From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 55AF221B905 for ; Fri, 19 Jun 2026 13:34:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.52 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781876082; cv=none; b=IUUR+AWfbC9rEzgK2veWq5I6lSY1c9CNTT372UkAqlQkQcgv5NW7ls1P48X7s+BS1qppphrWPIvQ4bcb19qZn2Llf4BxQJL9bI6yTSiRJFVw/CJVxq6xheJ+8qtVQLbsi26Yy8Uxef1VpxmhIMckpXRxZOLBXzN3nVhMK521DCA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781876082; c=relaxed/simple; bh=dbBz2QieHmEToMmtKT7zB1JATLkArtfoHDVG6WZmdCY=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=R1xFGmipibkN4IurIoKz8lIO/3UPLtQxf4XLDGPRatiTOeX0Yog34C4x3AJzVJ2RxY162X31vH3u/KqVgMuk3NBFt50gJnmYFQrDWZTizmfUm7JFRK0aNUSVhcAd5FUn+v8iTgyaaBUGHgFPl1IRdEL96tECIajP2MSHDT44Y1w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=s7G1+kbd; arc=none smtp.client-ip=209.85.128.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="s7G1+kbd" Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-490cf322ed0so16028685e9.1 for ; Fri, 19 Jun 2026 06:34:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1781876080; x=1782480880; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=qR4uagHJu24Y9sOS9k5mT4IkwyewV3rykHLez0Jnrds=; b=s7G1+kbd4dhFGzPyuiOo5JtUHGfsDcAiOBgYYFYBQppT0dAPtmClEZi5rKEAePVKsG D2bpbJ3WuFbWBv0rVPljsIHcCz1V0RxtB1L4bQMLDEqWII/adjL8Gq2HLlYWFD1gE5DV bthYLuuL3n4VYjr8RJk2Gjk54LorRQH0eWqt0EtPs3oc2eLknic6Ukk3fKfofGqQJkiW RGzeYyeTU9xX2Q/0MybNmBYOX7cLJMkbbtnTHAbLkK0GLdvBQgzptl2mMUkRQnct5oqe tN9kAGP6DkzV0EdYNrrq7lTs0c99o/vFWLm5fy7ltXtQumbCYyYdWA2zivMl1/cwJIZr B4KA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781876080; x=1782480880; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=qR4uagHJu24Y9sOS9k5mT4IkwyewV3rykHLez0Jnrds=; b=SeOOphReQXbA9wOK+V0gfMlMYOmHmFlAIjvyKROTyLq8syMD8T+/NR0TnT4HC2dBcZ 3fENDCeYEvZBBhY7Et0/HBc2hL01ufCe318KrYL6PVvDuZ/eTA2XWTf3LE6iY30Gjz7c 8duQCdG/hB9zqAz25SwW2u/bOnwrBJHcN4Z8rQ17s3Dnnk1BgmTBDWa19Vk653sz/8lw pxZqtgsWpRgyjiVEP6nr+1cPN+GJPu78nft5QeaTagEXclfJOEy6vBqNWZDtA8W1K1vX pmqlc2+O+IGvkQLMdVXUqqKZA/mr5tko+NWrMqD7n3oqu5qxl5w0sW32+Pm6krIrT4U2 f2wA== X-Forwarded-Encrypted: i=1; AFNElJ94hHVxhgAQaFTA0hKWKDWbv2adfpaZ/F5flTohMVo5C5jHSUIfYaamD4vnZO52fygugr0uaZhBC4ITFGo=@vger.kernel.org X-Gm-Message-State: AOJu0YzcYmQ2paR3qBR+D7DcsEyLroQfZB8goWi8oa7Z+1aRBZgT6M0K sRrvwpFIQc9Ym8Lq76ECJdD+VyGK+4w4bGosfriYNp4LrO2waKFsbA2WKaY4jaR1 X-Gm-Gg: AfdE7cm/KTlwSPQD2Gq2ElsuU7c2Iay2xnSPLEWY6mSyC2axhlZYUPu4mnQ+cg3P6fL IYmx9shGDDft3TO1mqNc+5sInl98nHTuPcQfGM+uBVQk4BfLmYTYpt1CjUrLQgGKoV1wac3A76c 6OVNQlii/xHEAG6V5NR2VVIi0SP4xD9oq4ULdbFCSPrIDa2ZMROzXavvniHQwCXaa5kBTkb34XN rIPuBeJgvh+eXyBczVhNtPC3x8p3p2dlKvWpwlsJPxQPFxmPVXmhEAKNGZd1jEXsZ0l/2rrtHfC dQu/cHUC7xcNq0cM0qduMW4/pJ77r6r+zKmJy4VSzRXj0Mh5tGq12nrzqCeM2lBqS8IFwtHv1Ql bvNsDII104naBZodRlv5Dq/InbTnAbMViL3raXLOMlmcK4g5RYJKORpb76xCbDjr1iASFPO8xj7 DJB4S5g3NvIQLlL8psKY+Fn4kqGAqzi+2FdCwWf7O4FAYmewmmkQ== X-Received: by 2002:a05:600c:5286:b0:492:454c:347c with SMTP id 5b1f17b1804b1-492454c37aemr28611295e9.7.1781876079542; Fri, 19 Jun 2026 06:34:39 -0700 (PDT) Received: from pumpkin (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4923fd01fecsm63720865e9.8.2026.06.19.06.34.