um: Convert strscpy() usage to 2-argument style

The ARCH=um build has its own idea about strscpy()'s definition. Adjust
the callers to remove the redundant sizeof() arguments ahead of treewide
changes, since it needs a manual adjustment for the newly named
sized_strscpy() export.

Cc: Richard Weinberger <richard@nod.at>
Cc: linux-um@lists.infradead.org
Signed-off-by: Kees Cook <keescook@chromium.org>

um: Remove strlcpy usage

strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
[rw: Massaged subject]
Signed-off-by: Richard Weinberger <richard@nod.at>

um: Remove strlcpy declaration

strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230703160641.1790935-1-azeemshaikh38@gmail.com
Signed-off-by: Kees Cook <keescook@chromium.org>

um: remove unused variable

The variable dead is initialized but never used otherwise.

Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Richard Weinberger <richard@nod.at>

um: Remove use of asprinf in umid.c

asprintf is not compatible with the existing uml memory allocation
mechanism. Its use on the "user" side of UML results in a corrupt slab
state.

Fixes: 0d4e5ac7e780 ("um: remove uses of variable length arrays")
Cc: stable@vger.kernel.org
Signed-off-by: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Signed-off-by: Richard Weinberger <richard@nod.at>

um: Fix incorrect assumptions about max pid length

pids are no longer limited to 16-bits, bump to 32-bits,
ie. 9 decimal characters. Additionally sizeof("/") already
returns 2 - ie. it already accounts for trailing zero.

Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Cc: Linux UM Mailing List <linux-um@lists.infradead.org>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Signed-off-by: Richard Weinberger <richard@nod.at>

um: Fix len of file in create_pid_file

sizeof gives us the size of the pointer variable, not of the
area it points to. So the number of bytes copied by umid_file_name()
is 8.
We should pass in the correct length of the file buffer.

Signed-off-by: Wen Yang <wenyang@linux.alibaba.com>
Signed-off-by: Richard Weinberger <richard@nod.at>

um: Add SPDX headers for files in arch/um/os-Linux

Convert files to use SPDX header. All files are licensed under the GPLv2.

Signed-off-by: Alex Dewar <alex.dewar@gmx.co.uk>
Signed-off-by: Richard Weinberger <richard@nod.at>

um: remove uses of variable length arrays

While the affected code is run in user-mode, the build still warns
about it. Convert all uses of VLA to dynamic allocations.

Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Richard Weinberger <richard@nod.at>

um: Use os_warn to print out pre-boot warning/error messages

Use os_warn() instead of printf/fprintf to print out
pre-boot warning/error messages to stderr.
Note that the help message and version message are
kept to print out to stdout, because user explicitly
specifies those options to get such information.

Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Richard Weinberger <richard@nod.at>

um: Use printk instead of printf in make_uml_dir

Since this function will be called after printk buffer
initialized, use printk as other functions do.

Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Richard Weinberger <richard@nod.at>

um: get rid of pointless include "..." where include <...> will do

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Richard Weinberger <richard@nod.at>

um: -include user.h for USER_OBJ, trim includes

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Richard Weinberger <richard@nod.at>

UML: make several more things static

- Make some variables and functions static, since they don't need to be
global.

- Remove an unused function - arch/um/kernel/time.c::sched_clock().

- Clean the style a bit as complained by checkpatch.pl.

Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: WANG Cong <wangcong@zeuux.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

uml: style fixes pass 3

Formatting changes in the files which have been changed in the course
of folding foo_skas functions into their callers. These include:
copyright updates
header file trimming
style fixes
adding severity to printks

These changes should be entirely non-functional.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

uml: remove code made redundant by CHOOSE_MODE removal

This patch makes a number of simplifications enabled by the removal of
CHOOSE_MODE. There were lots of functions that looked like

int foo(args){
foo_skas(args);
}

The bodies of foo_skas are now folded into foo, and their declarations (and
sometimes entire header files) are deleted.

In addition, the union uml_pt_regs, which was a union between the tt and skas
register formats, is now a struct, with the tt-mode arm of the union being
removed.

It turns out that usr2_handler was unused, so it is gone.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

[PATCH] uml: umid tidying

Add an error message when two umids are put on the command line.

umid.h is kind of pointless since it only declares one thing, and that
is already declared in os.h.

Commented the lack of locking of some data in os-Linux/umid.h.

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

[PATCH] uml: rename and improve actually_do_remove()

Rename actually_do_remove() to remove_files_and_dir(), make it call
closedir(), make it ignore ENOENT (I see it frequently enough).

ENOENT is probably due to multiple threads calling the exitcall functions
together*, but fixing that is non-trivial; and ignoring it is perfectly ok
in any case.

* it can surely happen: last_ditch_exit() is installed as SIGTERM handler
at boot, and it's not removed on thread creation. So killall vmlinux
(which I do) surely causes that. I've seen also a crash which seems to
do the same.

Installing the handler on only the main thread would make UML do no cleanup
when another thread exits, and we're not sure we want that. And mutual
exclusion in that context is tricky - we can't use spinlock in code not on
a kernel stack (spinlock debugging uses "current" a lot).

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] uml: fix not_dead_yet when directory is in bad state

The bug occurred to me when a UML left an empty ~/.uml/Sarge-norm folder -
when trying to reuse not_dead_yet() failed one of its check. The comment
says that's ok and means that we can take the directory, but while normally
not_dead_yet() removes it and returns 0 (i.e. go on, use this), on failure
it returns 0 but forgets to remove it. The fix is to remove it anytime
we're going to return 0.

But since "not_dead_yet" didn't make the interface so clear, causing this
bug, and I couldn't find a convenient name for the mix of things it did, I
split it into two parts:

is_umdir_used() - returns a boolean, contains all checks of not_dead_yet()
umdir_take_if_dead - tries to remove the dir unless it's used - returns
whether it removed it, that is we now own it.

With this changes the control flow is IMHO a bit clearer and needs less
comment for control flow.

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] uml: error handling fixes

Blairsorblade noticed some confusion between our use of a system
call's return value and errno. This patch fixes a number of related
bugs -
using errno instead of a return value
using a return value instead of errno
forgetting to negate a error return to get a positive error code

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] uml: fix failure path after conversion

Little fix for error paths in this code.

- Some bug come from conversion to os-Linux (open() doesn't follow the
kernel -errno return convention, while the old code called os_open_file()
which followed it). This caused the wrong return code to be printed.

- Then be more precise about what happened and do some whitespace fixes.

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] uml: prevent umid theft

Behavior when booting two UMLs with the same umid was broken. The second one
would steal the umid. This fixes that, making the second UML take a random
umid instead.

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] uml: umid cleanup

This patch cleans up the umid code:

- The only_if_set argument to get_umid is gone.

- get_umid returns an empty string rather than NULL if there is no umid.

- umid_is_random is gone since its users went away.

- Some printfs were turned into printks because the code runs late enough
that printk is working.

- Error paths were cleaned up.

- Some functions now return an error and let the caller print the error
message rather than printing it themselves. This eliminates the practice of
passing a pointer to printf or printk in, depending on where in the boot
process we are.

- Major tidying of not_dead_yet - mostly error path cleanup, plus a comment
explaining why it doesn't react to errors the way you might expect.

- Calls to os_* interfaces that were moved under os are changed back to
their native libc forms.

- snprintf, strlcpy, and their bounds-checking friends are used more often,
replacing by-hand bounds checking in some places.

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] uml: separate libc-dependent umid code

I reworked Gennady's umid OS abstraction patch because the code shouldn't
be moved entirely to os. As it turns out, I moved most of it anyway. This
patch is the minimal one needed to move the code and have it work.
It turns out that the concept of the umid is OS-independent, but
almost everything else about the implementation is OS-dependent.

This is code movement without cleanup - a follow-on patch tidies
everything up without shuffling code around.

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>