)]}'
{
  "commit": "09a0caa50c0406eaa111cbff23d29b1fa3f339cf",
  "tree": "c29114f140ef466c926504ad3cd367021907d35a",
  "parents": [
    "8beb3cdc41c1a8bb06872dd9a7bc6b1da5403f69"
  ],
  "author": {
    "name": "Kees Cook",
    "email": "keescook@chromium.org",
    "time": "Tue Dec 12 13:17:40 2023 -0800"
  },
  "committer": {
    "name": "Shuo Yang",
    "email": "gshuoy@google.com",
    "time": "Fri Oct 11 22:50:46 2024 +0000"
  },
  "message": "kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy()\n\n[ Upstream commit ff6d413b0b59466e5acf2e42f294b1842ae130a1 ]\n\nOne of the last remaining users of strlcpy() in the kernel is\nkernfs_path_from_node_locked(), which passes back the problematic \"length\nwe _would_ have copied\" return value to indicate truncation.  Convert the\nchain of all callers to use the negative return value (some of which\nalready doing this explicitly). All callers were already also checking\nfor negative return values, so the risk to missed checks looks very low.\n\nIn this analysis, it was found that cgroup1_release_agent() actually\ndidn\u0027t handle the \"too large\" condition, so this is technically also a\nbug fix. :)\n\nHere\u0027s the chain of callers, and resolution identifying each one as now\nhandling the correct return value:\n\nkernfs_path_from_node_locked()\n        kernfs_path_from_node()\n                pr_cont_kernfs_path()\n                        returns void\n                kernfs_path()\n                        sysfs_warn_dup()\n                                return value ignored\n                        cgroup_path()\n                                blkg_path()\n                                        bfq_bic_update_cgroup()\n                                                return value ignored\n                                TRACE_IOCG_PATH()\n                                        return value ignored\n                                TRACE_CGROUP_PATH()\n                                        return value ignored\n                                perf_event_cgroup()\n                                        return value ignored\n                                task_group_path()\n                                        return value ignored\n                                damon_sysfs_memcg_path_eq()\n                                        return value ignored\n                                get_mm_memcg_path()\n                                        return value ignored\n                                lru_gen_seq_show()\n                                        return value ignored\n                        cgroup_path_from_kernfs_id()\n                                return value ignored\n                cgroup_show_path()\n                        already converted \"too large\" error to negative value\n                cgroup_path_ns_locked()\n                        cgroup_path_ns()\n                                bpf_iter_cgroup_show_fdinfo()\n                                        return value ignored\n                                cgroup1_release_agent()\n                                        wasn\u0027t checking \"too large\" error\n                        proc_cgroup_show()\n                                already converted \"too large\" to negative value\n\nCc: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Zefan Li \u003clizefan.x@bytedance.com\u003e\nCc: Johannes Weiner \u003channes@cmpxchg.org\u003e\nCc: Waiman Long \u003clongman@redhat.com\u003e\nCc: \u003ccgroups@vger.kernel.org\u003e\nCo-developed-by: Azeem Shaikh \u003cazeemshaikh38@gmail.com\u003e\n\nBUG\u003db/362701103\nTEST\u003dpresubmit\nRELEASE_NOTE\u003dNone\n\ncos-patch: security-moderate\nChange-Id: I12fa98552efcee218f4796c573c09de7968c0fca\nSigned-off-by: Azeem Shaikh \u003cazeemshaikh38@gmail.com\u003e\nLink: https://lore.kernel.org/r/20231116192127.1558276-3-keescook@chromium.org\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nLink: https://lore.kernel.org/r/20231212211741.164376-3-keescook@chromium.org\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nStable-dep-of: 1be59c97c83c (\"cgroup/cpuset: Prevent UAF in proc_cpuset_show()\")\nSigned-off-by: Sasha Levin \u003csashal@kernel.org\u003e\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/83480\nTested-by: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\nReviewed-by: Oleksandr Tymoshenko \u003covt@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "44b907874fba10b3a5fa87780440b4f69d1e5fce",
      "old_mode": 33188,
      "old_path": "fs/kernfs/dir.c",
      "new_id": "2c74b24fc22aa719309abd073b3b9feefa0da901",
      "new_mode": 33188,
      "new_path": "fs/kernfs/dir.c"
    },
    {
      "type": "modify",
      "old_id": "289cc873cb7195d2ba4c3390685b88c1e453d12c",
      "old_mode": 33188,
      "old_path": "kernel/cgroup/cgroup-v1.c",
      "new_id": "c2d28ffee3b7bb4031c747e24d57dd7cd8bea154",
      "new_mode": 33188,
      "new_path": "kernel/cgroup/cgroup-v1.c"
    },
    {
      "type": "modify",
      "old_id": "97ecca43386d93f12f1b4791f5d311e27ed4b0a4",
      "old_mode": 33188,
      "old_path": "kernel/cgroup/cgroup.c",
      "new_id": "1e008ea467c0a1992466592592b58b66c76c2f0e",
      "new_mode": 33188,
      "new_path": "kernel/cgroup/cgroup.c"
    },
    {
      "type": "modify",
      "old_id": "01f5a019e0f543409766293148011e9b1bf1b829",
      "old_mode": 33188,
      "old_path": "kernel/cgroup/cpuset.c",
      "new_id": "278248907791fcb27b662e5d13182f2f55d5bc98",
      "new_mode": 33188,
      "new_path": "kernel/cgroup/cpuset.c"
    }
  ]
}