Commit ac0126a01735 ("soc: qcom: cmd-db: replace strncpy() with
strscpy_pad()") breaks booting on my sc7280-herobrine-herobrine
device. From printouts I see that at bootup the function is called
with an id of "lnbclka2" which is 8 bytes big.
Previously all 8 bytes of this string were copied to the
destination. Now only 7 bytes will be copied since strscpy_pad() saves
a byte for '\0' termination.
We don't need the '\0' termination in the destination. Let's go back
to strncpy(). According to the warning:
If a caller is using non-NUL-terminated strings, strncpy() can still
be used, but destinations should be marked with the __nonstring
attribute to avoid future compiler warnings.
...so we'll do that.
Fixes: ac0126a01735 ("soc: qcom: cmd-db: replace strncpy() with strscpy_pad()")
Signed-off-by: Douglas Anderson <[email protected]>
---
drivers/soc/qcom/cmd-db.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/soc/qcom/cmd-db.c b/drivers/soc/qcom/cmd-db.c
index c5137c25d819..0aafe90277bc 100644
--- a/drivers/soc/qcom/cmd-db.c
+++ b/drivers/soc/qcom/cmd-db.c
@@ -141,14 +141,14 @@ static int cmd_db_get_header(const char *id, const struct entry_header **eh,
const struct rsc_hdr *rsc_hdr;
const struct entry_header *ent;
int ret, i, j;
- u8 query[8];
+ u8 query[8] __nonstring;
ret = cmd_db_ready();
if (ret)
return ret;
/* Pad out query string to same length as in DB */
- strscpy_pad(query, id, sizeof(query));
+ strncpy(query, id, sizeof(query));
for (i = 0; i < MAX_SLV_ID; i++) {
rsc_hdr = &cmd_db_header->header[i];
--
2.37.0.rc0.161.g10f37bed90-goog
On Mon, Jun 27, 2022 at 04:17:00PM -0700, Douglas Anderson wrote:
> Commit ac0126a01735 ("soc: qcom: cmd-db: replace strncpy() with
> strscpy_pad()") breaks booting on my sc7280-herobrine-herobrine
> device. From printouts I see that at bootup the function is called
> with an id of "lnbclka2" which is 8 bytes big.
>
> Previously all 8 bytes of this string were copied to the
> destination. Now only 7 bytes will be copied since strscpy_pad() saves
> a byte for '\0' termination.
>
> We don't need the '\0' termination in the destination. Let's go back
> to strncpy(). According to the warning:
> If a caller is using non-NUL-terminated strings, strncpy() can still
> be used, but destinations should be marked with the __nonstring
> attribute to avoid future compiler warnings.
> ...so we'll do that.
>
> Fixes: ac0126a01735 ("soc: qcom: cmd-db: replace strncpy() with strscpy_pad()")
> Signed-off-by: Douglas Anderson <[email protected]>
Reviewed-by: Matthias Kaehlcke <[email protected]>
Quoting Douglas Anderson (2022-06-27 16:17:00)
> Commit ac0126a01735 ("soc: qcom: cmd-db: replace strncpy() with
> strscpy_pad()") breaks booting on my sc7280-herobrine-herobrine
> device. From printouts I see that at bootup the function is called
> with an id of "lnbclka2" which is 8 bytes big.
>
> Previously all 8 bytes of this string were copied to the
> destination. Now only 7 bytes will be copied since strscpy_pad() saves
> a byte for '\0' termination.
>
> We don't need the '\0' termination in the destination. Let's go back
> to strncpy(). According to the warning:
> If a caller is using non-NUL-terminated strings, strncpy() can still
> be used, but destinations should be marked with the __nonstring
> attribute to avoid future compiler warnings.
> ...so we'll do that.
>
> Fixes: ac0126a01735 ("soc: qcom: cmd-db: replace strncpy() with strscpy_pad()")
> Signed-off-by: Douglas Anderson <[email protected]>
> ---
>
> drivers/soc/qcom/cmd-db.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/soc/qcom/cmd-db.c b/drivers/soc/qcom/cmd-db.c
> index c5137c25d819..0aafe90277bc 100644
> --- a/drivers/soc/qcom/cmd-db.c
> +++ b/drivers/soc/qcom/cmd-db.c
> @@ -141,14 +141,14 @@ static int cmd_db_get_header(const char *id, const struct entry_header **eh,
> const struct rsc_hdr *rsc_hdr;
> const struct entry_header *ent;
> int ret, i, j;
> - u8 query[8];
> + u8 query[8] __nonstring;
Since you're already here, can you change 8 to be sizeof(ent->id)? That
would directly tie the two lengths together so that one can't change and
then the carefully crafted strncpy() fails again.
>
> ret = cmd_db_ready();
> if (ret)
> return ret;
>
> /* Pad out query string to same length as in DB */
> - strscpy_pad(query, id, sizeof(query));
> + strncpy(query, id, sizeof(query));