| Message ID | 20231006161240.28048-1-ricardoapl.dev@gmail.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | [v2] staging: qlge: Replace strncpy with strscpy | expand |
| Context | Check | Description |
|---|---|---|
| netdev/tree_selection | success | Not a local patch |
On Fri, Oct 06, 2023 at 05:12:24PM +0100, Ricardo Lopes wrote: > Reported by checkpatch: > > WARNING: Prefer strscpy, strscpy_pad, or __nonstring over strncpy > > Signed-off-by: Ricardo Lopes <ricardoapl.dev@gmail.com> > --- > v2: Redo changelog text Kees, could you find a moment to look over this one? > > drivers/staging/qlge/qlge_dbg.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/drivers/staging/qlge/qlge_dbg.c b/drivers/staging/qlge/qlge_dbg.c > index c7e865f51..5f08a8492 100644 > --- a/drivers/staging/qlge/qlge_dbg.c > +++ b/drivers/staging/qlge/qlge_dbg.c > @@ -696,7 +696,7 @@ static void qlge_build_coredump_seg_header(struct mpi_coredump_segment_header *s > seg_hdr->cookie = MPI_COREDUMP_COOKIE; > seg_hdr->seg_num = seg_number; > seg_hdr->seg_size = seg_size; > - strncpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1); > + strscpy(seg_hdr->description, desc, sizeof(seg_hdr->description)); > } > > /* > @@ -737,7 +737,7 @@ int qlge_core_dump(struct qlge_adapter *qdev, struct qlge_mpi_coredump *mpi_core > sizeof(struct mpi_coredump_global_header); > mpi_coredump->mpi_global_header.image_size = > sizeof(struct qlge_mpi_coredump); > - strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", > + strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", > sizeof(mpi_coredump->mpi_global_header.id_string)); > > /* Get generic NIC reg dump */ > @@ -1225,7 +1225,7 @@ static void qlge_gen_reg_dump(struct qlge_adapter *qdev, > sizeof(struct mpi_coredump_global_header); > mpi_coredump->mpi_global_header.image_size = > sizeof(struct qlge_reg_dump); > - strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", > + strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", > sizeof(mpi_coredump->mpi_global_header.id_string)); > > /* segment 16 */ > -- > 2.41.0 > >
On Fri, Oct 06, 2023 at 05:12:24PM +0100, Ricardo Lopes wrote: > Reported by checkpatch: > > WARNING: Prefer strscpy, strscpy_pad, or __nonstring over strncpy Thanks for working on this! Doing these replacements needs analysis of several issues that should be described in the commit log: - is the destination an %NUL-terminated string? (strncpy can produce non-%NUL-terminated strings and sometimes this is intentional.) - is the source %NUL-terminated? (Sometimes strncpy is used when memcpy, kmemdup_nul, or other things should be used.) - does the destination need to be %NUL padded? (strncpy does this padding, but it isn't always obvious if it's needed.) When padding is needed, strscpy_pad() should be used. > > Signed-off-by: Ricardo Lopes <ricardoapl.dev@gmail.com> > --- > v2: Redo changelog text > > drivers/staging/qlge/qlge_dbg.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/drivers/staging/qlge/qlge_dbg.c b/drivers/staging/qlge/qlge_dbg.c > index c7e865f51..5f08a8492 100644 > --- a/drivers/staging/qlge/qlge_dbg.c > +++ b/drivers/staging/qlge/qlge_dbg.c > @@ -696,7 +696,7 @@ static void qlge_build_coredump_seg_header(struct mpi_coredump_segment_header *s > seg_hdr->cookie = MPI_COREDUMP_COOKIE; > seg_hdr->seg_num = seg_number; > seg_hdr->seg_size = seg_size; > - strncpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1); > + strscpy(seg_hdr->description, desc, sizeof(seg_hdr->description)); > } This function uses memset() for seq_hdr, so this is clearly trying to construct a %NUL terminated destination (due to the old "- 1" on the size). Also, padding should be redundant. All the callers of qlge_build_coredump_seg_header() pass a const string as the last argument, so they're all terminated. This looks like a correct replacement. > > /* > @@ -737,7 +737,7 @@ int qlge_core_dump(struct qlge_adapter *qdev, struct qlge_mpi_coredump *mpi_core > sizeof(struct mpi_coredump_global_header); > mpi_coredump->mpi_global_header.image_size = > sizeof(struct qlge_mpi_coredump); > - strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", > + strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", > sizeof(mpi_coredump->mpi_global_header.id_string)); > > /* Get generic NIC reg dump */ > @@ -1225,7 +1225,7 @@ static void qlge_gen_reg_dump(struct qlge_adapter *qdev, > sizeof(struct mpi_coredump_global_header); > mpi_coredump->mpi_global_header.image_size = > sizeof(struct qlge_reg_dump); > - strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", > + strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", > sizeof(mpi_coredump->mpi_global_header.id_string)); > > /* segment 16 */ These are both trying to copy a const string, so we know the src is terminated. Checking the related sizes: struct mpi_coredump_global_header { ... u8 id_string[16]; The const strings are 13 bytes with the %NUL, so they'll always fit in the destination. Just before these copies, the mpi_global_header is wiped: memset(&mpi_coredump->mpi_global_header, 0, sizeof(struct mpi_coredump_global_header)); so padding isn't a concern. This looks like a correct replacement. Reviewed-by: Kees Cook <keescook@chromium.org>
