From: David Laight <david.laight.linux@gmail.com>
To: Heiko Carstens <hca@linux.ibm.com>
Cc: Kees Cook <kees@kernel.org>,
Manuel Ebner <manuelebner@mailbox.org>,
Andy Shevchenko <andy.shevchenko@gmail.com>,
Jonathan Corbet <corbet@lwn.net>,
Shuah Khan <skhan@linuxfoundation.org>,
Andy Whitcroft <apw@canonical.com>, Joe Perches <joe@perches.com>,
Dwaipayan Ray <dwaipayanray1@gmail.com>,
Lukas Bulwahn <lukas.bulwahn@gmail.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Randy Dunlap <rdunlap@infradead.org>,
Jani Nikula <jani.nikula@intel.com>,
"open list:DOCUMENTATION PROCESS" <workflows@vger.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 1/3] Doc: deprecated.rst: add strlcat()
Date: Sat, 16 May 2026 17:35:24 +0100 [thread overview]
Message-ID: <20260516173524.498984d0@pumpkin> (raw)
In-Reply-To: <20260516152819.14597A76-hca@linux.ibm.com>
On Sat, 16 May 2026 17:28:19 +0200
Heiko Carstens <hca@linux.ibm.com> wrote:
> On Thu, May 14, 2026 at 09:31:46AM -0700, Kees Cook wrote:
> > On Thu, May 14, 2026 at 06:26:53PM +0200, Manuel Ebner wrote:
> > > add strlcat and alternatives
> > >
> > > Signed-off-by: Manuel Ebner <manuelebner@mailbox.org>
> > > ---
> > > Documentation/process/deprecated.rst | 7 +++++++
> > > 1 file changed, 7 insertions(+)
> > >
> > > diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst
> > > index fed56864d036..06e802f4bbfd 100644
> > > --- a/Documentation/process/deprecated.rst
> > > +++ b/Documentation/process/deprecated.rst
> > > @@ -153,6 +153,13 @@ used, and the destinations should be marked with the `__nonstring
> > > attribute to avoid future compiler warnings. For cases still needing
> > > NUL-padding, strtomem_pad() can be used.
> > >
> > > +strlcat()
> > > +---------
> > > +strlcat() must re-scan the destination string from the beginning on each
> > > +call (O(n^2) behavior). Alternatives are seq_buf_puts() and seq_buf_printf().
> > > +snprintf(), scnprintf() and sysfs_emit() are possible aswell, but the adoption
> > > +of the arguments needs to be taken care off.
> > > +
> >
> > How about just:
> >
> > strlcat() must re-scan the destination string from the beginning on each
> > call (O(n^2) behavior). Use the seq_buf API or similar instead.
>
> seq_buf API for appending something to e.g. boot_command_line seems to be odd,
> since boot_command_line is usually "just there" (depending on architecture and
> boot loader).
Indeed, but ISTR that code uses strcat() a lot of the time.
The lengths are all known, so memcpy() can be used.
I don't really see why strlcat() should be deprecated.
Clearly there are many cases where there are better ways to do things.
The only problem with strlcat() is that it returns the 'required length'.
So there are some broken uses.
- fs/nfs/flexfilelayout/flexfilelayout.c
- lib/kunit/string-stream.c (although the preceding vsnprintf() looks like the actual bug).
There is also some very strange code in security/selinus/ima.c - but it may be ok.
In reality the return value of strlcat() isn't really much worse that that
of snprintf().
-- David
>
> So if I would remove strlcat() from appending something to boot_command_line I
> would end up open-coding strlcat(), including the chance for the usual
> off-by-one bugs. Looks like this would be true for nearly all architectures.
>
> Is performance really the only reason to deprecate strlcat()? This seems to be
> a bit questionable to me.
next prev parent reply other threads:[~2026-05-16 16:35 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-14 16:07 [PATCH v2 0/3] Doc, scripts: facilitate phaseout of strlcat Manuel Ebner
2026-05-14 16:26 ` [PATCH v2 1/3] Doc: deprecated.rst: add strlcat() Manuel Ebner
2026-05-14 16:31 ` Kees Cook
2026-05-14 17:51 ` Randy Dunlap
2026-05-16 15:28 ` Heiko Carstens
2026-05-16 16:35 ` David Laight [this message]
2026-05-14 16:28 ` [PATCH v2 2/3] scripts: checkpatch.pl: add warning for strlcat() Manuel Ebner
2026-05-14 16:32 ` Kees Cook
2026-05-14 16:30 ` [PATCH v2 3/3] drivers: add deprecated remarks to strlcat() Manuel Ebner
2026-05-15 6:59 ` Andy Shevchenko
2026-05-15 7:22 ` Geert Uytterhoeven
2026-05-15 7:30 ` Andy Shevchenko
2026-05-15 7:31 ` Andy Shevchenko
2026-05-15 7:32 ` Geert Uytterhoeven
2026-05-15 9:31 ` David Laight
2026-05-15 9:41 ` Geert Uytterhoeven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260516173524.498984d0@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=andy.shevchenko@gmail.com \
--cc=apw@canonical.com \
--cc=corbet@lwn.net \
--cc=dwaipayanray1@gmail.com \
--cc=geert@linux-m68k.org \
--cc=hca@linux.ibm.com \
--cc=jani.nikula@intel.com \
--cc=joe@perches.com \
--cc=kees@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lukas.bulwahn@gmail.com \
--cc=manuelebner@mailbox.org \
--cc=rdunlap@infradead.org \
--cc=skhan@linuxfoundation.org \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox