[PATCH next] drivers/scsi/mpt3sas: Replace strcpy() + strcat() with snprintf()

[PATCH next] drivers/scsi/mpt3sas: Replace strcpy() + strcat() with snprintf()

[david.laight.linux]

From: David Laight <david.laight.linux@gmail.com>

Avoids unbounded string functions creating version string.

Signed-off-by: David Laight <david.laight.linux@gmail.com>
---
This is one of a group of patches that remove potentially unbounded
strcpy() calls.

They are mostly replaced by strscpy() or, when strlen() has just been
called, with memcpy() (usually including the '\0').

Calls with copy string literals into arrays are left unchanged.
They are safe and easily detected as such.

The changes were made by getting the compiler to detect the calls and
then fixing the code by hand.

Note that all the changes are only compile tested.

Some Makefiles were changed to allow files to contain strcpy().
As well as 'difficult to fix' files, this included 'show' functions
as they really need to use sysfs_emit() or seq_printf().

All the patches are being sent individually to avoid very long cc lists.
Apologies for the terse commit messages and likely unexpected tags.
(There are about 100 patches in total.)

 drivers/scsi/mpt3sas/mpt3sas_ctl.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
index 8bb947004885..3488446d38a3 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
@@ -1225,6 +1225,7 @@ static long
 _ctl_getiocinfo(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
 {
 	struct mpt3_ioctl_iocinfo karg;
+	const char *ver = "";
 
 	dctlprintk(ioc, ioc_info(ioc, "%s: enter\n",
 				 __func__));
@@ -1241,15 +1242,13 @@ _ctl_getiocinfo(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
 	karg.pci_information.u.bits.function = PCI_FUNC(ioc->pdev->devfn);
 	karg.pci_information.segment_id = pci_domain_nr(ioc->pdev->bus);
 	karg.firmware_version = ioc->facts.FWVersion.Word;
-	strcpy(karg.driver_version, ioc->driver_name);
-	strcat(karg.driver_version, "-");
 	switch  (ioc->hba_mpi_version_belonged) {
 	case MPI2_VERSION:
 		if (ioc->is_warpdrive)
 			karg.adapter_type = MPT2_IOCTL_INTERFACE_SAS2_SSS6200;
 		else
 			karg.adapter_type = MPT2_IOCTL_INTERFACE_SAS2;
-		strcat(karg.driver_version, MPT2SAS_DRIVER_VERSION);
+		ver = MPT2SAS_DRIVER_VERSION;
 		break;
 	case MPI25_VERSION:
 	case MPI26_VERSION:
@@ -1257,9 +1256,11 @@ _ctl_getiocinfo(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
 			karg.adapter_type = MPT3_IOCTL_INTERFACE_SAS35;
 		else
 			karg.adapter_type = MPT3_IOCTL_INTERFACE_SAS3;
-		strcat(karg.driver_version, MPT3SAS_DRIVER_VERSION);
+		ver = MPT3SAS_DRIVER_VERSION;
 		break;
 	}
+	snprintf(karg.driver_version, sizeof (karg.driver_version), "%s-%s",
+		 ioc->driver_name, ver);
 	karg.bios_version = le32_to_cpu(ioc->bios_pg3.BiosVersion);
 
 	karg.driver_capability |= MPT3_IOCTL_IOCINFO_DRIVER_CAP_MCTP_PASSTHRU;
-- 
2.39.5

Re: [PATCH next] drivers/scsi/mpt3sas: Replace strcpy() + strcat() with snprintf()

[kernel test robot]

Hi,

kernel test robot noticed the following build warnings:

[auto build test WARNING on next-20260605]

url:    https://github.com/intel-lab-lkp/linux/commits/david-laight-linux-gmail-com/drivers-scsi-mpt3sas-Replace-strcpy-strcat-with-snprintf/20260608-182042
base:   next-20260605
patch link:    https://lore.kernel.org/r/20260608095523.2606-35-david.laight.linux%40gmail.com
patch subject: [PATCH next] drivers/scsi/mpt3sas: Replace strcpy() + strcat() with snprintf()
config: x86_64-rhel-9.4 (https://download.01.org/0day-ci/archive/20260608/202606082107.T3scOqQb-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260608/202606082107.T3scOqQb-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202606082107.T3scOqQb-lkp@intel.com/

