Hi, On Mon, Mar 18, 2024 at 8:37 PM Bjorn Andersson <andersson@xxxxxxxxxx> wrote: > > On Mon, Mar 18, 2024 at 10:49:23PM +0000, Justin Stitt wrote: > > strncpy() is deprecated for use on NUL-terminated destination strings > > [1] and as such we should prefer more robust and less ambiguous string > > interfaces. > > > > I don't mind changing the strncpy() in this function, but I don't think > this problem description adequately describes the problem you're > solving. > > If the motivation is that we want 0 users of strncpy() in the kernel, > then say so. Fair. You caught me in a bad case of "copy pasting this blurb into all my patches". You are right though, the true motivation here is to rid the kernel of strncpy. > > > @query is already marked as __nonstring and doesn't need to be > > NUL-terminated. > > You're not wrong, but in the event that strlen(id) < sizeof(ent->id) the > destination should be NUL-padded - exactly one of the well known, > normally unwanted, effects of strncpy(). strtomem() does explicitly not > do this. > > > Since @id is a string, we can use the self-describing > > string API strtomem(). > > "self-describing"? > In the sense that its name matches its functionality: strncpy === string to string copy, bounded by n strtomem === string to memory buffer strncpy technically does the latter functionality as well but it may not be obvious in all cases that the destination buffer is not a string. Granted, in this case, it is extremely obvious what the behavior is because query is marked nonstring. > > > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > > Link: https://github.com/KSPP/linux/issues/90 > > Cc: linux-hardening@xxxxxxxxxxxxxxx > > Signed-off-by: Justin Stitt <justinstitt@xxxxxxxxxx> > > --- > > Changes in v2: > > - use strtomem instead of memcpy (thanks Kees) > > - Link to v1: https://lore.kernel.org/r/20240314-strncpy-drivers-soc-qcom-cmd-db-c-v1-1-70f5d5e70732@xxxxxxxxxx > > --- > > Note: build-tested only. > > > > Found with: $ rg "strncpy\(" > > --- > > drivers/soc/qcom/cmd-db.c | 9 ++------- > > 1 file changed, 2 insertions(+), 7 deletions(-) > > > > diff --git a/drivers/soc/qcom/cmd-db.c b/drivers/soc/qcom/cmd-db.c > > index a5fd68411bed..d05f35d175bd 100644 > > --- a/drivers/soc/qcom/cmd-db.c > > +++ b/drivers/soc/qcom/cmd-db.c > > @@ -141,18 +141,13 @@ static int cmd_db_get_header(const char *id, const struct entry_header **eh, > > const struct rsc_hdr *rsc_hdr; > > const struct entry_header *ent; > > int ret, i, j; > > - u8 query[sizeof(ent->id)] __nonstring; > > + u8 query[sizeof(ent->id)] __nonstring = { 0 }; > > > > ret = cmd_db_ready(); > > if (ret) > > return ret; > > > > - /* > > - * Pad out query string to same length as in DB. NOTE: the output > > - * query string is not necessarily '\0' terminated if it bumps up > > - * against the max size. That's OK and expected. > > - */ > > - strncpy(query, id, sizeof(query)); > > + strtomem(query, id); > > query needs to be NUL-padded to sizeof(ent->id) bytes (like strncpy > does), something you recognized by adding the zero-initialization above. > But why split this requirement across two non-adjacent lines? Isn't this > what strtomem_pad() is supposed to do? Yes, strtomem_pad() will accomplish this task. I'll send a v3 fixing up the commit log and use the pad version. > > Regards, > Bjorn > > > > > for (i = 0; i < MAX_SLV_ID; i++) { > > rsc_hdr = &cmd_db_header->header[i]; > > > > --- > > base-commit: fe46a7dd189e25604716c03576d05ac8a5209743 > > change-id: 20240314-strncpy-drivers-soc-qcom-cmd-db-c-284f3abaabb8 > > > > Best regards, > > -- > > Justin Stitt <justinstitt@xxxxxxxxxx> > > Thanks Justin
