* [PATCH v2] scsi: hpsa: Replace deprecated strncpy() with strscpy_pad() @ 2025-02-13 11:40 Thorsten Blum 2025-02-13 18:24 ` Bart Van Assche 2025-02-19 2:34 ` Martin K. Petersen 0 siblings, 2 replies; 4+ messages in thread From: Thorsten Blum @ 2025-02-13 11:40 UTC (permalink / raw) To: Don Brace, James E.J. Bottomley, Martin K. Petersen Cc: Thorsten Blum, linux-hardening, storagedev, linux-scsi, linux-kernel strncpy() is deprecated for NUL-terminated destination buffers. Replace memset() and strncpy() with strscpy_pad() to copy the version string and fill the remaining bytes in the destination buffer with NUL bytes. This avoids zeroing the memory before copying the string. Compile-tested only. Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> --- Changes in v2: - Use len instead of len - 1 - Link to v1: https://lore.kernel.org/r/20250212224352.86583-3-thorsten.blum@linux.dev/ --- drivers/scsi/hpsa.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index c7ebae24b09f..968cefb497eb 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -7236,8 +7236,7 @@ static int hpsa_controller_hard_reset(struct pci_dev *pdev, static void init_driver_version(char *driver_version, int len) { - memset(driver_version, 0, len); - strncpy(driver_version, HPSA " " HPSA_DRIVER_VERSION, len - 1); + strscpy_pad(driver_version, HPSA " " HPSA_DRIVER_VERSION, len); } static int write_driver_ver_to_cfgtable(struct CfgTable __iomem *cfgtable) -- 2.48.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2] scsi: hpsa: Replace deprecated strncpy() with strscpy_pad() 2025-02-13 11:40 [PATCH v2] scsi: hpsa: Replace deprecated strncpy() with strscpy_pad() Thorsten Blum @ 2025-02-13 18:24 ` Bart Van Assche 2025-02-13 20:19 ` Kees Cook 2025-02-19 2:34 ` Martin K. Petersen 1 sibling, 1 reply; 4+ messages in thread From: Bart Van Assche @ 2025-02-13 18:24 UTC (permalink / raw) To: Thorsten Blum, Don Brace, James E.J. Bottomley, Martin K. Petersen Cc: linux-hardening, storagedev, linux-scsi, linux-kernel On 2/13/25 3:40 AM, Thorsten Blum wrote: > diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c > index c7ebae24b09f..968cefb497eb 100644 > --- a/drivers/scsi/hpsa.c > +++ b/drivers/scsi/hpsa.c > @@ -7236,8 +7236,7 @@ static int hpsa_controller_hard_reset(struct pci_dev *pdev, > > static void init_driver_version(char *driver_version, int len) > { > - memset(driver_version, 0, len); > - strncpy(driver_version, HPSA " " HPSA_DRIVER_VERSION, len - 1); > + strscpy_pad(driver_version, HPSA " " HPSA_DRIVER_VERSION, len); > } > > static int write_driver_ver_to_cfgtable(struct CfgTable __iomem *cfgtable) Has it been considered to introduce a Coccinelle semantic patch that performs this conversion? See also the scripts/coccinelle directory. Anyway: Reviewed-by: Bart Van Assche <bvanassche@acm.org> ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] scsi: hpsa: Replace deprecated strncpy() with strscpy_pad() 2025-02-13 18:24 ` Bart Van Assche @ 2025-02-13 20:19 ` Kees Cook 0 siblings, 0 replies; 4+ messages in thread From: Kees Cook @ 2025-02-13 20:19 UTC (permalink / raw) To: Bart Van Assche Cc: Thorsten Blum, Don Brace, James E.J. Bottomley, Martin K. Petersen, linux-hardening, storagedev, linux-scsi, linux-kernel On Thu, Feb 13, 2025 at 10:24:25AM -0800, Bart Van Assche wrote: > On 2/13/25 3:40 AM, Thorsten Blum wrote: > > diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c > > index c7ebae24b09f..968cefb497eb 100644 > > --- a/drivers/scsi/hpsa.c > > +++ b/drivers/scsi/hpsa.c > > @@ -7236,8 +7236,7 @@ static int hpsa_controller_hard_reset(struct pci_dev *pdev, > > static void init_driver_version(char *driver_version, int len) > > { > > - memset(driver_version, 0, len); > > - strncpy(driver_version, HPSA " " HPSA_DRIVER_VERSION, len - 1); > > + strscpy_pad(driver_version, HPSA " " HPSA_DRIVER_VERSION, len); > > } > > static int write_driver_ver_to_cfgtable(struct CfgTable __iomem *cfgtable) > > Has it been considered to introduce a Coccinelle semantic patch that > performs this conversion? See also the scripts/coccinelle directory. Using this: @pad0 depends on !(file in "tools") && !(file in "samples")@ expression DEST, SRC; expression LENGTH; @@ - memset(DEST, 0, LENGTH); - strncpy(DEST, SRC, LENGTH - 1); + strscpy_pad(DEST, SRC, LENGTH); @padNUL depends on !(file in "tools") && !(file in "samples")@ expression DEST, SRC; expression LENGTH; @@ - memset(DEST, '\0', LENGTH); - strncpy(DEST, SRC, LENGTH - 1); + strscpy_pad(DEST, SRC, LENGTH); It turns out this is the only place left in the kernel using that pattern. :) > > Anyway: > > Reviewed-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: Kees Cook <kees@kernel.org> -- Kees Cook ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] scsi: hpsa: Replace deprecated strncpy() with strscpy_pad() 2025-02-13 11:40 [PATCH v2] scsi: hpsa: Replace deprecated strncpy() with strscpy_pad() Thorsten Blum 2025-02-13 18:24 ` Bart Van Assche @ 2025-02-19 2:34 ` Martin K. Petersen 1 sibling, 0 replies; 4+ messages in thread From: Martin K. Petersen @ 2025-02-19 2:34 UTC (permalink / raw) To: Thorsten Blum Cc: Don Brace, James E.J. Bottomley, Martin K. Petersen, linux-hardening, storagedev, linux-scsi, linux-kernel Thorsten, > strncpy() is deprecated for NUL-terminated destination buffers. > Replace memset() and strncpy() with strscpy_pad() to copy the version > string and fill the remaining bytes in the destination buffer with NUL > bytes. This avoids zeroing the memory before copying the string. Applied to 6.15/scsi-staging, thanks! -- Martin K. Petersen Oracle Linux Engineering ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-02-19 2:34 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-02-13 11:40 [PATCH v2] scsi: hpsa: Replace deprecated strncpy() with strscpy_pad() Thorsten Blum 2025-02-13 18:24 ` Bart Van Assche 2025-02-13 20:19 ` Kees Cook 2025-02-19 2:34 ` Martin K. Petersen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox