On December 16, 2024 8:12:07 PM PST, Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote: >On Mon, Dec 16, 2024 at 02:45:15PM -0800, Kees Cook wrote: >> Since we have already allocated "len + 1" space for event->name, make sure >> that name->name cannot ever accidentally cause a copy overflow by calling >> strscpy() instead of the unbounded strcpy() routine. This assists in >> the ongoing efforts to remove the unsafe strcpy() API[1] from the kernel. > >Since a qstr can't contain a NUL before the length, why not just use >memcpy()? > >> event->name_len = len; >> if (len) >> - strcpy(event->name, name->name); >> + strscpy(event->name, name->name, event->name_len + 1); So that the destination is guaranteed to be NUL terminated no matter what's in the source. :) (i.e. try to limit unlikely conditions from expanding.) -- Kees Cook
