* [PATCH] net: mdio: replace deprecated strncpy with strscpy
@ 2023-10-12 21:43 Justin Stitt
2023-10-12 21:55 ` Andrew Lunn
` (2 more replies)
0 siblings, 3 replies; 11+ messages in thread
From: Justin Stitt @ 2023-10-12 21:43 UTC (permalink / raw)
To: Andrew Lunn, Heiner Kallweit, Russell King, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni
Cc: netdev, linux-kernel, linux-hardening, Justin Stitt
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.
We expect new_bus->id to be NUL-terminated but not NUL-padded based on
its prior assignment through snprintf:
| snprintf(new_bus->id, MII_BUS_ID_SIZE, "gpio-%x", bus_id);
Due to this, a suitable replacement is `strscpy` [2] due to the fact
that it guarantees NUL-termination on the destination buffer without
unnecessarily NUL-padding.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
drivers/net/mdio/mdio-gpio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/mdio/mdio-gpio.c b/drivers/net/mdio/mdio-gpio.c
index 0fb3c2de0845..a1718d646504 100644
--- a/drivers/net/mdio/mdio-gpio.c
+++ b/drivers/net/mdio/mdio-gpio.c
@@ -125,7 +125,7 @@ static struct mii_bus *mdio_gpio_bus_init(struct device *dev,
if (bus_id != -1)
snprintf(new_bus->id, MII_BUS_ID_SIZE, "gpio-%x", bus_id);
else
- strncpy(new_bus->id, "gpio", MII_BUS_ID_SIZE);
+ strscpy(new_bus->id, "gpio", sizeof(new_bus->id));
if (pdata) {
new_bus->phy_mask = pdata->phy_mask;
---
base-commit: cbf3a2cb156a2c911d8f38d8247814b4c07f49a2
change-id: 20231012-strncpy-drivers-net-mdio-mdio-gpio-c-bddd9ed0c630
Best regards,
--
Justin Stitt <justinstitt@google.com>
^ permalink raw reply related [flat|nested] 11+ messages in thread* Re: [PATCH] net: mdio: replace deprecated strncpy with strscpy
2023-10-12 21:43 [PATCH] net: mdio: replace deprecated strncpy with strscpy Justin Stitt
@ 2023-10-12 21:55 ` Andrew Lunn
2023-10-16 19:40 ` Kees Cook
2023-11-30 22:00 ` Kees Cook
2 siblings, 0 replies; 11+ messages in thread
From: Andrew Lunn @ 2023-10-12 21:55 UTC (permalink / raw)
To: Justin Stitt
Cc: Heiner Kallweit, Russell King, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, netdev, linux-kernel,
linux-hardening
On Thu, Oct 12, 2023 at 09:43:02PM +0000, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect new_bus->id to be NUL-terminated but not NUL-padded based on
> its prior assignment through snprintf:
> | snprintf(new_bus->id, MII_BUS_ID_SIZE, "gpio-%x", bus_id);
>
> Due to this, a suitable replacement is `strscpy` [2] due to the fact
> that it guarantees NUL-termination on the destination buffer without
> unnecessarily NUL-padding.
>
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Justin Stitt <justinstitt@google.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Andrew
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] net: mdio: replace deprecated strncpy with strscpy
2023-10-12 21:43 [PATCH] net: mdio: replace deprecated strncpy with strscpy Justin Stitt
2023-10-12 21:55 ` Andrew Lunn
@ 2023-10-16 19:40 ` Kees Cook
2023-11-30 22:00 ` Kees Cook
2 siblings, 0 replies; 11+ messages in thread
From: Kees Cook @ 2023-10-16 19:40 UTC (permalink / raw)
To: Justin Stitt
Cc: Andrew Lunn, Heiner Kallweit, Russell King, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, netdev, linux-kernel,
linux-hardening
On Thu, Oct 12, 2023 at 09:43:02PM +0000, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect new_bus->id to be NUL-terminated but not NUL-padded based on
> its prior assignment through snprintf:
> | snprintf(new_bus->id, MII_BUS_ID_SIZE, "gpio-%x", bus_id);
>
> Due to this, a suitable replacement is `strscpy` [2] due to the fact
> that it guarantees NUL-termination on the destination buffer without
> unnecessarily NUL-padding.
>
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Justin Stitt <justinstitt@google.com>
> ---
> Note: build-tested only.
>
> Found with: $ rg "strncpy\("
> ---
> drivers/net/mdio/mdio-gpio.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/mdio/mdio-gpio.c b/drivers/net/mdio/mdio-gpio.c
> index 0fb3c2de0845..a1718d646504 100644
> --- a/drivers/net/mdio/mdio-gpio.c
> +++ b/drivers/net/mdio/mdio-gpio.c
> @@ -125,7 +125,7 @@ static struct mii_bus *mdio_gpio_bus_init(struct device *dev,
> if (bus_id != -1)
> snprintf(new_bus->id, MII_BUS_ID_SIZE, "gpio-%x", bus_id);
> else
> - strncpy(new_bus->id, "gpio", MII_BUS_ID_SIZE);
> + strscpy(new_bus->id, "gpio", sizeof(new_bus->id));
struct mii_bus {
...
char id[MII_BUS_ID_SIZE];
Yup, looks good. (I wonder about changing to sizeof() in the snprintf()
above it, but for a strscpy() refactor, I think this is fine.)
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] net: mdio: replace deprecated strncpy with strscpy
2023-10-12 21:43 [PATCH] net: mdio: replace deprecated strncpy with strscpy Justin Stitt
2023-10-12 21:55 ` Andrew Lunn
2023-10-16 19:40 ` Kees Cook
@ 2023-11-30 22:00 ` Kees Cook
2023-12-01 6:43 ` Jakub Kicinski
2 siblings, 1 reply; 11+ messages in thread
From: Kees Cook @ 2023-11-30 22:00 UTC (permalink / raw)
To: Andrew Lunn, Heiner Kallweit, Russell King, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, Justin Stitt
Cc: Kees Cook, netdev, linux-kernel, linux-hardening
On Thu, 12 Oct 2023 21:43:02 +0000, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect new_bus->id to be NUL-terminated but not NUL-padded based on
> its prior assignment through snprintf:
> | snprintf(new_bus->id, MII_BUS_ID_SIZE, "gpio-%x", bus_id);
>
> [...]
Applied to for-next/hardening, thanks!
[1/1] net: mdio: replace deprecated strncpy with strscpy
https://git.kernel.org/kees/c/3247bb945786
Take care,
--
Kees Cook
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] net: mdio: replace deprecated strncpy with strscpy
2023-11-30 22:00 ` Kees Cook
@ 2023-12-01 6:43 ` Jakub Kicinski
2023-12-01 18:22 ` Kees Cook
0 siblings, 1 reply; 11+ messages in thread
From: Jakub Kicinski @ 2023-12-01 6:43 UTC (permalink / raw)
To: Kees Cook
Cc: Andrew Lunn, Heiner Kallweit, Russell King, David S. Miller,
Eric Dumazet, Paolo Abeni, Justin Stitt, netdev, linux-kernel,
linux-hardening
On Thu, 30 Nov 2023 14:00:33 -0800 Kees Cook wrote:
> Applied to for-next/hardening, thanks!
>
> [1/1] net: mdio: replace deprecated strncpy with strscpy
> https://git.kernel.org/kees/c/3247bb945786
newer version of this was posted...
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] net: mdio: replace deprecated strncpy with strscpy
2023-12-01 6:43 ` Jakub Kicinski
@ 2023-12-01 18:22 ` Kees Cook
0 siblings, 0 replies; 11+ messages in thread
From: Kees Cook @ 2023-12-01 18:22 UTC (permalink / raw)
To: Jakub Kicinski
Cc: Andrew Lunn, Heiner Kallweit, Russell King, David S. Miller,
Eric Dumazet, Paolo Abeni, Justin Stitt, netdev, linux-kernel,
linux-hardening
On Thu, Nov 30, 2023 at 10:43:34PM -0800, Jakub Kicinski wrote:
> On Thu, 30 Nov 2023 14:00:33 -0800 Kees Cook wrote:
> > Applied to for-next/hardening, thanks!
> >
> > [1/1] net: mdio: replace deprecated strncpy with strscpy
> > https://git.kernel.org/kees/c/3247bb945786
>
> newer version of this was posted...
Hm, I didn't see anything land for this for the other with the same
subject. I've dropped both from my tree now.
Justin, can you chase down the mdio patches?
--
Kees Cook
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH] net: mdio: replace deprecated strncpy with strscpy
@ 2023-10-12 21:53 Justin Stitt
2023-10-12 21:59 ` Andrew Lunn
2023-10-18 23:23 ` Kees Cook
0 siblings, 2 replies; 11+ messages in thread
From: Justin Stitt @ 2023-10-12 21:53 UTC (permalink / raw)
To: Andrew Lunn, Heiner Kallweit, Russell King, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni
Cc: netdev, linux-kernel, linux-hardening, Justin Stitt
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.
We expect mdiodev->modalias to be NUL-terminated based on its usage with
strcmp():
| return strcmp(mdiodev->modalias, drv->name) == 0;
Moreover, mdiodev->modalias is already zero-allocated:
| mdiodev = kzalloc(sizeof(*mdiodev), GFP_KERNEL);
... which means the NUL-padding strncpy provides is not necessary.
Considering the above, a suitable replacement is `strscpy` [2] due to
the fact that it guarantees NUL-termination on the destination buffer
without unnecessarily NUL-padding.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
---
Note: build-tested only.
Found with: $ rg "strncpy\("
---
drivers/net/phy/mdio_bus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
index 25dcaa49ab8b..6cf73c15635b 100644
--- a/drivers/net/phy/mdio_bus.c
+++ b/drivers/net/phy/mdio_bus.c
@@ -506,7 +506,7 @@ static int mdiobus_create_device(struct mii_bus *bus,
if (IS_ERR(mdiodev))
return -ENODEV;
- strncpy(mdiodev->modalias, bi->modalias,
+ strscpy(mdiodev->modalias, bi->modalias,
sizeof(mdiodev->modalias));
mdiodev->bus_match = mdio_device_bus_match;
mdiodev->dev.platform_data = (void *)bi->platform_data;
---
base-commit: cbf3a2cb156a2c911d8f38d8247814b4c07f49a2
change-id: 20231012-strncpy-drivers-net-phy-mdio_bus-c-0a0d5e875712
Best regards,
--
Justin Stitt <justinstitt@google.com>
^ permalink raw reply related [flat|nested] 11+ messages in thread* Re: [PATCH] net: mdio: replace deprecated strncpy with strscpy
2023-10-12 21:53 Justin Stitt
@ 2023-10-12 21:59 ` Andrew Lunn
2023-10-12 22:01 ` Justin Stitt
2023-10-18 23:23 ` Kees Cook
1 sibling, 1 reply; 11+ messages in thread
From: Andrew Lunn @ 2023-10-12 21:59 UTC (permalink / raw)
To: Justin Stitt
Cc: Heiner Kallweit, Russell King, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, netdev, linux-kernel,
linux-hardening
On Thu, Oct 12, 2023 at 09:53:03PM +0000, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
Hi Justin
You just sent two patches with the same Subject. That got me confused
for a while, is it a resend? A new version?
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Justin Stitt <justinstitt@google.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Andrew
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] net: mdio: replace deprecated strncpy with strscpy
2023-10-12 21:59 ` Andrew Lunn
@ 2023-10-12 22:01 ` Justin Stitt
2023-10-13 12:05 ` Andrew Lunn
0 siblings, 1 reply; 11+ messages in thread
From: Justin Stitt @ 2023-10-12 22:01 UTC (permalink / raw)
To: Andrew Lunn
Cc: Heiner Kallweit, Russell King, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, netdev, linux-kernel,
linux-hardening
On Thu, Oct 12, 2023 at 2:59 PM Andrew Lunn <andrew@lunn.ch> wrote:
>
> On Thu, Oct 12, 2023 at 09:53:03PM +0000, Justin Stitt wrote:
> > strncpy() is deprecated for use on NUL-terminated destination strings
> > [1] and as such we should prefer more robust and less ambiguous string
> > interfaces.
>
> Hi Justin
>
> You just sent two patches with the same Subject. That got me confused
> for a while, is it a resend? A new version?
Yep, just saw this.
I'm working (top to bottom) on a list of strncpy hits. I have an automated tool
fetch the prefix and update the subject line accordingly. They are two separate
patches but ended up with the same exact subject line due to oversight and
over-automation.
Looking for guidance:
Should I combine them into one patch?
>
> > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> > Link: https://github.com/KSPP/linux/issues/90
> > Cc: linux-hardening@vger.kernel.org
> > Signed-off-by: Justin Stitt <justinstitt@google.com>
>
> Reviewed-by: Andrew Lunn <andrew@lunn.ch>
>
> Andrew
>
Thanks
Justin
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] net: mdio: replace deprecated strncpy with strscpy
2023-10-12 22:01 ` Justin Stitt
@ 2023-10-13 12:05 ` Andrew Lunn
0 siblings, 0 replies; 11+ messages in thread
From: Andrew Lunn @ 2023-10-13 12:05 UTC (permalink / raw)
To: Justin Stitt
Cc: Heiner Kallweit, Russell King, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, netdev, linux-kernel,
linux-hardening
On Thu, Oct 12, 2023 at 03:01:06PM -0700, Justin Stitt wrote:
> On Thu, Oct 12, 2023 at 2:59 PM Andrew Lunn <andrew@lunn.ch> wrote:
> >
> > On Thu, Oct 12, 2023 at 09:53:03PM +0000, Justin Stitt wrote:
> > > strncpy() is deprecated for use on NUL-terminated destination strings
> > > [1] and as such we should prefer more robust and less ambiguous string
> > > interfaces.
> >
> > Hi Justin
> >
> > You just sent two patches with the same Subject. That got me confused
> > for a while, is it a resend? A new version?
>
> Yep, just saw this.
>
> I'm working (top to bottom) on a list of strncpy hits. I have an automated tool
> fetch the prefix and update the subject line accordingly. They are two separate
> patches but ended up with the same exact subject line due to oversight and
> over-automation.
>
> Looking for guidance:
> Should I combine them into one patch?
No, it is fine. Just try to avoid it in the future.
Andrew
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] net: mdio: replace deprecated strncpy with strscpy
2023-10-12 21:53 Justin Stitt
2023-10-12 21:59 ` Andrew Lunn
@ 2023-10-18 23:23 ` Kees Cook
1 sibling, 0 replies; 11+ messages in thread
From: Kees Cook @ 2023-10-18 23:23 UTC (permalink / raw)
To: Justin Stitt
Cc: Andrew Lunn, Heiner Kallweit, Russell King, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, netdev, linux-kernel,
linux-hardening
On Thu, Oct 12, 2023 at 09:53:03PM +0000, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect mdiodev->modalias to be NUL-terminated based on its usage with
> strcmp():
> | return strcmp(mdiodev->modalias, drv->name) == 0;
>
> Moreover, mdiodev->modalias is already zero-allocated:
> | mdiodev = kzalloc(sizeof(*mdiodev), GFP_KERNEL);
> ... which means the NUL-padding strncpy provides is not necessary.
>
> Considering the above, a suitable replacement is `strscpy` [2] due to
> the fact that it guarantees NUL-termination on the destination buffer
> without unnecessarily NUL-padding.
>
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Justin Stitt <justinstitt@google.com>
Looks good!
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-12-01 18:22 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-12 21:43 [PATCH] net: mdio: replace deprecated strncpy with strscpy Justin Stitt
2023-10-12 21:55 ` Andrew Lunn
2023-10-16 19:40 ` Kees Cook
2023-11-30 22:00 ` Kees Cook
2023-12-01 6:43 ` Jakub Kicinski
2023-12-01 18:22 ` Kees Cook
-- strict thread matches above, loose matches on Subject: below --
2023-10-12 21:53 Justin Stitt
2023-10-12 21:59 ` Andrew Lunn
2023-10-12 22:01 ` Justin Stitt
2023-10-13 12:05 ` Andrew Lunn
2023-10-18 23:23 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).