On Fri, Oct 06, 2023 at 05:12:24PM +0100, Ricardo Lopes wrote: > Reported by checkpatch: > > WARNING: Prefer strscpy, strscpy_pad, or __nonstring over strncpy > > Signed-off-by: Ricardo Lopes <ricardoapl.dev@gmail.com> Nice patch! It looks good to me and helps towards [1]. Reviewed-by: Justin Stitt <justinstitt@google.com> > --- > v2: Redo changelog text > > drivers/staging/qlge/qlge_dbg.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/drivers/staging/qlge/qlge_dbg.c b/drivers/staging/qlge/qlge_dbg.c > index c7e865f51..5f08a8492 100644 > --- a/drivers/staging/qlge/qlge_dbg.c > +++ b/drivers/staging/qlge/qlge_dbg.c > @@ -696,7 +696,7 @@ static void qlge_build_coredump_seg_header(struct mpi_coredump_segment_header *s > seg_hdr->cookie = MPI_COREDUMP_COOKIE; > seg_hdr->seg_num = seg_number; > seg_hdr->seg_size = seg_size; > - strncpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1); > + strscpy(seg_hdr->description, desc, sizeof(seg_hdr->description)); > } > > /* > @@ -737,7 +737,7 @@ int qlge_core_dump(struct qlge_adapter *qdev, struct qlge_mpi_coredump *mpi_core > sizeof(struct mpi_coredump_global_header); > mpi_coredump->mpi_global_header.image_size = > sizeof(struct qlge_mpi_coredump); > - strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", > + strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", > sizeof(mpi_coredump->mpi_global_header.id_string)); > > /* Get generic NIC reg dump */ > @@ -1225,7 +1225,7 @@ static void qlge_gen_reg_dump(struct qlge_adapter *qdev, > sizeof(struct mpi_coredump_global_header); > mpi_coredump->mpi_global_header.image_size = > sizeof(struct qlge_reg_dump); > - strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", > + strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", > sizeof(mpi_coredump->mpi_global_header.id_string)); > > /* segment 16 */ > -- > 2.41.0 > [1]: https://github.com/KSPP/linux/issues/90
On Mon, Oct 09, 2023 at 09:44:37AM -0700, Kees Cook wrote: > Thanks for working on this! Doing these replacements needs analysis of > several issues that should be described in the commit log: > > - is the destination an %NUL-terminated string? (strncpy can produce > non-%NUL-terminated strings and sometimes this is intentional.) > > - is the source %NUL-terminated? (Sometimes strncpy is used when memcpy, > kmemdup_nul, or other things should be used.) > > - does the destination need to be %NUL padded? (strncpy does this > padding, but it isn't always obvious if it's needed.) When padding is > needed, strscpy_pad() should be used. Thank you for the feedback Kees, I really appreciate it Regards, Ricardo Lopes
diff --git a/drivers/staging/qlge/qlge_dbg.c b/drivers/staging/qlge/qlge_dbg.c index c7e865f51..5f08a8492 100644 --- a/drivers/staging/qlge/qlge_dbg.c +++ b/drivers/staging/qlge/qlge_dbg.c @@ -696,7 +696,7 @@ static void qlge_build_coredump_seg_header(struct mpi_coredump_segment_header *s seg_hdr->cookie = MPI_COREDUMP_COOKIE; seg_hdr->seg_num = seg_number; seg_hdr->seg_size = seg_size; - strncpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1); + strscpy(seg_hdr->description, desc, sizeof(seg_hdr->description)); } /* @@ -737,7 +737,7 @@ int qlge_core_dump(struct qlge_adapter *qdev, struct qlge_mpi_coredump *mpi_core sizeof(struct mpi_coredump_global_header); mpi_coredump->mpi_global_header.image_size = sizeof(struct qlge_mpi_coredump); - strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", + strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", sizeof(mpi_coredump->mpi_global_header.id_string)); /* Get generic NIC reg dump */ @@ -1225,7 +1225,7 @@ static void qlge_gen_reg_dump(struct qlge_adapter *qdev, sizeof(struct mpi_coredump_global_header); mpi_coredump->mpi_global_header.image_size = sizeof(struct qlge_reg_dump); - strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", + strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump", sizeof(mpi_coredump->mpi_global_header.id_string)); /* segment 16 */
Reported by checkpatch: WARNING: Prefer strscpy, strscpy_pad, or __nonstring over strncpy Signed-off-by: Ricardo Lopes <ricardoapl.dev@gmail.com> --- v2: Redo changelog text drivers/staging/qlge/qlge_dbg.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)