* [PATCH 0/2] Doc, scripts: facilitate phaseout of strlcat
@ 2026-05-10 16:49 Manuel Ebner
2026-05-10 16:52 ` [PATCH 1/2] [PATCH 1/2] Doc: deprecated.rst: add strlcat() Manuel Ebner
` (2 more replies)
0 siblings, 3 replies; 16+ messages in thread
From: Manuel Ebner @ 2026-05-10 16:49 UTC (permalink / raw)
To: Andy Shevchenko, Kees Cook, Jonathan Corbet, Shuah Khan,
Andy Whitcroft, Joe Perches, Dwaipayan Ray, Lukas Bulwahn,
open list:DOCUMENTATION PROCESS, open list:DOCUMENTATION,
open list
Cc: Manuel Ebner
The goal of this series is to facilitate the transition from strlcat to better
alternatives.
^ permalink raw reply [flat|nested] 16+ messages in thread* [PATCH 1/2] [PATCH 1/2] Doc: deprecated.rst: add strlcat() 2026-05-10 16:49 [PATCH 0/2] Doc, scripts: facilitate phaseout of strlcat Manuel Ebner @ 2026-05-10 16:52 ` Manuel Ebner 2026-05-11 11:40 ` Geert Uytterhoeven 2026-05-10 16:54 ` Manuel Ebner 2026-05-10 16:56 ` [PATCH 2/2] scripts: checkpatch.pl: add warning for strlcat() Manuel Ebner 2 siblings, 1 reply; 16+ messages in thread From: Manuel Ebner @ 2026-05-10 16:52 UTC (permalink / raw) To: manuelebner Cc: andy.shevchenko, apw, corbet, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows add strlcat and alternatives --- Documentation/process/deprecated.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst index fed56864d036..b8a65c19796c 100644 --- a/Documentation/process/deprecated.rst +++ b/Documentation/process/deprecated.rst @@ -162,6 +162,12 @@ if a source string is not NUL-terminated. The safe replacement is strscpy(), though care must be given to any cases where the return value of strlcpy() is used, since strscpy() will return negative errno values when it truncates. +strlcat() +--------- +strlcat() must re-scan the destination string from the beginning on each +call (O(n^2) behavior). Alternatives are seq_buf_puts(), seq_buf_printf(), +snprintf() and scnprintf() + %p format specifier ------------------- Traditionally, using "%p" in format strings would lead to regular address -- 2.54.0 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH 1/2] [PATCH 1/2] Doc: deprecated.rst: add strlcat() 2026-05-10 16:52 ` [PATCH 1/2] [PATCH 1/2] Doc: deprecated.rst: add strlcat() Manuel Ebner @ 2026-05-11 11:40 ` Geert Uytterhoeven 2026-05-11 13:26 ` David Laight 0 siblings, 1 reply; 16+ messages in thread From: Geert Uytterhoeven @ 2026-05-11 11:40 UTC (permalink / raw) To: Manuel Ebner Cc: andy.shevchenko, apw, corbet, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows Hi Manuel, On Sun, 10 May 2026 at 18:52, Manuel Ebner <manuelebner@mailbox.org> wrote: > add strlcat and alternatives Thanks for your patch! > --- a/Documentation/process/deprecated.rst > +++ b/Documentation/process/deprecated.rst > @@ -162,6 +162,12 @@ if a source string is not NUL-terminated. The safe replacement is strscpy(), > though care must be given to any cases where the return value of strlcpy() > is used, since strscpy() will return negative errno values when it truncates. > > +strlcat() > +--------- > +strlcat() must re-scan the destination string from the beginning on each > +call (O(n^2) behavior). Alternatives are seq_buf_puts(), seq_buf_printf(), > +snprintf() and scnprintf() The last two not only require the caller to keep track of the offset in the buffer, but also using "%s" when storing passed strings. I hope we won't see mindless conversions lacking the "%s", introducing new security issues: -strlcat(buf, s, size); +scnprintf(buf + off, size - off, s); > + > %p format specifier > ------------------- > Traditionally, using "%p" in format strings would lead to regular address Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 1/2] [PATCH 1/2] Doc: deprecated.rst: add strlcat() 2026-05-11 11:40 ` Geert Uytterhoeven @ 2026-05-11 13:26 ` David Laight 2026-05-11 19:07 ` Kees Cook 0 siblings, 1 reply; 16+ messages in thread From: David Laight @ 2026-05-11 13:26 UTC (permalink / raw) To: Geert Uytterhoeven Cc: Manuel Ebner, andy.shevchenko, apw, corbet, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows On Mon, 11 May 2026 13:40:55 +0200 Geert Uytterhoeven <geert@linux-m68k.org> wrote: > Hi Manuel, > > On Sun, 10 May 2026 at 18:52, Manuel Ebner <manuelebner@mailbox.org> wrote: > > add strlcat and alternatives > > Thanks for your patch! > > > --- a/Documentation/process/deprecated.rst > > +++ b/Documentation/process/deprecated.rst > > @@ -162,6 +162,12 @@ if a source string is not NUL-terminated. The safe replacement is strscpy(), > > though care must be given to any cases where the return value of strlcpy() > > is used, since strscpy() will return negative errno values when it truncates. > > > > +strlcat() > > +--------- > > +strlcat() must re-scan the destination string from the beginning on each > > +call (O(n^2) behavior). Alternatives are seq_buf_puts(), seq_buf_printf(), > > +snprintf() and scnprintf() > > The last two not only require the caller to keep track of the offset > in the buffer, but also using "%s" when storing passed strings. Which also means they are significantly slower. Mind you, some code has: strlcat(buf, "\n", SIZE); return strlen(buf); which carefully scans the string twice. Since the '\0' isn't always needed (eg 'show' functions), this can be: len = strlen(buf); buf[len] ='\n'; return len + 1; Of course, the code could often easily get the length by other means. -- David > > I hope we won't see mindless conversions lacking the "%s", > introducing new security issues: > > -strlcat(buf, s, size); > +scnprintf(buf + off, size - off, s); > > > + > > %p format specifier > > ------------------- > > Traditionally, using "%p" in format strings would lead to regular address > > Gr{oetje,eeting}s, > > Geert > ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 1/2] [PATCH 1/2] Doc: deprecated.rst: add strlcat() 2026-05-11 13:26 ` David Laight @ 2026-05-11 19:07 ` Kees Cook 2026-05-11 20:34 ` David Laight 0 siblings, 1 reply; 16+ messages in thread From: Kees Cook @ 2026-05-11 19:07 UTC (permalink / raw) To: David Laight Cc: Geert Uytterhoeven, Manuel Ebner, andy.shevchenko, apw, corbet, dwaipayanray1, joe, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows On Mon, May 11, 2026 at 02:26:49PM +0100, David Laight wrote: > On Mon, 11 May 2026 13:40:55 +0200 > Geert Uytterhoeven <geert@linux-m68k.org> wrote: > > > Hi Manuel, > > > > On Sun, 10 May 2026 at 18:52, Manuel Ebner <manuelebner@mailbox.org> wrote: > > > add strlcat and alternatives > > > > Thanks for your patch! > > > > > --- a/Documentation/process/deprecated.rst > > > +++ b/Documentation/process/deprecated.rst > > > @@ -162,6 +162,12 @@ if a source string is not NUL-terminated. The safe replacement is strscpy(), > > > though care must be given to any cases where the return value of strlcpy() > > > is used, since strscpy() will return negative errno values when it truncates. > > > > > > +strlcat() > > > +--------- > > > +strlcat() must re-scan the destination string from the beginning on each > > > +call (O(n^2) behavior). Alternatives are seq_buf_puts(), seq_buf_printf(), > > > +snprintf() and scnprintf() > > > > The last two not only require the caller to keep track of the offset > > in the buffer, but also using "%s" when storing passed strings. > > Which also means they are significantly slower. > Mind you, some code has: > strlcat(buf, "\n", SIZE); > return strlen(buf); > which carefully scans the string twice. > Since the '\0' isn't always needed (eg 'show' functions), this can be: > len = strlen(buf); > buf[len] ='\n'; > return len + 1; > Of course, the code could often easily get the length by other means. I think I'd prefer to only recommend using seq_buf API. Or for sysfs, sysfs_emit() as seq_buf hasn't been extended there yet. -Kees -- Kees Cook ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 1/2] [PATCH 1/2] Doc: deprecated.rst: add strlcat() 2026-05-11 19:07 ` Kees Cook @ 2026-05-11 20:34 ` David Laight 0 siblings, 0 replies; 16+ messages in thread From: David Laight @ 2026-05-11 20:34 UTC (permalink / raw) To: Kees Cook Cc: Geert