Merge tag 'kgdb-6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux

+15 -14

kernel/debug/gdbstub.c

··· 30 30 #include <linux/kgdb.h> 31 31 #include <linux/kdb.h> 32 32 #include <linux/serial_core.h> 33 + #include <linux/string.h> 33 34 #include <linux/reboot.h> 34 35 #include <linux/uaccess.h> 35 36 #include <asm/cacheflush.h> ··· 548 547 error_packet(remcom_out_buffer, -EINVAL); 549 548 } else { 550 549 gdb_regs_to_pt_regs(gdb_regs, ks->linux_regs); 551 - strcpy(remcom_out_buffer, "OK"); 550 + strscpy(remcom_out_buffer, "OK"); 552 551 } 553 552 } 554 553 ··· 578 577 if (err) 579 578 error_packet(remcom_out_buffer, err); 580 579 else 581 - strcpy(remcom_out_buffer, "OK"); 580 + strscpy(remcom_out_buffer, "OK"); 582 581 } 583 582 584 583 #if DBG_MAX_REG_NUM > 0 ··· 631 630 i = i / 2; 632 631 kgdb_hex2mem(ptr, (char *)gdb_regs, i); 633 632 dbg_set_reg(regnum, gdb_regs, ks->linux_regs); 634 - strcpy(remcom_out_buffer, "OK"); 633 + strscpy(remcom_out_buffer, "OK"); 635 634 } 636 635 #endif /* DBG_MAX_REG_NUM > 0 */ 637 636 ··· 643 642 if (err) 644 643 error_packet(remcom_out_buffer, err); 645 644 else 646 - strcpy(remcom_out_buffer, "OK"); 645 + strscpy(remcom_out_buffer, "OK"); 647 646 } 648 647 649 648 /* Handle the 'D' or 'k', detach or kill packets */ ··· 657 656 if (error < 0) { 658 657 error_packet(remcom_out_buffer, error); 659 658 } else { 660 - strcpy(remcom_out_buffer, "OK"); 659 + strscpy(remcom_out_buffer, "OK"); 661 660 kgdb_connected = 0; 662 661 } 663 662 put_packet(remcom_out_buffer); ··· 677 676 /* For now, only honor R0 */ 678 677 if (strcmp(remcom_in_buffer, "R0") == 0) { 679 678 printk(KERN_CRIT "Executing emergency reboot\n"); 680 - strcpy(remcom_out_buffer, "OK"); 679 + strscpy(remcom_out_buffer, "OK"); 681 680 put_packet(remcom_out_buffer); 682 681 683 682 /* ··· 740 739 741 740 case 'C': 742 741 /* Current thread id */ 743 - strcpy(remcom_out_buffer, "QC"); 742 + strscpy(remcom_out_buffer, "QC"); 744 743 ks->threadid = shadow_pid(current->pid); 745 744 int_to_threadref(thref, ks->threadid); 746 745 pack_threadid(remcom_out_buffer + 2, thref); ··· 774 773 int len = strlen(remcom_in_buffer + 6); 775 774 776 775 if ((len % 2) != 0) { 777 - strcpy(remcom_out_buffer, "E01"); 776 + strscpy(remcom_out_buffer, "E01"); 778 777 break; 779 778 } 780 779 kgdb_hex2mem(remcom_in_buffer + 6, ··· 786 785 kdb_parse(remcom_out_buffer); 787 786 kdb_common_deinit_state(); 788 787 789 - strcpy(remcom_out_buffer, "OK"); 788 + strscpy(remcom_out_buffer, "OK"); 790 789 } 791 790 break; 792 791 #endif 793 792 #ifdef CONFIG_HAVE_ARCH_KGDB_QXFER_PKT 794 793 case 'S': 795 794 if (!strncmp(remcom_in_buffer, "qSupported:", 11)) 796 - strcpy(remcom_out_buffer, kgdb_arch_gdb_stub_feature); 795 + strscpy(remcom_out_buffer, kgdb_arch_gdb_stub_feature); 797 796 break; 798 797 case 'X': 799 798 if (!strncmp(remcom_in_buffer, "qXfer:", 6)) ··· 823 822 } 824 823 kgdb_usethread = thread; 825 824 ks->kgdb_usethreadid = ks->threadid; 826 - strcpy(remcom_out_buffer, "OK"); 825 + strscpy(remcom_out_buffer, "OK"); 827 826 break; 828 827 case 'c': 829 828 ptr = &remcom_in_buffer[2]; ··· 838 837 } 839 838 kgdb_contthread = thread; 840 839 } 841 - strcpy(remcom_out_buffer, "OK"); 840 + strscpy(remcom_out_buffer, "OK"); 842 841 break; 843 842 } 844 843 } ··· 852 851 kgdb_hex2long(&ptr, &ks->threadid); 853 852 thread = getthread(ks->linux_regs, ks->threadid); 854 853 if (thread) 855 - strcpy(remcom_out_buffer, "OK"); 854 + strscpy(remcom_out_buffer, "OK"); 856 855 else 857 856 error_packet(remcom_out_buffer, -EINVAL); 858 857 } ··· 914 913 (int) length, *bpt_type - '0'); 915 914 916 915 if (error == 0) 917 - strcpy(remcom_out_buffer, "OK"); 916 + strscpy(remcom_out_buffer, "OK"); 918 917 else 919 918 error_packet(remcom_out_buffer, error); 920 919 }

+8 -6

kernel/debug/kdb/kdb_io.c

··· 714 714 * it, depending on the results of the search. 715 715 */ 716 716 cp++; /* to byte after the newline */ 717 - replaced_byte = *cp; /* remember what/where it was */ 718 - cphold = cp; 717 + replaced_byte = *cp; /* remember what it was */ 718 + cphold = cp; /* remember where it was */ 719 719 *cp = '\0'; /* end the string for our search */ 720 720 721 721 /* ··· 732 732 * Shift the buffer left. 733 733 */ 734 734 *cphold = replaced_byte; 735 - strcpy(kdb_buffer, cphold); 736 - len = strlen(kdb_buffer); 735 + len = strlen(cphold); 736 + /* Use memmove() because the buffers overlap */ 737 + memmove(kdb_buffer, cphold, len + 1); 737 738 next_avail = kdb_buffer + len; 738 739 size_avail = sizeof(kdb_buffer) - len; 739 740 goto kdb_print_out; ··· 873 872 */ 874 873 if (kdb_grepping_flag && !suspend_grep) { 875 874 *cphold = replaced_byte; 876 - strcpy(kdb_buffer, cphold); 877 - len = strlen(kdb_buffer); 875 + len = strlen(cphold); 876 + /* Use memmove() because the buffers overlap */ 877 + memmove(kdb_buffer, cphold, len + 1); 878 878 next_avail = kdb_buffer + len; 879 879 size_avail = sizeof(kdb_buffer) - len; 880 880 }

-3

kernel/debug/kdb/kdb_keyboard.c

··· 145 145 return CTRL('F'); 146 146 } 147 147 148 - if (scancode == 0xe0) 149 - return -1; 150 - 151 148 /* 152 149 * For Japanese 86/106 keyboards 153 150 * See comment in drivers/char/pc_keyb.c.

+3 -11

kernel/debug/kdb/kdb_main.c

··· 721 721 mp->name = kdb_strdup(argv[1], GFP_KDB); 722 722 if (!mp->name) 723 723 goto fail_name; 724 - mp->usage = kdb_strdup(argv[2], GFP_KDB); 724 + mp->usage = kdb_strdup_dequote(argv[2], GFP_KDB); 725 725 if (!mp->usage) 726 726 goto fail_usage; 727 - mp->help = kdb_strdup(argv[3], GFP_KDB); 727 + mp->help = kdb_strdup_dequote(argv[3], GFP_KDB); 728 728 if (!mp->help) 729 729 goto fail_help; 730 - if (mp->usage[0] == '"') { 731 - strcpy(mp->usage, argv[2]+1); 732 - mp->usage[strlen(mp->usage)-1] = '\0'; 733 - } 734 - if (mp->help[0] == '"') { 735 - strcpy(mp->help, argv[3]+1); 736 - mp->help[strlen(mp->help)-1] = '\0'; 737 - } 738 730 739 731 INIT_LIST_HEAD(&kdb_macro->statements); 740 732 defcmd_in_progress = true; ··· 852 860 kdb_printf("search string too long\n"); 853 861 return; 854 862 } 855 - strcpy(kdb_grep_string, cp); 863 + memcpy(kdb_grep_string, cp, len + 1); 856 864 kdb_grepping_flag++; 857 865 return; 858 866 }

+1

kernel/debug/kdb/kdb_private.h

··· 110 110 extern int kdbgetsymval(const char *, kdb_symtab_t *); 111 111 extern int kdbnearsym(unsigned long, kdb_symtab_t *); 112 112 extern char *kdb_strdup(const char *str, gfp_t type); 113 + extern char *kdb_strdup_dequote(const char *str, gfp_t type); 113 114 extern void kdb_symbol_print(unsigned long, const kdb_symtab_t *, unsigned int); 114 115 115 116 /* Routine for debugging the debugger state. */

+33 -2

kernel/debug/kdb/kdb_support.c

··· 23 23 #include <linux/uaccess.h> 24 24 #include <linux/kdb.h> 25 25 #include <linux/slab.h> 26 + #include <linux/string.h> 26 27 #include <linux/ctype.h> 27 28 #include "kdb_private.h" 28 29 ··· 247 246 */ 248 247 char *kdb_strdup(const char *str, gfp_t type) 249 248 { 250 - int n = strlen(str)+1; 249 + size_t n = strlen(str) + 1; 251 250 char *s = kmalloc(n, type); 252 251 if (!s) 253 252 return NULL; 254 - return strcpy(s, str); 253 + memcpy(s, str, n); 254 + return s; 255 + } 256 + 257 + /* 258 + * kdb_strdup_dequote - same as kdb_strdup(), but trims surrounding quotes from 259 + * the input string if present. 260 + * Remarks: 261 + * Quotes are only removed if there is both a leading and a trailing quote. 262 + */ 263 + char *kdb_strdup_dequote(const char *str, gfp_t type) 264 + { 265 + size_t len = strlen(str); 266 + char *s; 267 + 268 + if (str[0] == '"' && len > 1 && str[len - 1] == '"') { 269 + /* trim both leading and trailing quotes */ 270 + str++; 271 + len -= 2; 272 + } 273 + 274 + len++; /* add space for NUL terminator */ 275 + 276 + s = kmalloc(len, type); 277 + if (!s) 278 + return NULL; 279 + 280 + memcpy(s, str, len - 1); 281 + s[len - 1] = '\0'; 282 + 283 + return s; 255 284 } 256 285 257 286 /*

Configure Feed

Configure Feed