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jun 2026 06:34:39 -0700 (PDT) Date: Fri, 19 Jun 2026 14:34:38 +0100 From: David Laight To: Andreas Hindborg Cc: Kees Cook , linux-hardening@vger.kernel.org, Arnd Bergmann , linux-kernel@vger.kernel.org, Breno Leitao Subject: Re: [PATCH next] fs: Replace strcpy(s, "../") with memcpy(s, "../", 4) Message-ID: <20260619143438.495c1780@pumpkin> In-Reply-To: <874iiyg5kj.fsf@t14s.mail-host-address-is-not-set> References: <20260606202633.5018-5-david.laight.linux@gmail.com> <874iiyg5kj.fsf@t14s.mail-host-address-is-not-set> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Fri, 19 Jun 2026 12:58:20 +0200 Andreas Hindborg wrote: > writes: > > > From: David Laight > > > > The code has already checked there is enough room. > > Use memcpy() to avoid compiler warnings from possibly unbounded strcpy(). > > > > Signed-off-by: David Laight > > --- > > This is one of a group of patches that remove potentially unbounded > > strcpy() calls. > > > > They are mostly replaced by strscpy() or, when strlen() has just been > > called, with memcpy() (usually including the '\0'). > > > > Calls with copy string literals into arrays are left unchanged. > > They are safe and easily detected as such. > > > > The changes were made by getting the compiler to detect the calls and > > then fixing the code by hand. > > > > Note that all the changes are only compile tested. > > > > Some Makefiles were changed to allow files to contain strcpy(). > > As well as 'difficult to fix' files, this included 'show' functions > > as they really need to use sysfs_emit() or seq_printf(). > > > > All the patches are being sent individually to avoid very long cc lists. > > Apologies for the terse commit messages and likely unexpected tags. > > (There are about 100 patches in total.) > > > > fs/configfs/symlink.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/fs/configfs/symlink.c b/fs/configfs/symlink.c > > index f3f79c67add5..9f36699e5922 100644 > > --- a/fs/configfs/symlink.c > > +++ b/fs/configfs/symlink.c > > @@ -67,7 +67,7 @@ static int configfs_get_target_path(struct config_item *item, > > pr_debug("%s: depth = %d, size = %d\n", __func__, depth, size); > > > > for (s = path; depth--; s += 3) > > - strcpy(s,"../"); > > + memcpy(s, "../", 4); > > I don't think this transform makes sense when copying string literals. > The post transform code has one more foot gun than the original code. They are actually identical, the compiler converts the former to the latter. I was trying to remove all the strcpy() where the target isn't an array. The initial check also only allowed string literals - but I relaxed that a bit to reduce the number of false positives. Were a similar check for calls to strcpy() be committed this code would need changing, but you want something that ends up being a (misaligned) 32bit write of a constant on most architectures. I just looked at the code again, the final '- 1' on the 'size = ...' line looks very odd. I wonder if it would be simpler to merge all three functions into something with a single loop that builds the name/name part backwards from the end of the buffer while adding "../" on the front and then calling memmove() to put the two together. David > > Best regards, > Andreas Hindborg > > >