> Which architectures do you mean? I don't see any architecture using > asm-generic/uaccess.h without setting GENERIC_STRNCPY_FROM_USER > before commit 98b861a30431 or the prior release. I am a user of LibOS, which uses this __strncpy_from_user. > Also, I think the implementation relied on strncpy() setting a zero pad > at the end of the string, so the ckeck would only be needed for a count > value that starts out negative? Is there another way this can actually > cause problems? In kernel there is a common calling pattern is strncpy_from_user(buf, user_ptr, sizeof(buf)), as I mentioned before. If the size of user_ptr is greater than the buffer in the kernel, no zero attaches to the end of copied string (see the implementation in lib/string.c). So the checking of the count variable in this boolean condition does not protect the tmp buffer in the last iteration of this loop in the __strncpy_from_user. Yangxi Xiang
