On Mon, Mar 18, 2024 at 10:49:23PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > I don't mind changing the strncpy() in this function, but I don't think this problem description adequately describes the problem you're solving. If the motivation is that we want 0 users of strncpy() in the kernel, then say so. > @query is already marked as __nonstring and doesn't need to be > NUL-terminated. You're not wrong, but in the event that strlen(id) < sizeof(ent->id) the destination should be NUL-padded - exactly one of the well known, normally unwanted, effects of strncpy(). strtomem() does explicitly not do this. > Since @id is a string, we can use the self-describing > string API strtomem(). "self-describing"? > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@xxxxxxxxxxxxxxx > Signed-off-by: Justin Stitt <justinstitt@xxxxxxxxxx> > --- > Changes in v2: > - use strtomem instead of memcpy (thanks Kees) > - Link to v1: https://lore.kernel.org/r/20240314-strncpy-drivers-soc-qcom-cmd-db-c-v1-1-70f5d5e70732@xxxxxxxxxx > --- > Note: build-tested only. > > Found with: $ rg "strncpy\(" > --- > drivers/soc/qcom/cmd-db.c | 9 ++------- > 1 file changed, 2 insertions(+), 7 deletions(-) > > diff --git a/drivers/soc/qcom/cmd-db.c b/drivers/soc/qcom/cmd-db.c > index a5fd68411bed..d05f35d175bd 100644 > --- a/drivers/soc/qcom/cmd-db.c > +++ b/drivers/soc/qcom/cmd-db.c > @@ -141,18 +141,13 @@ static int cmd_db_get_header(const char *id, const struct entry_header **eh, > const struct rsc_hdr *rsc_hdr; > const struct entry_header *ent; > int ret, i, j; > - u8 query[sizeof(ent->id)] __nonstring; > + u8 query[sizeof(ent->id)] __nonstring = { 0 }; > > ret = cmd_db_ready(); > if (ret) > return ret; > > - /* > - * Pad out query string to same length as in DB. NOTE: the output > - * query string is not necessarily '\0' terminated if it bumps up > - * against the max size. That's OK and expected. > - */ > - strncpy(query, id, sizeof(query)); > + strtomem(query, id); query needs to be NUL-padded to sizeof(ent->id) bytes (like strncpy does), something you recognized by adding the zero-initialization above. But why split this requirement across two non-adjacent lines? Isn't this what strtomem_pad() is supposed to do? Regards, Bjorn > > for (i = 0; i < MAX_SLV_ID; i++) { > rsc_hdr = &cmd_db_header->header[i]; > > --- > base-commit: fe46a7dd189e25604716c03576d05ac8a5209743 > change-id: 20240314-strncpy-drivers-soc-qcom-cmd-db-c-284f3abaabb8 > > Best regards, > -- > Justin Stitt <justinstitt@xxxxxxxxxx> >
