Message ID | 20231005-strncpy-drivers-net-ethernet-brocade-bna-bfa_ioc-c-v1-1-8dfd30123afc@google.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2016:b0:403:3b70:6f57 with SMTP id fe22csp566305vqb; Thu, 5 Oct 2023 14:06:04 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHGp0wTdIHl0gEhf2U8EDSsUfsjXsGKUpB7QBYrCjYk5FcA8qolxAd7rykiyAsonBZaw1wL X-Received: by 2002:a05:6a20:430e:b0:16b:8498:d9bc with SMTP id h14-20020a056a20430e00b0016b8498d9bcmr177527pzk.62.1696539963910; Thu, 05 Oct 2023 14:06:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696539963; cv=none; d=google.com; s=arc-20160816; b=ftt126EkAlmUjTb6tAiS9ICHOEWS1W00HzgY0gw9EXEWd4XgVEEpHeoiZtINdoKEKJ nkPxx+CuqFU7d1dNB9xIJHFGRe2DMjWZavJSSS916KftV7IKga30MTPgfHIUnO7AaOLU Yq6KTVNOGQ3HLL/WJCozWdBBZ0Y9oX6Z0ftBfbrBbssHxsMVAk6yp6tPckW34cF+2NIx t/89Oeb5ZZaNaaPFJN6zRR12IiC8TNi9MdE7pRiSyQUWp/S66WmlfU+G05u80UKwE06u hDlck7Mp/eI7i29fK/8fiAjc9bLvWErZ8JYHUsh/4ruD3o/7LX3vvoS1PH5fgwLWUXj6 V2qA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date :dkim-signature; bh=H4y2YlrnXWnp/3hBKGWFmY8QqOEGdTjDuhv++ThsjEU=; fh=tpgR3Q6rr4pg1VcfCzi1hRJf4qvNknLFuIKl8Dy7+y8=; b=oL/4vyu/qK6NK9oE2q5DIi6butnD6SP3CmyuXUzY5XpvJW0Y35Q202jEI/lkFfP9qV aI+NJCSMci8bdval+CQ+UVHUd0dMqmQra4aQYaIN6DMSbxcAj5iaFrt6XT5RAi7uSsQT cOGxZFYNZ5xegNpSUTZBsvIBL73TeCezypwEYz+cm/mieRwebShwQwdRR/bSuSUUv9XY 48L+3SaxUIxafY8vWwwd8p9sdWNnCUktVsBxUKouuL/GghGucbpTViJHT5APsUDegZyT PwBbq9bdVwSh7mFXD4EOe5J0z2K61p0sNrERzdSgr4AJAAEXNdR1tLdUWcgbkRX++9Qa TTPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=3UHxsNuJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id i12-20020a170902e48c00b001c62d935854si2107377ple.614.2023.10.05.14.06.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Oct 2023 14:06:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=3UHxsNuJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 8892F844ABBC; Thu, 5 Oct 2023 14:06:01 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231359AbjJEVFt (ORCPT <rfc822;ezelljr.billy@gmail.com> + 18 others); Thu, 5 Oct 2023 17:05:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229852AbjJEVFq (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 5 Oct 2023 17:05:46 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C17A4A6 for <linux-kernel@vger.kernel.org>; Thu, 5 Oct 2023 14:05:44 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-59c0dd156e5so21349807b3.3 for <linux-kernel@vger.kernel.org>; Thu, 05 Oct 2023 14:05:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1696539944; x=1697144744; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=H4y2YlrnXWnp/3hBKGWFmY8QqOEGdTjDuhv++ThsjEU=; b=3UHxsNuJw13MYYcb1v/IzDb9O+Ehjey4iE5+8L7c4DKUlVB59vKzKp7yRpDq2MORDy uhE9ga55yAyh0ZkC0+58TtAFMP94wBZd9phHO4SBc2KC3bYAncqR6aLIVwyKcrPxvKQv UQtq5gYNQFTQKdzRmWEEDiNhFqb+YndaqyqZzk589ePyq570td+Ur8WNiOYvMHWgO+Qh Pkb9DAAmCfJBB1WU7EsrJcmv3rMDJUp75MFmwXI/iNcNLdCji/gOyAgZkDdqw63uFqfb p2odL43ZiZ19uHM23jeqMWL4aQZ4EPoKAu0S6xiUYgknczYDwVHp5cCiSz2LfxZyco/9 oXmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696539944; x=1697144744; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=H4y2YlrnXWnp/3hBKGWFmY8QqOEGdTjDuhv++ThsjEU=; b=EGMwDLHIzNA9joQJhpIkONPYsu1MgjJUZWUl2xtSrIngwGKoth1bBr9Y55ofN6VDZm dL3H4O2xJ2SxzDyCI8tItjRXkVHTk8JLIgRGgz4XlBKw/5seGSmwZsYlL+6kbPwe8e0M KymNcEKuGP2HbUgNzoCSGPDrNlA6NC+7k1dCZd/OBmazO4Rxwl4aFTVVOvi8oh80O8ia l19aE2P2rlnT5i4FL4tt5UOs9OP9wNe4PLrVFuVdI7PMCdfg4wZ7U6hOL21V8kiOEbA3 MxpylzO6HVh/ibV+McpqZVwqAENHH8a1t9fIKcRw4UBE6TDn0J+5/qH6CkEcKECx67H0 feHg== X-Gm-Message-State: AOJu0YypSRDdMxQJRJAfG0mq5DQT8paLd7GZ1nBY+L2rG1GCd6+ecCtX OQz0ydqO6Qw3d2Kb8KuPA+7ZYWdMHBzwR6HqLw== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a25:db48:0:b0:d7a:c85c:725b with SMTP id g69-20020a25db48000000b00d7ac85c725bmr87457ybf.7.1696539943849; Thu, 05 Oct 2023 14:05:43 -0700 (PDT) Date: Thu, 05 Oct 2023 21:05:42 +0000 Mime-Version: 1.0 X-B4-Tracking: v=1; b=H4sIACYlH2UC/x2NywrDIBAAfyXsuQsaqdj+SinFx9rsRcMqISXk3 2t7m7nMHNBImBrcpwOENm5cyxB9mSAuvrwJOQ2HWc1GK3XF1qXE9YNJeCNpWKgj9YXkB0Fq9Ik wFI8h+xfXiBGty9rcrM3GORjhVSjz/p8+nuf5BXYfPFuEAAAA X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1696539942; l=1996; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=iWuTwxZczKzh+7gmgNXvK16vk7UgCuMWmTg1ny2oD8c=; b=YUlHgcN+oWStnkY0k8QsPE2sF9MJDlMlJwDVM6YDuXy2QvULO8Sa7bbF2I2FRmDvDk+53iYiN PyeP9/j4AHXAubuga/ZsL0+ZE9XOJq358MDHfpYVgcH2yjIPsxeX8yO X-Mailer: b4 0.12.3 Message-ID: <20231005-strncpy-drivers-net-ethernet-brocade-bna-bfa_ioc-c-v1-1-8dfd30123afc@google.com> Subject: [PATCH] bna: replace deprecated strncpy with strscpy From: Justin Stitt <justinstitt@google.com> To: Rasesh Mody <rmody@marvell.com>, Sudarsana Kalluru <skalluru@marvell.com>, GR-Linux-NIC-Dev@marvell.com, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com> Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, Justin Stitt <justinstitt@google.com> Content-Type: text/plain; charset="utf-8" X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Thu, 05 Oct 2023 14:06:01 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1778951088778888828 X-GMAIL-MSGID: 1778951088778888828 |
Series |
bna: replace deprecated strncpy with strscpy
|
|
Commit Message
Justin Stitt
Oct. 5, 2023, 9:05 p.m. UTC
`strncpy` is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.
bfa_ioc_get_adapter_manufacturer() simply copies a string literal into
`manufacturer`.
NUL-padding is not needed because bfa_ioc_get_adapter_manufacturer()'s
only caller passes `ad_attr` (which is from ioc_attr) which is then
memset to 0.
bfa_nw_ioc_get_attr() ->
bfa_ioc_get_adapter_attr() ->
bfa_nw_ioc_get_attr() ->
memset((void *)ioc_attr, 0, sizeof(struct bfa_ioc_attr));
Considering the above, a suitable replacement is `strscpy` [2] due to
the fact that it guarantees NUL-termination on the destination buffer
without unnecessarily NUL-padding.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
---
Note: build-tested only.
---
drivers/net/ethernet/brocade/bna/bfa_ioc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
---
base-commit: cbf3a2cb156a2c911d8f38d8247814b4c07f49a2
change-id: 20231005-strncpy-drivers-net-ethernet-brocade-bna-bfa_ioc-c-68f13966f388
Best regards,
--
Justin Stitt <justinstitt@google.com>
Comments
On Thu, Oct 05, 2023 at 09:05:42PM +0000, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > bfa_ioc_get_adapter_manufacturer() simply copies a string literal into > `manufacturer`. > > NUL-padding is not needed because bfa_ioc_get_adapter_manufacturer()'s > only caller passes `ad_attr` (which is from ioc_attr) which is then > memset to 0. > bfa_nw_ioc_get_attr() -> > bfa_ioc_get_adapter_attr() -> > bfa_nw_ioc_get_attr() -> > memset((void *)ioc_attr, 0, sizeof(struct bfa_ioc_attr)); > > Considering the above, a suitable replacement is `strscpy` [2] due to > the fact that it guarantees NUL-termination on the destination buffer > without unnecessarily NUL-padding. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> > --- > Note: build-tested only. > --- > drivers/net/ethernet/brocade/bna/bfa_ioc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/ethernet/brocade/bna/bfa_ioc.c b/drivers/net/ethernet/brocade/bna/bfa_ioc.c > index b07522ac3e74..497cb65f2d06 100644 > --- a/drivers/net/ethernet/brocade/bna/bfa_ioc.c > +++ b/drivers/net/ethernet/brocade/bna/bfa_ioc.c > @@ -2839,7 +2839,7 @@ bfa_ioc_get_adapter_optrom_ver(struct bfa_ioc *ioc, char *optrom_ver) > static void > bfa_ioc_get_adapter_manufacturer(struct bfa_ioc *ioc, char *manufacturer) > { > - strncpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN); > + strscpy(manufacturer, BFA_MFG_NAME, sizeof(manufacturer)); > } tl;dr: please use: strscpy_pad(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN); sizeof() will not work correctly here -- manufacturer is a char *, so this will always be sizeof(unsigned long). Which begs the question, why is an unbounded string being passed here? Yay fragile API. I notice bfa_ioc_get_adapter_manufacturer() in drivers/scsi/bfa/bfa_ioc.c does this: memset((void *)manufacturer, 0, BFA_ADAPTER_MFG_NAME_LEN); strscpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN); So, I think we should follow suit (but use strscpy_pad() instead to avoid the partially redundant memset). I also note that the "manufacturer" argument comes from many possible structs, not just struct bfa_adapter_attr: drivers/net/ethernet/brocade/bna/bfa_ioc.c:2761: bfa_ioc_get_adapter_manufacturer(ioc, ad_attr->manufacturer); struct bfa_adapter_attr { char manufacturer[BFA_ADAPTER_MFG_NAME_LEN]; drivers/scsi/bfa/bfa_ioc.c:2698: bfa_ioc_get_adapter_manufacturer(ioc, ad_attr->manufacturer); struct bfa_adapter_attr_s { char manufacturer[BFA_ADAPTER_MFG_NAME_LEN]; drivers/scsi/bfa/bfa_fcs_lport.c:2630: bfa_ioc_get_adapter_manufacturer(&port->fcs->bfa->ioc, struct bfa_fcs_fdmi_hba_attr_s { ... u8 manufacturer[64]; This is unexpectedly large... I was expecting either 8 or BFA_ADAPTER_MFG_NAME_LEN: drivers/net/ethernet/brocade/bna/bfa_defs.h:31: BFA_ADAPTER_MFG_NAME_LEN = 8, /*!< manufacturer name length */ drivers/scsi/bfa/bfa_defs.h:259: BFA_ADAPTER_MFG_NAME_LEN = 8, /* manufacturer name length */ (But it seems not a problem, since it's memset() before...) And there are more that I've check, since I also found this macro: #define bfa_get_adapter_manufacturer(__bfa, __manufacturer) \ bfa_ioc_get_adapter_manufacturer(&(__bfa)->ioc, __manufacturer) And there are multiple implementations of bfa_ioc_get_adapter_manufacturer(), it seems.
diff --git a/drivers/net/ethernet/brocade/bna/bfa_ioc.c b/drivers/net/ethernet/brocade/bna/bfa_ioc.c index b07522ac3e74..497cb65f2d06 100644 --- a/drivers/net/ethernet/brocade/bna/bfa_ioc.c +++ b/drivers/net/ethernet/brocade/bna/bfa_ioc.c @@ -2839,7 +2839,7 @@ bfa_ioc_get_adapter_optrom_ver(struct bfa_ioc *ioc, char *optrom_ver) static void bfa_ioc_get_adapter_manufacturer(struct bfa_ioc *ioc, char *manufacturer) { - strncpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN); + strscpy(manufacturer, BFA_MFG_NAME, sizeof(manufacturer)); } static void