On Thu, Jul 25, 2019 at 04:52:19PM +0530, NitinGote wrote: > From: Nitin Gote <nitin.r.gote@xxxxxxxxx> > > Added check in checkpatch.pl to deprecate strcpy(), strlcpy() and > strncpy() in favor of stracpy(). stracpy() is preferred when the destination is a char array (rather than a string pointer), so that likely needs to be clarified. -Kees > > Updated Documentation/process/deprecated.rst for stracpy(). > > Signed-off-by: Nitin Gote <nitin.r.gote@xxxxxxxxx> > --- > Change log: > v5->v6 > - Used stracpy() instead of strscpy(). > > v4->v5 > - Change the subject line as per review comment. > - v5 is Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> > > v3->v4 > - Removed "c:func:" from deprecated.rst as per review comment. > > v2->v3 > - Avoided use of $check in implementation. > - Incorporated trivial comments. > > v1->v2 > - For string related apis, created different %deprecated_string_api > and these will get emitted at CHECK Level using command line option > -f/--file to avoid bad patched from novice script users. > > Documentation/process/deprecated.rst | 10 +++++----- > scripts/checkpatch.pl | 24 ++++++++++++++++++++++++ > 2 files changed, 29 insertions(+), 5 deletions(-) > > diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst > index 49e0f64a3427..709662c71a1a 100644 > --- a/Documentation/process/deprecated.rst > +++ b/Documentation/process/deprecated.rst > @@ -84,7 +84,7 @@ buffer. This could result in linear overflows beyond the > end of the buffer, leading to all kinds of misbehaviors. While > `CONFIG_FORTIFY_SOURCE=y` and various compiler flags help reduce the > risk of using this function, there is no good reason to add new uses of > -this function. The safe replacement is :c:func:`strscpy`. > +this function. The safe replacement is stracpy(). > > strncpy() on NUL-terminated strings > ----------------------------------- > @@ -93,9 +93,9 @@ will be NUL terminated. This can lead to various linear read overflows > and other misbehavior due to the missing termination. It also NUL-pads the > destination buffer if the source contents are shorter than the destination > buffer size, which may be a needless performance penalty for callers using > -only NUL-terminated strings. The safe replacement is :c:func:`strscpy`. > -(Users of :c:func:`strscpy` still needing NUL-padding will need an > -explicit :c:func:`memset` added.) > +only NUL-terminated strings. In this case, the safe replacement is > +stracpy(). If, however, the destination buffer still needs NUL-padding, > +the safe replacement is stracpy_pad(). > > If a caller is using non-NUL-terminated strings, :c:func:`strncpy()` can > still be used, but destinations should be marked with the `__nonstring > @@ -107,7 +107,7 @@ strlcpy() > :c:func:`strlcpy` reads the entire source buffer first, possibly exceeding > the given limit of bytes to copy. This is inefficient and can lead to > linear read overflows if a source string is not NUL-terminated. The > -safe replacement is :c:func:`strscpy`. > +safe replacement is stracpy(). > > Variable Length Arrays (VLAs) > ----------------------------- > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl > index 342c7c781ba5..dddf5adf1aac 100755 > --- a/scripts/checkpatch.pl > +++ b/scripts/checkpatch.pl > @@ -605,6 +605,20 @@ foreach my $entry (keys %deprecated_apis) { > } > $deprecated_apis_search = "(?:${deprecated_apis_search})"; > > +our %deprecated_string_apis = ( > + "strcpy" => "stracpy", > + "strlcpy" => "stracpy", > + "strncpy" => "stracpy - for non-NUL-terminated uses, strncpy dest should be __nonstring", > +); > + > +#Create a search pattern for all these strings apis to speed up a loop below > +our $deprecated_string_apis_search = ""; > +foreach my $entry (keys %deprecated_string_apis) { > + $deprecated_string_apis_search .= '|' if ($deprecated_string_apis_search ne ""); > + $deprecated_string_apis_search .= $entry; > +} > +$deprecated_string_apis_search = "(?:${deprecated_string_apis_search})"; > + > our $mode_perms_world_writable = qr{ > S_IWUGO | > S_IWOTH | > @@ -6446,6 +6460,16 @@ sub process { > "Deprecated use of '$deprecated_api', prefer '$new_api' instead\n" . $herecurr); > } > > +# check for string deprecated apis > + if ($line =~ /\b($deprecated_string_apis_search)\b\s*\(/) { > + my $deprecated_string_api = $1; > + my $new_api = $deprecated_string_apis{$deprecated_string_api}; > + my $msg_level = \&WARN; > + $msg_level = \&CHK if ($file); > + &{$msg_level}("DEPRECATED_API", > + "Deprecated use of '$deprecated_string_api', prefer '$new_api' instead\n" . $herecurr); > + } > + > # check for various structs that are normally const (ops, kgdb, device_tree) > # and avoid what seem like struct definitions 'struct foo {' > if ($line !~ /\bconst\b/ && > -- > 2.17.1 > -- Kees Cook