Re: [PATCH] bpf: replace deprecated strncpy with strscpy

Wed, 03 Apr 2024 07:55:20 -0700 

On 4/3/24 5:06 AM, Ratheesh Kannoth wrote:

On 2024-04-03 at 05:22:50, Justin Stitt ([email protected]) wrote:

strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.

bpf sym names get looked up and compared/cleaned with various string
apis. This suggests they need to be NUL-terminated (strncpy() suggests
this but does not guarantee it).

|       static int compare_symbol_name(const char *name, char *namebuf)
|       {
|               cleanup_symbol_name(namebuf);
|               return strcmp(name, namebuf);
|       }

|       static void cleanup_symbol_name(char *s)
|       {
|               ...
|               res = strstr(s, ".llvm.");
|               ...
|       }

Use strscpy() as this method guarantees NUL-termination on the
destination buffer.

This patch also replaces two uses of strncpy() used in log.c. These are
simple replacements as postfix has been zero-initialized on the stack
and has source arguments with a size less than the destination's size.

Note that this patch uses the new 2-argument version of strscpy
introduced in Commit e6584c3964f2f ("string: Allow 2-argument
strscpy()").

Link: 
https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
 [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: [email protected]
Signed-off-by: Justin Stitt <[email protected]>
---
Note: build-tested only.

Found with: $ rg "strncpy\("
---
  kernel/bpf/core.c | 4 ++--
  kernel/bpf/log.c  | 4 ++--
  2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 696bc55de8e8..8c9078f4549c 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -747,7 +747,7 @@ const char *__bpf_address_lookup(unsigned long addr, 
unsigned long *size,
                unsigned long symbol_start = ksym->start;
                unsigned long symbol_end = ksym->end;

-               strncpy(sym, ksym->name, KSYM_NAME_LEN);
+               strscpy(sym, ksym->name, KSYM_NAME_LEN);

You dont have to check return value of strscpy for errors ?


That would be overkill, it can be easily audited that both pointers are
of size KSYM_NAME_LEN, as is the count arg.

Thanks,
Daniel

Reply via email to