All warnings (new ones prefixed by >>):

   drivers/scsi/mpt3sas/mpt3sas_ctl.c: In function '_ctl_getiocinfo':
>> drivers/scsi/mpt3sas/mpt3sas_ctl.c:1262:73: warning: '%s' directive output may be truncated writing up to 12 bytes into a region of size between 8 and 31 [-Wformat-truncation=]
    1262 |         snprintf(karg.driver_version, sizeof (karg.driver_version), "%s-%s",
         |                                                                         ^~
   drivers/scsi/mpt3sas/mpt3sas_ctl.c:1262:9: note: 'snprintf' output between 2 and 37 bytes into a destination of size 32
    1262 |         snprintf(karg.driver_version, sizeof (karg.driver_version), "%s-%s",
         |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    1263 |                  ioc->driver_name, ver);
         |                  ~~~~~~~~~~~~~~~~~~~~~~


vim +1262 drivers/scsi/mpt3sas/mpt3sas_ctl.c

  1218	
  1219	/**
  1220	 * _ctl_getiocinfo - main handler for MPT3IOCINFO opcode
  1221	 * @ioc: per adapter object
  1222	 * @arg: user space buffer containing ioctl content
  1223	 */
  1224	static long
  1225	_ctl_getiocinfo(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
  1226	{
  1227		struct mpt3_ioctl_iocinfo karg;
  1228		const char *ver = "";
  1229	
  1230		dctlprintk(ioc, ioc_info(ioc, "%s: enter\n",
  1231					 __func__));
  1232	
  1233		memset(&karg, 0 , sizeof(karg));
  1234		if (ioc->pfacts)
  1235			karg.port_number = ioc->pfacts[0].PortNumber;
  1236		karg.hw_rev = ioc->pdev->revision;
  1237		karg.pci_id = ioc->pdev->device;
  1238		karg.subsystem_device = ioc->pdev->subsystem_device;
  1239		karg.subsystem_vendor = ioc->pdev->subsystem_vendor;
  1240		karg.pci_information.u.bits.bus = ioc->pdev->bus->number;
  1241		karg.pci_information.u.bits.device = PCI_SLOT(ioc->pdev->devfn);
  1242		karg.pci_information.u.bits.function = PCI_FUNC(ioc->pdev->devfn);
  1243		karg.pci_information.segment_id = pci_domain_nr(ioc->pdev->bus);
  1244		karg.firmware_version = ioc->facts.FWVersion.Word;
  1245		switch  (ioc->hba_mpi_version_belonged) {
  1246		case MPI2_VERSION:
  1247			if (ioc->is_warpdrive)
  1248				karg.adapter_type = MPT2_IOCTL_INTERFACE_SAS2_SSS6200;
  1249			else
  1250				karg.adapter_type = MPT2_IOCTL_INTERFACE_SAS2;
  1251			ver = MPT2SAS_DRIVER_VERSION;
  1252			break;
  1253		case MPI25_VERSION:
  1254		case MPI26_VERSION:
  1255			if (ioc->is_gen35_ioc)
  1256				karg.adapter_type = MPT3_IOCTL_INTERFACE_SAS35;
  1257			else
  1258				karg.adapter_type = MPT3_IOCTL_INTERFACE_SAS3;
  1259			ver = MPT3SAS_DRIVER_VERSION;
  1260			break;
  1261		}
> 1262		snprintf(karg.driver_version, sizeof (karg.driver_version), "%s-%s",
  1263			 ioc->driver_name, ver);
  1264		karg.bios_version = le32_to_cpu(ioc->bios_pg3.BiosVersion);
  1265	
  1266		karg.driver_capability |= MPT3_IOCTL_IOCINFO_DRIVER_CAP_MCTP_PASSTHRU;
  1267	
  1268		if (copy_to_user(arg, &karg, sizeof(karg))) {
  1269			pr_err("failure at %s:%d/%s()!\n",
  1270			    __FILE__, __LINE__, __func__);
  1271			return -EFAULT;
  1272		}
  1273		return 0;
  1274	}
  1275	

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki