Message ID | 20230914-drivers-gpu-drm-gma500-oaktrail_lvds_i2c-c-v1-1-0a53a076ce20@google.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | drm/gma500: refactor deprecated strncpy | expand |
On Thu, Sep 14, 2023 at 08:52:21PM +0000, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings [1]. > > We should prefer more robust and less ambiguous string interfaces. > > Since `chan->base.name` is expected to be NUL-terminated, a suitable > replacement is `strscpy` [2] due to the fact that it guarantees > NUL-termination on the destination buffer without also unnecessarily > NUL-padding. How did you decide about %NUL padding? (I see it is kzalloc'd, so it doesn't matter.) > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> > --- > > > drm/gma500: refactor deprecated strncpy > --- > drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c b/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c > index 06b5b2d70d48..68458cbdd6d5 100644 > --- a/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c > +++ b/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c > @@ -141,7 +141,7 @@ struct gma_i2c_chan *oaktrail_lvds_i2c_init(struct drm_device *dev) > > chan->drm_dev = dev; > chan->reg = dev_priv->lpc_gpio_base; > - strncpy(chan->base.name, "gma500 LPC", I2C_NAME_SIZE - 1); > + strscpy(chan->base.name, "gma500 LPC", I2C_NAME_SIZE - 1); What's going on here with the destination buffer size? chan->base.name is 48 bytes. I2C_NAME_SIZE is 20. Ultimately it doesn't matter since the source is a const char string, but it's still weird. Therefore: Reviewed-by: Kees Cook <keescook@chromium.org> -Kees > chan->base.owner = THIS_MODULE; > chan->base.algo_data = &chan->algo; > chan->base.dev.parent = dev->dev; > > --- > base-commit: 3669558bdf354cd352be955ef2764cde6a9bf5ec > change-id: 20230914-drivers-gpu-drm-gma500-oaktrail_lvds_i2c-c-a53c6d8bd62f > > Best regards, > -- > Justin Stitt <justinstitt@google.com> >
On Thu, Sep 14, 2023 at 09:37:31PM -0700, Kees Cook wrote: > On Thu, Sep 14, 2023 at 08:52:21PM +0000, Justin Stitt wrote: > > `strncpy` is deprecated for use on NUL-terminated destination strings [1]. > > > > We should prefer more robust and less ambiguous string interfaces. > > > > Since `chan->base.name` is expected to be NUL-terminated, a suitable > > replacement is `strscpy` [2] due to the fact that it guarantees > > NUL-termination on the destination buffer without also unnecessarily > > NUL-padding. > > How did you decide about %NUL padding? (I see it is kzalloc'd, so it > doesn't matter.) > > > > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > > Link: https://github.com/KSPP/linux/issues/90 > > Cc: linux-hardening@vger.kernel.org > > Signed-off-by: Justin Stitt <justinstitt@google.com> > > --- > > > > > > drm/gma500: refactor deprecated strncpy > > --- > > drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c b/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c > > index 06b5b2d70d48..68458cbdd6d5 100644 > > --- a/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c > > +++ b/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c > > @@ -141,7 +141,7 @@ struct gma_i2c_chan *oaktrail_lvds_i2c_init(struct drm_device *dev) > > > > chan->drm_dev = dev; > > chan->reg = dev_priv->lpc_gpio_base; > > - strncpy(chan->base.name, "gma500 LPC", I2C_NAME_SIZE - 1); > > + strscpy(chan->base.name, "gma500 LPC", I2C_NAME_SIZE - 1); > > What's going on here with the destination buffer size? chan->base.name > is 48 bytes. I2C_NAME_SIZE is 20. It seems I2C_NAME_SIZE is used for i2c_client.name but is abused here for i2c_adapter.name as well. Using sizeof() would be better. Justin, would you mind changing that as well? Thanks Patrik > > Ultimately it doesn't matter since the source is a const char string, > but it's still weird. Therefore: > > Reviewed-by: Kees Cook <keescook@chromium.org> > > -Kees > > > chan->base.owner = THIS_MODULE; > > chan->base.algo_data = &chan->algo; > > chan->base.dev.parent = dev->dev; > > > > --- > > base-commit: 3669558bdf354cd352be955ef2764cde6a9bf5ec > > change-id: 20230914-drivers-gpu-drm-gma500-oaktrail_lvds_i2c-c-a53c6d8bd62f > > > > Best regards, > > -- > > Justin Stitt <justinstitt@google.com> > > > > -- > Kees Cook
diff --git a/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c b/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c index 06b5b2d70d48..68458cbdd6d5 100644 --- a/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c +++ b/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c @@ -141,7 +141,7 @@ struct gma_i2c_chan *oaktrail_lvds_i2c_init(struct drm_device *dev) chan->drm_dev = dev; chan->reg = dev_priv->lpc_gpio_base; - strncpy(chan->base.name, "gma500 LPC", I2C_NAME_SIZE - 1); + strscpy(chan->base.name, "gma500 LPC", I2C_NAME_SIZE - 1); chan->base.owner = THIS_MODULE; chan->base.algo_data = &chan->algo; chan->base.dev.parent = dev->dev;
`strncpy` is deprecated for use on NUL-terminated destination strings [1]. We should prefer more robust and less ambiguous string interfaces. Since `chan->base.name` is expected to be NUL-terminated, a suitable replacement is `strscpy` [2] due to the fact that it guarantees NUL-termination on the destination buffer without also unnecessarily NUL-padding. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt <justinstitt@google.com> --- drm/gma500: refactor deprecated strncpy --- drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- base-commit: 3669558bdf354cd352be955ef2764cde6a9bf5ec change-id: 20230914-drivers-gpu-drm-gma500-oaktrail_lvds_i2c-c-a53c6d8bd62f Best regards, -- Justin Stitt <justinstitt@google.com>