linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] staging: qlge: Replace strncpy with strscpy
@ 2023-10-06 16:12 Ricardo Lopes
  2023-10-09 13:17 ` Simon Horman
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Ricardo Lopes @ 2023-10-06 16:12 UTC (permalink / raw)
  To: manishc, GR-Linux-NIC-Dev, coiby.xu, gregkh
  Cc: netdev, linux-staging, linux-kernel

Reported by checkpatch:

WARNING: Prefer strscpy, strscpy_pad, or __nonstring over strncpy

Signed-off-by: Ricardo Lopes <ricardoapl.dev@gmail.com>
---
v2: Redo changelog text

 drivers/staging/qlge/qlge_dbg.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/staging/qlge/qlge_dbg.c b/drivers/staging/qlge/qlge_dbg.c
index c7e865f51..5f08a8492 100644
--- a/drivers/staging/qlge/qlge_dbg.c
+++ b/drivers/staging/qlge/qlge_dbg.c
@@ -696,7 +696,7 @@ static void qlge_build_coredump_seg_header(struct mpi_coredump_segment_header *s
 	seg_hdr->cookie = MPI_COREDUMP_COOKIE;
 	seg_hdr->seg_num = seg_number;
 	seg_hdr->seg_size = seg_size;
-	strncpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1);
+	strscpy(seg_hdr->description, desc, sizeof(seg_hdr->description));
 }
 
 /*
@@ -737,7 +737,7 @@ int qlge_core_dump(struct qlge_adapter *qdev, struct qlge_mpi_coredump *mpi_core
 		sizeof(struct mpi_coredump_global_header);
 	mpi_coredump->mpi_global_header.image_size =
 		sizeof(struct qlge_mpi_coredump);
-	strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
+	strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
 		sizeof(mpi_coredump->mpi_global_header.id_string));
 
 	/* Get generic NIC reg dump */
@@ -1225,7 +1225,7 @@ static void qlge_gen_reg_dump(struct qlge_adapter *qdev,
 		sizeof(struct mpi_coredump_global_header);
 	mpi_coredump->mpi_global_header.image_size =
 		sizeof(struct qlge_reg_dump);
-	strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
+	strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
 		sizeof(mpi_coredump->mpi_global_header.id_string));
 
 	/* segment 16 */
-- 
2.41.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH v2] staging: qlge: Replace strncpy with strscpy
  2023-10-06 16:12 [PATCH v2] staging: qlge: Replace strncpy with strscpy Ricardo Lopes
@ 2023-10-09 13:17 ` Simon Horman
  2023-10-09 16:44 ` Kees Cook
  2023-10-09 17:22 ` Justin Stitt
  2 siblings, 0 replies; 5+ messages in thread
From: Simon Horman @ 2023-10-09 13:17 UTC (permalink / raw)
  To: Ricardo Lopes
  Cc: manishc, GR-Linux-NIC-Dev, coiby.xu, gregkh, netdev,
	linux-staging, linux-kernel, Kees Cook

On Fri, Oct 06, 2023 at 05:12:24PM +0100, Ricardo Lopes wrote:
> Reported by checkpatch:
> 
> WARNING: Prefer strscpy, strscpy_pad, or __nonstring over strncpy
> 
> Signed-off-by: Ricardo Lopes <ricardoapl.dev@gmail.com>
> ---
> v2: Redo changelog text

Kees,

could you find a moment to look over this one?

> 
>  drivers/staging/qlge/qlge_dbg.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/staging/qlge/qlge_dbg.c b/drivers/staging/qlge/qlge_dbg.c
> index c7e865f51..5f08a8492 100644
> --- a/drivers/staging/qlge/qlge_dbg.c
> +++ b/drivers/staging/qlge/qlge_dbg.c
> @@ -696,7 +696,7 @@ static void qlge_build_coredump_seg_header(struct mpi_coredump_segment_header *s
>  	seg_hdr->cookie = MPI_COREDUMP_COOKIE;
>  	seg_hdr->seg_num = seg_number;
>  	seg_hdr->seg_size = seg_size;
> -	strncpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1);
> +	strscpy(seg_hdr->description, desc, sizeof(seg_hdr->description));
>  }
>  
>  /*
> @@ -737,7 +737,7 @@ int qlge_core_dump(struct qlge_adapter *qdev, struct qlge_mpi_coredump *mpi_core
>  		sizeof(struct mpi_coredump_global_header);
>  	mpi_coredump->mpi_global_header.image_size =
>  		sizeof(struct qlge_mpi_coredump);
> -	strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
> +	strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
>  		sizeof(mpi_coredump->mpi_global_header.id_string));
>  
>  	/* Get generic NIC reg dump */
> @@ -1225,7 +1225,7 @@ static void qlge_gen_reg_dump(struct qlge_adapter *qdev,
>  		sizeof(struct mpi_coredump_global_header);
>  	mpi_coredump->mpi_global_header.image_size =
>  		sizeof(struct qlge_reg_dump);
> -	strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
> +	strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
>  		sizeof(mpi_coredump->mpi_global_header.id_string));
>  
>  	/* segment 16 */
> -- 
> 2.41.0
> 
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v2] staging: qlge: Replace strncpy with strscpy
  2023-10-06 16:12 [PATCH v2] staging: qlge: Replace strncpy with strscpy Ricardo Lopes
  2023-10-09 13:17 ` Simon Horman
@ 2023-10-09 16:44 ` Kees Cook
  2023-10-09 18:53   ` Ricardo Lopes
  2023-10-09 17:22 ` Justin Stitt
  2 siblings, 1 reply; 5+ messages in thread
From: Kees Cook @ 2023-10-09 16:44 UTC (permalink / raw)
  To: Ricardo Lopes
  Cc: manishc, GR-Linux-NIC-Dev, coiby.xu, justinstitt,
	linux-hardening, gregkh, netdev, linux-staging, linux-kernel

On Fri, Oct 06, 2023 at 05:12:24PM +0100, Ricardo Lopes wrote:
> Reported by checkpatch:
> 
> WARNING: Prefer strscpy, strscpy_pad, or __nonstring over strncpy

Thanks for working on this! Doing these replacements needs analysis of
several issues that should be described in the commit log:

- is the destination an %NUL-terminated string? (strncpy can produce
  non-%NUL-terminated strings and sometimes this is intentional.)

- is the source %NUL-terminated? (Sometimes strncpy is used when memcpy,
  kmemdup_nul, or other things should be used.)

- does the destination need to be %NUL padded? (strncpy does this
  padding, but it isn't always obvious if it's needed.) When padding is
  needed, strscpy_pad() should be used.

> 
> Signed-off-by: Ricardo Lopes <ricardoapl.dev@gmail.com>
> ---
> v2: Redo changelog text
> 
>  drivers/staging/qlge/qlge_dbg.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/staging/qlge/qlge_dbg.c b/drivers/staging/qlge/qlge_dbg.c
> index c7e865f51..5f08a8492 100644
> --- a/drivers/staging/qlge/qlge_dbg.c
> +++ b/drivers/staging/qlge/qlge_dbg.c
> @@ -696,7 +696,7 @@ static void qlge_build_coredump_seg_header(struct mpi_coredump_segment_header *s
>  	seg_hdr->cookie = MPI_COREDUMP_COOKIE;
>  	seg_hdr->seg_num = seg_number;
>  	seg_hdr->seg_size = seg_size;
> -	strncpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1);
> +	strscpy(seg_hdr->description, desc, sizeof(seg_hdr->description));
>  }

This function uses memset() for seq_hdr, so this is clearly trying
to construct a %NUL terminated destination (due to the old "- 1"
on the size). Also, padding should be redundant. All the callers of
qlge_build_coredump_seg_header() pass a const string as the last argument,
so they're all terminated. This looks like a correct replacement.

>  
>  /*
> @@ -737,7 +737,7 @@ int qlge_core_dump(struct qlge_adapter *qdev, struct qlge_mpi_coredump *mpi_core
>  		sizeof(struct mpi_coredump_global_header);
>  	mpi_coredump->mpi_global_header.image_size =
>  		sizeof(struct qlge_mpi_coredump);
> -	strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
> +	strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
>  		sizeof(mpi_coredump->mpi_global_header.id_string));
>  
>  	/* Get generic NIC reg dump */
> @@ -1225,7 +1225,7 @@ static void qlge_gen_reg_dump(struct qlge_adapter *qdev,
>  		sizeof(struct mpi_coredump_global_header);
>  	mpi_coredump->mpi_global_header.image_size =
>  		sizeof(struct qlge_reg_dump);
> -	strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
> +	strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
>  		sizeof(mpi_coredump->mpi_global_header.id_string));
>  
>  	/* segment 16 */

These are both trying to copy a const string, so we know the src is
terminated. Checking the related sizes:

struct mpi_coredump_global_header {
	...
        u8      id_string[16];

The const strings are 13 bytes with the %NUL, so they'll always fit in
the destination.

Just before these copies, the mpi_global_header is wiped:

        memset(&mpi_coredump->mpi_global_header, 0,
               sizeof(struct mpi_coredump_global_header));

so padding isn't a concern. This looks like a correct replacement.

