From: Justin Stitt <justinstitt@google.com>
To: "Luck, Tony" <tony.luck@intel.com>
Cc: Borislav Petkov <bp@alien8.de>, James Morse <james.morse@arm.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Robert Richter <rric@kernel.org>,
"linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-hardening@vger.kernel.org"
<linux-hardening@vger.kernel.org>
Subject: Re: [PATCH] EDAC/mc_sysfs: refactor deprecated strncpy
Date: Wed, 13 Sep 2023 10:17:43 -0700 [thread overview]
Message-ID: <CAFhGd8r1u+u-6j0eLSSy-dB5SuQdJr4_0faOeAFiTk_P4kXg5g@mail.gmail.com> (raw)
In-Reply-To: <SJ1PR11MB6083BEE91F07BC4077FE38F5FCF0A@SJ1PR11MB6083.namprd11.prod.outlook.com>
On Wed, Sep 13, 2023 at 8:13 AM Luck, Tony <tony.luck@intel.com> wrote:
>
> > `strncpy` is deprecated for use on NUL-terminated destination strings [1].
> >
> > We should prefer more robust and less ambiguous string interfaces.
> >
> > A suitable replacement is `strscpy_pad` [2] due to the fact that it guarantees
> > NUL-termination on the destination buffer whilst maintaining the
> > NUL-padding behavior that `strncpy` provides. This may not be strictly
> > necessary but as I couldn't understand what this code does I wanted to
> > ensure that the functionality is the same.
> >
> > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> > Link: https://github.com/KSPP/linux/issues/90
> > Cc: linux-hardening@vger.kernel.org
> > Signed-off-by: Justin Stitt <justinstitt@google.com>
> > ---
> > Note: build-tested only.
> > ---
> > drivers/edac/edac_mc_sysfs.c | 3 +--
> > 1 file changed, 1 insertion(+), 2 deletions(-)
> >
> > diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
> > index 15f63452a9be..b303309a63cf 100644
> > --- a/drivers/edac/edac_mc_sysfs.c
> > +++ b/drivers/edac/edac_mc_sysfs.c
> > @@ -229,8 +229,7 @@ static ssize_t channel_dimm_label_store(struct device *dev,
> > if (copy_count == 0 || copy_count >= sizeof(rank->dimm->label))
> > return -EINVAL;
> >
> > - strncpy(rank->dimm->label, data, copy_count);
> > - rank->dimm->label[copy_count] = '\0';
> > + strscpy_pad(rank->dimm->label, data, copy_count);
>
> That doc page says the problem with strncpy() is that it doesn't guarantee to
> NUL terminate the target string. But this code is aware of that limitation and
> zaps a '\0' at the end to be sure.
>
> So this code doesn't suffer from the potential problems.
Right, the original code did not have an existing bug due to the
reason you mentioned. However, I'm pretty keen on eliminating uses of
this interface treewide as there is always a more robust and less
ambiguous option.
>
> If it is going to be fixed, then some further analysis of the original code
> would be wise. Just replacing with strscpy_pad() means the code probably
> still suffers from the "needless performance penalty" also mentioned in
> the deprecation document.
Got it, sending a v2 that prefers `strscpy` to `strscpy_pad` resolving
the performance issue.
>
> -Tony
>
Thanks for the timely review!
Justin
prev parent reply other threads:[~2023-09-13 17:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-13 1:26 [PATCH] EDAC/mc_sysfs: refactor deprecated strncpy Justin Stitt
2023-09-13 1:30 ` Justin Stitt
2023-09-13 15:13 ` Luck, Tony
2023-09-13 17:17 ` Justin Stitt [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFhGd8r1u+u-6j0eLSSy-dB5SuQdJr4_0faOeAFiTk_P4kXg5g@mail.gmail.com \
--to=justinstitt@google.com \
--cc=bp@alien8.de \
--cc=james.morse@arm.com \
--cc=linux-edac@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=rric@kernel.org \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).