Re: [PATCH] firmware: ti_sci: refactor deprecated strncpy
On Fri, Sep 15, 2023 at 07:40:38AM -0500, Nishanth Menon wrote: > On 21:03-20230914, Kees Cook wrote: > > On Wed, Sep 13, 2023 at 08:23:02PM +, Justin Stitt wrote: > > > `strncpy` is deprecated for use on NUL-terminated destination strings [1]. > > > > > > We should prefer more robust and less ambiguous string interfaces. > > > > > > A suitable replacement is `strscpy` [2] due to the fact that it guarantees > > > NUL-termination on the destination buffer. > > > > > > It does not seem like `ver->firmware_description` requires NUL-padding > > > (which is a behavior that strncpy provides) but if it does let's opt for > > > `strscpy_pad()`. > > > > > > Link: > > > https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings > > > [1] > > > Link: > > > https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > > > Link: https://github.com/KSPP/linux/issues/90 > > > Cc: linux-harden...@vger.kernel.org > > > Signed-off-by: Justin Stitt > > > > Looks right to me. > > > > Reviewed-by: Kees Cook > > Does this belong to stable as well? If so, please add appropriate stable > process. No need. This is a refactoring only. :) -- Kees Cook
Re: [PATCH] firmware: ti_sci: refactor deprecated strncpy
On 21:03-20230914, Kees Cook wrote: > On Wed, Sep 13, 2023 at 08:23:02PM +, Justin Stitt wrote: > > `strncpy` is deprecated for use on NUL-terminated destination strings [1]. > > > > We should prefer more robust and less ambiguous string interfaces. > > > > A suitable replacement is `strscpy` [2] due to the fact that it guarantees > > NUL-termination on the destination buffer. > > > > It does not seem like `ver->firmware_description` requires NUL-padding > > (which is a behavior that strncpy provides) but if it does let's opt for > > `strscpy_pad()`. > > > > Link: > > https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings > > [1] > > Link: > > https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > > Link: https://github.com/KSPP/linux/issues/90 > > Cc: linux-harden...@vger.kernel.org > > Signed-off-by: Justin Stitt > > Looks right to me. > > Reviewed-by: Kees Cook Does this belong to stable as well? If so, please add appropriate stable process. -- Regards, Nishanth Menon Key (0xDDB5849D1736249D) / Fingerprint: F8A2 8693 54EB 8232 17A3 1A34 DDB5 849D 1736 249D
Re: [PATCH] firmware: ti_sci: refactor deprecated strncpy
On Wed, Sep 13, 2023 at 08:23:02PM +, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings [1]. > > We should prefer more robust and less ambiguous string interfaces. > > A suitable replacement is `strscpy` [2] due to the fact that it guarantees > NUL-termination on the destination buffer. > > It does not seem like `ver->firmware_description` requires NUL-padding > (which is a behavior that strncpy provides) but if it does let's opt for > `strscpy_pad()`. > > Link: > https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings > [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html > [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-harden...@vger.kernel.org > Signed-off-by: Justin Stitt Looks right to me. Reviewed-by: Kees Cook -- Kees Cook
[PATCH] firmware: ti_sci: refactor deprecated strncpy
`strncpy` is deprecated for use on NUL-terminated destination strings [1]. We should prefer more robust and less ambiguous string interfaces. A suitable replacement is `strscpy` [2] due to the fact that it guarantees NUL-termination on the destination buffer. It does not seem like `ver->firmware_description` requires NUL-padding (which is a behavior that strncpy provides) but if it does let's opt for `strscpy_pad()`. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-harden...@vger.kernel.org Signed-off-by: Justin Stitt --- Note: build-tested only. --- drivers/firmware/ti_sci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c index 26a37f47f4ca..ce546f391959 100644 --- a/drivers/firmware/ti_sci.c +++ b/drivers/firmware/ti_sci.c @@ -485,7 +485,7 @@ static int ti_sci_cmd_get_revision(struct ti_sci_info *info) ver->abi_major = rev_info->abi_major; ver->abi_minor = rev_info->abi_minor; ver->firmware_revision = rev_info->firmware_revision; - strncpy(ver->firmware_description, rev_info->firmware_description, + strscpy(ver->firmware_description, rev_info->firmware_description, sizeof(ver->firmware_description)); fail: --- base-commit: 3669558bdf354cd352be955ef2764cde6a9bf5ec change-id: 20230913-strncpy-drivers-firmware-ti_sci-c-22667413c18f Best regards, -- Justin Stitt