The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@xxxxxxxxxxxxxxx>.
Possible dependencies:
63d5429f68a3 ("btrfs: replace strncpy() with strscpy()")
cb3e217bdb39 ("btrfs: use btrfs_dev_name() helper to handle missing devices better")
947a629988f1 ("btrfs: move tree block parentness check into validate_extent_buffer()")
789d6a3a876e ("btrfs: concentrate all tree block parentness check parameters into one structure")
ab2072b2921e ("btrfs: change how submit bio callback is passed to btrfs_wq_submit_bio")
7920b773bd8a ("btrfs: drop parameter compression_type from btrfs_submit_dio_repair_bio")
19af6a7d345a ("btrfs: change how repair action is passed to btrfs_repair_one_sector")
a2c8d27e5ee8 ("btrfs: use a structure to pass arguments to backref walking functions")
6ce6ba534418 ("btrfs: use a single argument for extent offset in backref walking functions")
22a3c0ac8ed0 ("btrfs: send: avoid unnecessary backref lookups when finding clone source")
2885fd632050 ("btrfs: move inode prototypes to btrfs_inode.h")
b31bed170d52 ("btrfs: move btrfs_chunk_item_size out of ctree.h")
911bd75aca73 ("btrfs: remove unused function prototypes")
a56159d4080b ("btrfs: move btrfs_fs_info declarations into fs.h")
6db75318823a ("btrfs: use struct fscrypt_str instead of struct qstr")
ab3c5c18e8fa ("btrfs: setup qstr from dentrys using fscrypt helper")
e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs")
e9c83077d2be ("btrfs: remove temporary btrfs_map_token declaration in ctree.h")
ad1ac5012c2b ("btrfs: move btrfs_map_token to accessors")
d83eb482b727 ("btrfs: move the compat/incompat flag masks to fs.h")
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From 63d5429f68a3d4c4aa27e65a05196c17f86c41d6 Mon Sep 17 00:00:00 2001
From: Artem Chernyshev <artem.chernyshev@xxxxxxxxxxx>
Date: Sat, 19 Nov 2022 11:13:29 +0300
Subject: [PATCH] btrfs: replace strncpy() with strscpy()
Using strncpy() on NUL-terminated strings are deprecated. To avoid
possible forming of non-terminated string strscpy() should be used.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
CC: stable@xxxxxxxxxxxxxxx # 4.9+
Signed-off-by: Artem Chernyshev <artem.chernyshev@xxxxxxxxxxx>
Reviewed-by: David Sterba <dsterba@xxxxxxxx>
Signed-off-by: David Sterba <dsterba@xxxxxxxx>
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index bed74a3ff574..4fd6b61b06a4 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2859,13 +2859,10 @@ static long btrfs_ioctl_dev_info(struct btrfs_fs_info *fs_info,
di_args->bytes_used = btrfs_device_get_bytes_used(dev);
di_args->total_bytes = btrfs_device_get_total_bytes(dev);
memcpy(di_args->uuid, dev->uuid, sizeof(di_args->uuid));
- if (dev->name) {
- strncpy(di_args->path, btrfs_dev_name(dev),
- sizeof(di_args->path) - 1);
- di_args->path[sizeof(di_args->path) - 1] = 0;
- } else {
+ if (dev->name)
+ strscpy(di_args->path, btrfs_dev_name(dev), sizeof(di_args->path));
+ else
di_args->path[0] = '\0';
- }
out:
rcu_read_unlock();
diff --git a/fs/btrfs/rcu-string.h b/fs/btrfs/rcu-string.h
index 5c1a617eb25d..5c2b66d155ef 100644
--- a/fs/btrfs/rcu-string.h
+++ b/fs/btrfs/rcu-string.h
@@ -18,7 +18,11 @@ static inline struct rcu_string *rcu_string_strdup(const char *src, gfp_t mask)
(len * sizeof(char)), mask);
if (!ret)
return ret;
- strncpy(ret->str, src, len);
+ /* Warn if the source got unexpectedly truncated. */
+ if (WARN_ON(strscpy(ret->str, src, len) < 0)) {
+ kfree(ret);
+ return NULL;
+ }
return ret;
}