Uytterhoeven, Manuel Ebner, andy.shevchenko, apw, corbet, dwaipayanray1, joe, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows On Mon, 11 May 2026 12:07:38 -0700 Kees Cook <kees@kernel.org> wrote: > On Mon, May 11, 2026 at 02:26:49PM +0100, David Laight wrote: > > On Mon, 11 May 2026 13:40:55 +0200 > > Geert Uytterhoeven <geert@linux-m68k.org> wrote: > > > > > Hi Manuel, > > > > > > On Sun, 10 May 2026 at 18:52, Manuel Ebner <manuelebner@mailbox.org> wrote: > > > > add strlcat and alternatives > > > > > > Thanks for your patch! > > > > > > > --- a/Documentation/process/deprecated.rst > > > > +++ b/Documentation/process/deprecated.rst > > > > @@ -162,6 +162,12 @@ if a source string is not NUL-terminated. The safe replacement is strscpy(), > > > > though care must be given to any cases where the return value of strlcpy() > > > > is used, since strscpy() will return negative errno values when it truncates. > > > > > > > > +strlcat() > > > > +--------- > > > > +strlcat() must re-scan the destination string from the beginning on each > > > > +call (O(n^2) behavior). Alternatives are seq_buf_puts(), seq_buf_printf(), > > > > +snprintf() and scnprintf() > > > > > > The last two not only require the caller to keep track of the offset > > > in the buffer, but also using "%s" when storing passed strings. > > > > Which also means they are significantly slower. > > Mind you, some code has: > > strlcat(buf, "\n", SIZE); > > return strlen(buf); > > which carefully scans the string twice. > > Since the '\0' isn't always needed (eg 'show' functions), this can be: > > len = strlen(buf); > > buf[len] ='\n'; > > return len + 1; > > Of course, the code could often easily get the length by other means. > > I think I'd prefer to only recommend using seq_buf API. Or for sysfs, > sysfs_emit() as seq_buf hasn't been extended there yet. True for the docs, but rather more work when you are just trying to get rid of strcpy() and strcat() calls. It can be hard working out whether you can use sysfs_emit() or not. (And I recently failed to find where the PAGE_SIZE buffer is actually allocated; I'm sure it should just be 4k.) -- David > > -Kees > ^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH 1/2] Doc: deprecated.rst: add strlcat() 2026-05-10 16:49 [PATCH 0/2] Doc, scripts: facilitate phaseout of strlcat Manuel Ebner 2026-05-10 16:52 ` [PATCH 1/2] [PATCH 1/2] Doc: deprecated.rst: add strlcat() Manuel Ebner @ 2026-05-10 16:54 ` Manuel Ebner 2026-05-10 17:32 ` Randy Dunlap 2026-05-12 8:52 ` Jani Nikula 2026-05-10 16:56 ` [PATCH 2/2] scripts: checkpatch.pl: add warning for strlcat() Manuel Ebner 2 siblings, 2 replies; 16+ messages in thread From: Manuel Ebner @ 2026-05-10 16:54 UTC (permalink / raw) To: manuelebner Cc: andy.shevchenko, apw, corbet, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows add strlcat and alternatives Signed-off-by: Manuel Ebner <manuelebner@mailbox.org> --- Documentation/process/deprecated.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst index fed56864d036..b8a65c19796c 100644 --- a/Documentation/process/deprecated.rst +++ b/Documentation/process/deprecated.rst @@ -162,6 +162,12 @@ if a source string is not NUL-terminated. The safe replacement is strscpy(), though care must be given to any cases where the return value of strlcpy() is used, since strscpy() will return negative errno values when it truncates. +strlcat() +--------- +strlcat() must re-scan the destination string from the beginning on each +call (O(n^2) behavior). Alternatives are seq_buf_puts(), seq_buf_printf(), +snprintf() and scnprintf() + %p format specifier ------------------- Traditionally, using "%p" in format strings would lead to regular address -- 2.54.0 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH 1/2] Doc: deprecated.rst: add strlcat() 2026-05-10 16:54 ` Manuel Ebner @ 2026-05-10 17:32 ` Randy Dunlap 2026-05-12 8:52 ` Jani Nikula 1 sibling, 0 replies; 16+ messages in thread From: Randy Dunlap @ 2026-05-10 17:32 UTC (permalink / raw) To: Manuel Ebner Cc: andy.shevchenko, apw, corbet, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows On 5/10/26 9:54 AM, Manuel Ebner wrote: > add strlcat and alternatives > > Signed-off-by: Manuel Ebner <manuelebner@mailbox.org> > --- > Documentation/process/deprecated.rst | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst > index fed56864d036..b8a65c19796c 100644 > --- a/Documentation/process/deprecated.rst > +++ b/Documentation/process/deprecated.rst > @@ -162,6 +162,12 @@ if a source string is not NUL-terminated. The safe replacement is strscpy(), > though care must be given to any cases where the return value of strlcpy() > is used, since strscpy() will return negative errno values when it truncates. > > +strlcat() > +--------- > +strlcat() must re-scan the destination string from the beginning on each > +call (O(n^2) behavior). Alternatives are seq_buf_puts(), seq_buf_printf(), > +snprintf() and scnprintf() Add an ending period. > + > %p format specifier > ------------------- > Traditionally, using "%p" in format strings would lead to regular address -- ~Randy ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 1/2] Doc: deprecated.rst: add strlcat() 2026-05-10 16:54 ` Manuel Ebner 2026-05-10 17:32 ` Randy Dunlap @ 2026-05-12 8:52 ` Jani Nikula 2026-05-12 10:43 ` Manuel Ebner 1 sibling, 1 reply; 16+ messages in thread From: Jani Nikula @ 2026-05-12 8:52 UTC (permalink / raw) To: Manuel Ebner, manuelebner Cc: andy.shevchenko, apw, corbet, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows On Sun, 10 May 2026, Manuel Ebner <manuelebner@mailbox.org> wrote: > add strlcat and alternatives You'd think it's the strlcat() definition that needs a comment above it saying it's deprecated. I don't think folks really look at deprecated.rst. BR, Jani. > > Signed-off-by: Manuel Ebner <manuelebner@mailbox.org> > --- > Documentation/process/deprecated.rst | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst > index fed56864d036..b8a65c19796c 100644 > --- a/Documentation/process/deprecated.rst > +++ b/Documentation/process/deprecated.rst > @@ -162,6 +162,12 @@ if a source string is not NUL-terminated. The safe replacement is strscpy(), > though care must be given to any cases where the return value of strlcpy() > is used, since strscpy() will return negative errno values when it truncates. > > +strlcat() > +--------- > +strlcat() must re-scan the destination string from the beginning on each > +call (O(n^2) behavior). Alternatives are seq_buf_puts(), seq_buf_printf(), > +snprintf() and scnprintf() > + > %p format specifier > ------------------- > Traditionally, using "%p" in format strings would lead to regular address -- Jani Nikula, Intel ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 1/2] Doc: deprecated.rst: add strlcat() 2026-05-12 8:52 ` Jani Nikula @ 2026-05-12 10:43 ` Manuel Ebner 2026-05-12 13:57 ` David Laight 0 siblings, 1 reply; 16+ messages in thread From: Manuel Ebner @ 2026-05-12 10:43 UTC (permalink / raw) To: Jani Nikula Cc: andy.shevchenko, apw, corbet, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows On Tue, 2026-05-12 at 11:52 +0300, Jani Nikula wrote: > On Sun, 10 May 2026, Manuel Ebner <manuelebner@mailbox.org> wrote: > > add strlcat and alternatives > > You'd think it's the strlcat() definition that needs a comment above it > saying it's deprecated. I don't think folks really look at > deprecated.rst. arch/s390/lib/string.c lib/string.c and tools/include/nolibc/string.h do not mentions anything about obsolete. include/linux/fortify-string.h has /* Defined after fortified strlen() to reuse it. */ extern size_t __real_strlcat(char *p, const char *q, size_t avail) __RENAME(strlcat); /** * strlcat - Append a string to an existing string * [...] * Do not use this function. While FORTIFY_SOURCE tries to avoid * read and write overflows, this is only possible when the sizes * of @p and @q are known to the compiler. Prefer building the * string with formatting, via scnprintf(), seq_buf, or similar. should i add this to the former three files? Manuel > > BR, > Jani. > > > > > Signed-off-by: Manuel Ebner <manuelebner@mailbox.org> > > --- > > Documentation/process/deprecated.rst | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst > > index fed56864d036..b8a65c19796c 100644 > > --- a/Documentation/process/deprecated.rst > > +++ b/Documentation/process/deprecated.rst > > @@ -162,6 +162,12 @@ if a source string is not NUL-terminated. The safe replacement is > > strscpy(), > > though care must be given to any cases where the return value of strlcpy() > > is used, since strscpy() will return negative errno values when it truncates. > > > > +strlcat() > > +--------- > > +strlcat() must re-scan the destination string from the beginning on each > > +call (O(n^2) behavior). Alternatives are seq_buf_puts(), seq_buf_printf(), > > +snprintf() and scnprintf() > > + > > %p format specifier > > ------------------- > > Traditionally, using "%p" in format strings would lead to regular address > ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 1/2] Doc: deprecated.rst: add strlcat() 2026-05-12 10:43 ` Manuel Ebner @ 2026-05-12 13:57 ` David Laight 0 siblings, 0 replies; 16+ messages in thread From: David Laight @ 2026-05-12 13:57 UTC (permalink / raw) To: Manuel Ebner Cc: Jani Nikula, andy.shevchenko, apw, corbet, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows On Tue, 12 May 2026 12:43:54 +0200 Manuel Ebner <manuelebner@mailbox.org> wrote: > On Tue, 2026-05-12 at 11:52 +0300, Jani Nikula wrote: > > On Sun, 10 May 2026, Manuel Ebner <manuelebner@mailbox.org> wrote: > > > add strlcat and alternatives > > > > You'd think it's the strlcat() definition that needs a comment above it > > saying it's deprecated. I don't think folks really look at > > deprecated.rst. > > arch/s390/lib/string.c > lib/string.c > and > tools/include/nolibc/string.h > > do not mentions anything about obsolete. > > include/linux/fortify-string.h has > > /* Defined after fortified strlen() to reuse it. */ > extern size_t __real_strlcat(char *p, const char *q, size_t avail) __RENAME(strlcat); > /** > * strlcat - Append a string to an existing string > * [...] > * Do not use this function. While FORTIFY_SOURCE tries to avoid > * read and write overflows, this is only possible when the sizes > * of @p and @q are known to the compiler. Prefer building the > * string with formatting, via scnprintf(), seq_buf, or similar. I'm not that advice is really that good. The other schemes (esp scnprintf) are just as dangerous. If the code has just done 'buf = kmalloc(size)' then strlcat(,,size) is fine - from an overflow point of view. strlcat() isn't really any worse than memcpy(). (unlike strncat() which was just an accident waiting to happen) -- David > > should i add this to the former three files? > > Manuel > > > > > BR, > > Jani. > > > > > > > > Signed-off-by: Manuel Ebner <manuelebner@mailbox.org> > > > --- > > > Documentation/process/deprecated.rst | 6 ++++++ > > > 1 file changed, 6 insertions(+) > > > > > > diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst > > > index fed56864d036..b8a65c19796c 100644 > > > --- a/Documentation/process/deprecated.rst > > > +++ b/Documentation/process/deprecated.rst > > > @@ -162,6 +162,12 @@ if a source string is not NUL-terminated. The safe replacement is > > > strscpy(), > > > though care must be given to any cases where the return value of strlcpy() > > > is used, since strscpy() will return negative errno values when it truncates. > > > > > > +strlcat() > > > +--------- > > > +strlcat() must re-scan the destination string from the beginning on each > > > +call (O(n^2) behavior). Alternatives are seq_buf_puts(), seq_buf_printf(), > > > +snprintf() and scnprintf() > > > + > > > %p format specifier > > > ------------------- > > > Traditionally, using "%p" in format strings would lead to regular address > > > > ^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH 2/2] scripts: checkpatch.pl: add warning for strlcat() 2026-05-10 16:49 [PATCH 0/2] Doc, scripts: facilitate phaseout of strlcat Manuel Ebner 2026-05-10 16:52 ` [PATCH 1/2] [PATCH 1/2] Doc: deprecated.rst: add strlcat() Manuel Ebner 2026-05-10 16:54 ` Manuel Ebner @ 2026-05-10 16:56 ` Manuel Ebner 2026-05-10 17:31 ` Randy Dunlap 2026-05-11 12:12 ` Jonathan Corbet 2 siblings, 2 replies; 16+ messages in thread From: Manuel Ebner @ 2026-05-10 16:56 UTC (permalink / raw) To: manuelebner Cc: andy.shevchenko, apw, corbet, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows add a warning for strlcat() Signed-off-by: Manuel Ebner <manuelebner@mailbox.org> --- scripts/checkpatch.pl | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 0492d6afc9a1..ca1a8e67d529 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -7085,6 +7085,12 @@ sub process { "Prefer strscpy over strlcpy - see: https://github.com/KSPP/linux/issues/89\n" . $herecurr); } +# strlcat uses that should likely be + if ($line =~ /\bstrlcat\s*\(/ && !is_userspace($realfile)) { + WARN("STRLCAT", + "Prefer seq_buf_printf() over strlcat - see: https://github.com/KSPP/linux/issues/370\n" . $herecurr); + } + # strncpy uses that should likely be strscpy or strscpy_pad if ($line =~ /\bstrncpy\s*\(/ && !is_userspace($realfile)) { WARN("STRNCPY", -- 2.54.0 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH 2/2] scripts: checkpatch.pl: add warning for strlcat() 2026-05-10 16:56 ` [PATCH 2/2] scripts: checkpatch.pl: add warning for strlcat() Manuel Ebner @ 2026-05-10 17:31 ` Randy Dunlap 2026-05-11 12:12 ` Jonathan Corbet 1 sibling, 0 replies; 16+ messages in thread From: Randy Dunlap @ 2026-05-10 17:31 UTC (permalink / raw) To: Manuel Ebner Cc: andy.shevchenko, apw, corbet, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows On 5/10/26 9:56 AM, Manuel Ebner wrote: > add a warning for strlcat() > > Signed-off-by: Manuel Ebner <manuelebner@mailbox.org> > --- > scripts/checkpatch.pl | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl > index 0492d6afc9a1..ca1a8e67d529 100755 > --- a/scripts/checkpatch.pl > +++ b/scripts/checkpatch.pl > @@ -7085,6 +7085,12 @@ sub process { > "Prefer strscpy over strlcpy - see: https://github.com/KSPP/linux/issues/89\n" . $herecurr); > } > > +# strlcat uses that should likely be should likely be what? > + if ($line =~ /\bstrlcat\s*\(/ && !is_userspace($realfile)) { > + WARN("STRLCAT", > + "Prefer seq_buf_printf() over strlcat - see: https://github.com/KSPP/linux/issues/370\n" . $herecurr); > + } > + > # strncpy uses that should likely be strscpy or strscpy_pad > if ($line =~ /\bstrncpy\s*\(/ && !is_userspace($realfile)) { > WARN("STRNCPY", -- ~Randy ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 2/2] scripts: checkpatch.pl: add warning for strlcat() 2026-05-10 16:56 ` [PATCH 2/2] scripts: checkpatch.pl: add warning for strlcat() Manuel Ebner 2026-05-10 17:31 ` Randy Dunlap @ 2026-05-11 12:12 ` Jonathan Corbet 2026-05-11 13:27 ` David Laight 1 sibling, 1 reply; 16+ messages in thread From: Jonathan Corbet @ 2026-05-11 12:12 UTC (permalink / raw) To: Manuel Ebner, manuelebner Cc: andy.shevchenko, apw, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows Manuel Ebner <manuelebner@mailbox.org> writes: > add a warning for strlcat() > > Signed-off-by: Manuel Ebner <manuelebner@mailbox.org> > --- > scripts/checkpatch.pl | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl > index 0492d6afc9a1..ca1a8e67d529 100755 > --- a/scripts/checkpatch.pl > +++ b/scripts/checkpatch.pl > @@ -7085,6 +7085,12 @@ sub process { > "Prefer strscpy over strlcpy - see: https://github.com/KSPP/linux/issues/89\n" . $herecurr); > } > > +# strlcat uses that should likely be > + if ($line =~ /\bstrlcat\s*\(/ && !is_userspace($realfile)) { > + WARN("STRLCAT", > + "Prefer seq_buf_printf() over strlcat - see: https://github.com/KSPP/linux/issues/370\n" . $herecurr); > + } Using seq_buf_printf() requires switching over to the seq_buf API in general, it is not just a simple substitution, so this advice may prove unhelpful to many. jon ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 2/2] scripts: checkpatch.pl: add warning for strlcat() 2026-05-11 12:12 ` Jonathan Corbet @ 2026-05-11 13:27 ` David Laight 2026-05-12 7:36 ` Manuel Ebner 0 siblings, 1 reply; 16+ messages in thread From: David Laight @ 2026-05-11 13:27 UTC (permalink / raw) To: Jonathan Corbet Cc: Manuel Ebner, andy.shevchenko, apw, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows On Mon, 11 May 2026 06:12:36 -0600 Jonathan Corbet <corbet@lwn.net> wrote: > Manuel Ebner <manuelebner@mailbox.org> writes: > > > add a warning for strlcat() > > > > Signed-off-by: Manuel Ebner <manuelebner@mailbox.org> > > --- > > scripts/checkpatch.pl | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl > > index 0492d6afc9a1..ca1a8e67d529 100755 > > --- a/scripts/checkpatch.pl > > +++ b/scripts/checkpatch.pl > > @@ -7085,6 +7085,12 @@ sub process { > > "Prefer strscpy over strlcpy - see: https://github.com/KSPP/linux/issues/89\n" . $herecurr); > > } > > > > +# strlcat uses that should likely be > > + if ($line =~ /\bstrlcat\s*\(/ && !is_userspace($realfile)) { > > + WARN("STRLCAT", > > + "Prefer seq_buf_printf() over strlcat - see: https://github.com/KSPP/linux/issues/370\n" . $herecurr); > > + } > > Using seq_buf_printf() requires switching over to the seq_buf API in > general, it is not just a simple substitution, so this advice may prove > unhelpful to many. And I'm not sure the external url is a good idea. > > jon > ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 2/2] scripts: checkpatch.pl: add warning for strlcat() 2026-05-11 13:27 ` David Laight @ 2026-05-12 7:36 ` Manuel Ebner 0 siblings, 0 replies; 16+ messages in thread From: Manuel Ebner @ 2026-05-12 7:36 UTC (permalink / raw) To: David Laight, Jonathan Corbet Cc: andy.shevchenko, apw, dwaipayanray1, joe, kees, linux-doc, linux-kernel, lukas.bulwahn, skhan, workflows On Mon, 2026-05-11 at 14:27 +0100, David Laight wrote: > On Mon, 11 May 2026 06:12:36 -0600 > Jonathan Corbet <corbet@lwn.net> wrote: > > > Manuel Ebner <manuelebner@mailbox.org> writes: > > > > > add a warning for strlcat() > > > > > > Signed-off-by: Manuel Ebner <manuelebner@mailbox.org> > > > --- > > > scripts/checkpatch.pl | 6 ++++++ > > > 1 file changed, 6 insertions(+) > > > > > > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl > > > index 0492d6afc9a1..ca1a8e67d529 100755 > > > --- a/scripts/checkpatch.pl > > > +++ b/scripts/checkpatch.pl > > > @@ -7085,6 +7085,12 @@ sub process { > > > "Prefer strscpy over strlcpy - see: > > > https://github.com/KSPP/linux/issues/89\n" . $herecurr); Here you can see the external urls already deployed. there are two more in the code blocks above. > > > } > > > > > > +# strlcat uses that should likely be > > > + if ($line =~ /\bstrlcat\s*\(/ && !is_userspace($realfile)) { > > > + WARN("STRLCAT", > > > + "Prefer seq_buf_printf() over strlcat - see: > > > https://github.com/KSPP/linux/issues/370\n" . $herecurr); > > > + } > > > > Using seq_buf_printf() requires switching over to the seq_buf API in > > general, it is not just a simple substitution, so this advice may prove > > unhelpful to many. > > And I'm not sure the external url is a good idea. It wasn't my idea originally. but I'm open to suggestions. Manuel > > > > jon > > ^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2026-05-12 13:57 UTC | newest] Thread overview: 16+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-05-10 16:49 [PATCH 0/2] Doc, scripts: facilitate phaseout of strlcat Manuel Ebner 2026-05-10 16:52 ` [PATCH 1/2] [PATCH 1/2] Doc: deprecated.rst: add strlcat() Manuel Ebner 2026-05-11 11:40 ` Geert Uytterhoeven 2026-05-11 13:26 ` David Laight 2026-05-11 19:07 ` Kees Cook 2026-05-11 20:34 ` David Laight 2026-05-10 16:54 ` Manuel Ebner 2026-05-10 17:32 ` Randy Dunlap 2026-05-12 8:52 ` Jani Nikula 2026-05-12 10:43 ` Manuel Ebner 2026-05-12 13:57 ` David Laight 2026-05-10 16:56 ` [PATCH 2/2] scripts: checkpatch.pl: add warning for strlcat() Manuel Ebner 2026-05-10 17:31 ` Randy Dunlap 2026-05-11 12:12 ` Jonathan Corbet 2026-05-11 13:27 ` David Laight 2026-05-12 7:36 ` Manuel Ebner
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox