()-related functions with strscpy() was always calling the full strscpy() logic when a builtin would be better. For example: char buf[16]; strcpy(buf, "yes"); would reduce to __builtin_memcpy(buf, "yes", 4), but not if it was: strscpy(buf, yes, sizeof(buf)); Fix this by checking if all sizes are known at compile-time. Cc: linux-hardening@vger.kernel.org Tested-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org>
author: Kees Cook <keescook@chromium.org> 2022-10-02 09:17:03 -0700
committer: Kees Cook <keescook@chromium.org> 2022-11-01 10:04:52 -0700
commit: 62e1cbfc5d795381a0f237ae7ee229a92d51cf9e (patch)
tree: cf730cfe96c528feef173c9e5ae642485ac84f44 /include
parent: 41eefc46a3a4682976afb5f8c4b9734ed6bfd406 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
index 49782f63f015..32a66d4b30ca 100644
--- a/include/linux/fortify-string.h
+++ b/include/linux/fortify-string.h
@@ -314,6 +314,16 @@ __FORTIFY_INLINE ssize_t strscpy(char * const POS p, const char * const POS q, s
 	if (__compiletime_lessthan(p_size, size))
 		__write_overflow();
 
+	/* Short-circuit for compile-time known-safe lengths. */
+	if (__compiletime_lessthan(p_size, SIZE_MAX)) {
+		len = __compiletime_strlen(q);
+
+		if (len < SIZE_MAX && __compiletime_lessthan(len, size)) {
+			__underlying_memcpy(p, q, len + 1);
+			return len;
+		}
+	}
+
 	/*
 	 * This call protects from read overflow, because len will default to q
 	 * length if it smaller than size.
author	Kees Cook <keescook@chromium.org>	2022-10-02 09:17:03 -0700
committer	Kees Cook <keescook@chromium.org>	2022-11-01 10:04:52 -0700
commit	62e1cbfc5d795381a0f237ae7ee229a92d51cf9e (patch)
tree	cf730cfe96c528feef173c9e5ae642485ac84f44 /include
parent	41eefc46a3a4682976afb5f8c4b9734ed6bfd406 (diff)