tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'strlcpy-removal-v6.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull strlcpy removal from Kees Cook:
"As promised, this is 'part 2' of the hardening tree, late in -rc1 now
that all the other trees with strlcpy() removals have landed. One new
user appeared (in bcachefs) but was a trivial refactor. The kernel is
now free of the strlcpy() API!

- Remove of the final (very recent) user of strlcpy() (in bcachefs)

- Remove the strlcpy() API. Long live strscpy()"

* tag 'strlcpy-removal-v6.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
string: Remove strlcpy()
bcachefs: Replace strlcpy() with strscpy()

Linus Torvalds 57f22c8d 18b5cb6c

+3 -82
+2 -2
fs/bcachefs/super.c
··· 1386 1386 prt_bdevname(&name, ca->disk_sb.bdev); 1387 1387 1388 1388 if (c->sb.nr_devices == 1) 1389 - strlcpy(c->name, name.buf, sizeof(c->name)); 1390 - strlcpy(ca->name, name.buf, sizeof(ca->name)); 1389 + strscpy(c->name, name.buf, sizeof(c->name)); 1390 + strscpy(ca->name, name.buf, sizeof(ca->name)); 1391 1391 1392 1392 printbuf_exit(&name); 1393 1393
-51
include/linux/fortify-string.h
··· 214 214 return ret; 215 215 } 216 216 217 - /* Defined after fortified strlen() to reuse it. */ 218 - extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy); 219 - /** 220 - * strlcpy - Copy a string into another string buffer 221 - * 222 - * @p: pointer to destination of copy 223 - * @q: pointer to NUL-terminated source string to copy 224 - * @size: maximum number of bytes to write at @p 225 - * 226 - * If strlen(@q) >= @size, the copy of @q will be truncated at 227 - * @size - 1 bytes. @p will always be NUL-terminated. 228 - * 229 - * Do not use this function. While FORTIFY_SOURCE tries to avoid 230 - * over-reads when calculating strlen(@q), it is still possible. 231 - * Prefer strscpy(), though note its different return values for 232 - * detecting truncation. 233 - * 234 - * Returns total number of bytes written to @p, including terminating NUL. 235 - * 236 - */ 237 - __FORTIFY_INLINE size_t strlcpy(char * const POS p, const char * const POS q, size_t size) 238 - { 239 - const size_t p_size = __member_size(p); 240 - const size_t q_size = __member_size(q); 241 - size_t q_len; /* Full count of source string length. */ 242 - size_t len; /* Count of characters going into destination. */ 243 - 244 - if (p_size == SIZE_MAX && q_size == SIZE_MAX) 245 - return __real_strlcpy(p, q, size); 246 - q_len = strlen(q); 247 - len = (q_len >= size) ? size - 1 : q_len; 248 - if (__builtin_constant_p(size) && __builtin_constant_p(q_len) && size) { 249 - /* Write size is always larger than destination. */ 250 - if (len >= p_size) 251 - __write_overflow(); 252 - } 253 - if (size) { 254 - if (len >= p_size) 255 - fortify_panic(__func__); 256 - __underlying_memcpy(p, q, len); 257 - p[len] = '\0'; 258 - } 259 - return q_len; 260 - } 261 - 262 217 /* Defined after fortified strnlen() to reuse it. */ 263 218 extern ssize_t __real_strscpy(char *, const char *, size_t) __RENAME(strscpy); 264 219 /** ··· 226 271 * Copy the source string @q, or as much of it as fits, into the destination 227 272 * @p buffer. The behavior is undefined if the string buffers overlap. The 228 273 * destination @p buffer is always NUL terminated, unless it's zero-sized. 229 - * 230 - * Preferred to strlcpy() since the API doesn't require reading memory 231 - * from the source @q string beyond the specified @size bytes, and since 232 - * the return value is easier to error-check than strlcpy()'s. 233 - * In addition, the implementation is robust to the string changing out 234 - * from underneath it, unlike the current strlcpy() implementation. 235 274 * 236 275 * Preferred to strncpy() since it always returns a valid string, and 237 276 * doesn't unnecessarily force the tail of the destination buffer to be
-3
include/linux/string.h
··· 66 66 #ifndef __HAVE_ARCH_STRNCPY 67 67 extern char * strncpy(char *,const char *, __kernel_size_t); 68 68 #endif 69 - #ifndef __HAVE_ARCH_STRLCPY 70 - size_t strlcpy(char *, const char *, size_t); 71 - #endif 72 69 #ifndef __HAVE_ARCH_STRSCPY 73 70 ssize_t strscpy(char *, const char *, size_t); 74 71 #endif
+1 -1
lib/nlattr.c
··· 758 758 * @dstsize: Size of destination buffer. 759 759 * 760 760 * Copies at most dstsize - 1 bytes into the destination buffer. 761 - * Unlike strlcpy the destination buffer is always padded out. 761 + * Unlike strscpy() the destination buffer is always padded out. 762 762 * 763 763 * Return: 764 764 * * srclen - Returns @nla length (not including the trailing %NUL).
-15
lib/string.c
··· 103 103 EXPORT_SYMBOL(strncpy); 104 104 #endif 105 105 106 - #ifndef __HAVE_ARCH_STRLCPY 107 - size_t strlcpy(char *dest, const char *src, size_t size) 108 - { 109 - size_t ret = strlen(src); 110 - 111 - if (size) { 112 - size_t len = (ret >= size) ? size - 1 : ret; 113 - __builtin_memcpy(dest, src, len); 114 - dest[len] = '\0'; 115 - } 116 - return ret; 117 - } 118 - EXPORT_SYMBOL(strlcpy); 119 - #endif 120 - 121 106 #ifndef __HAVE_ARCH_STRSCPY 122 107 ssize_t strscpy(char *dest, const char *src, size_t count) 123 108 {
-5
lib/test_fortify/write_overflow-strlcpy-src.c
··· 1 - // SPDX-License-Identifier: GPL-2.0-only 2 - #define TEST \ 3 - strlcpy(small, large_src, sizeof(small) + 1) 4 - 5 - #include "test_fortify.h"
-5
lib/test_fortify/write_overflow-strlcpy.c
··· 1 - // SPDX-License-Identifier: GPL-2.0-only 2 - #define TEST \ 3 - strlcpy(instance.buf, large_src, sizeof(instance.buf) + 1) 4 - 5 - #include "test_fortify.h"