Reviewed-by: Kees Cook <keescook@chromium.org>

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v2] staging: qlge: Replace strncpy with strscpy
  2023-10-06 16:12 [PATCH v2] staging: qlge: Replace strncpy with strscpy Ricardo Lopes
  2023-10-09 13:17 ` Simon Horman
  2023-10-09 16:44 ` Kees Cook
@ 2023-10-09 17:22 ` Justin Stitt
  2 siblings, 0 replies; 5+ messages in thread
From: Justin Stitt @ 2023-10-09 17:22 UTC (permalink / raw)
  To: Ricardo Lopes
  Cc: manishc, GR-Linux-NIC-Dev, coiby.xu, gregkh, netdev,
	linux-staging, linux-kernel

On Fri, Oct 06, 2023 at 05:12:24PM +0100, Ricardo Lopes wrote:
> Reported by checkpatch:
>
> WARNING: Prefer strscpy, strscpy_pad, or __nonstring over strncpy
>
> Signed-off-by: Ricardo Lopes <ricardoapl.dev@gmail.com>

Nice patch!

It looks good to me and helps towards [1].

Reviewed-by: Justin Stitt <justinstitt@google.com>

> ---
> v2: Redo changelog text
>
>  drivers/staging/qlge/qlge_dbg.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/staging/qlge/qlge_dbg.c b/drivers/staging/qlge/qlge_dbg.c
> index c7e865f51..5f08a8492 100644
> --- a/drivers/staging/qlge/qlge_dbg.c
> +++ b/drivers/staging/qlge/qlge_dbg.c
> @@ -696,7 +696,7 @@ static void qlge_build_coredump_seg_header(struct mpi_coredump_segment_header *s
>  	seg_hdr->cookie = MPI_COREDUMP_COOKIE;
>  	seg_hdr->seg_num = seg_number;
>  	seg_hdr->seg_size = seg_size;
> -	strncpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1);
> +	strscpy(seg_hdr->description, desc, sizeof(seg_hdr->description));
>  }
>
>  /*
> @@ -737,7 +737,7 @@ int qlge_core_dump(struct qlge_adapter *qdev, struct qlge_mpi_coredump *mpi_core
>  		sizeof(struct mpi_coredump_global_header);
>  	mpi_coredump->mpi_global_header.image_size =
>  		sizeof(struct qlge_mpi_coredump);
> -	strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
> +	strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
>  		sizeof(mpi_coredump->mpi_global_header.id_string));
>
>  	/* Get generic NIC reg dump */
> @@ -1225,7 +1225,7 @@ static void qlge_gen_reg_dump(struct qlge_adapter *qdev,
>  		sizeof(struct mpi_coredump_global_header);
>  	mpi_coredump->mpi_global_header.image_size =
>  		sizeof(struct qlge_reg_dump);
> -	strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
> +	strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
>  		sizeof(mpi_coredump->mpi_global_header.id_string));
>
>  	/* segment 16 */
> --
> 2.41.0
>

[1]: https://github.com/KSPP/linux/issues/90

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v2] staging: qlge: Replace strncpy with strscpy
  2023-10-09 16:44 ` Kees Cook
@ 2023-10-09 18:53   ` Ricardo Lopes
  0 siblings, 0 replies; 5+ messages in thread
From: Ricardo Lopes @ 2023-10-09 18:53 UTC (permalink / raw)
  To: Kees Cook
  Cc: manishc, GR-Linux-NIC-Dev, coiby.xu, justinstitt,
	linux-hardening, gregkh, netdev, linux-staging, linux-kernel

On Mon, Oct 09, 2023 at 09:44:37AM -0700, Kees Cook wrote:
> Thanks for working on this! Doing these replacements needs analysis of
> several issues that should be described in the commit log:
> 
> - is the destination an %NUL-terminated string? (strncpy can produce
>   non-%NUL-terminated strings and sometimes this is intentional.)
> 
> - is the source %NUL-terminated? (Sometimes strncpy is used when memcpy,
>   kmemdup_nul, or other things should be used.)
> 
> - does the destination need to be %NUL padded? (strncpy does this
>   padding, but it isn't always obvious if it's needed.) When padding is
>   needed, strscpy_pad() should be used.

Thank you for the feedback Kees, I really appreciate it

Regards,

Ricardo Lopes


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-10-09 18:54 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-10-06 16:12 [PATCH v2] staging: qlge: Replace strncpy with strscpy Ricardo Lopes
2023-10-09 13:17 ` Simon Horman
2023-10-09 16:44 ` Kees Cook
2023-10-09 18:53   ` Ricardo Lopes
2023-10-09 17:22 ` Justin Stitt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).