LinuxLists.cc - [PATCH] drm/modes: refactor deprecated strncpy

2023-09-14 23:21:40

Subject: [PATCH] drm/modes: refactor deprecated strncpy

`strncpy` is deprecated for use on NUL-terminated destination strings [1].

We should prefer more robust and less ambiguous string interfaces.

A suitable replacement is `strscpy` [2] due to the fact that it guarantees
NUL-termination on the destination buffer and doesn't incur the
performance loss of unnecessarily NUL-padding.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: [email protected]
Cc: Xu Panda <[email protected]>
Signed-off-by: Justin Stitt <[email protected]>
---
This patch is basically a resend of [1] by Xu but rebased onto mainline.

This patch is also similar to:
commit 0f9aa074c92dd ("drm/modes: Use strscpy() to copy command-line mode name")

[1]: https://lore.kernel.org/all/[email protected]/
---
drivers/gpu/drm/drm_modes.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
index ac9a406250c5..c702a8b866cf 100644
--- a/drivers/gpu/drm/drm_modes.c
+++ b/drivers/gpu/drm/drm_modes.c
@@ -2617,8 +2617,7 @@ void drm_mode_convert_to_umode(struct drm_mode_modeinfo *out,
break;
}

- strncpy(out->name, in->name, DRM_DISPLAY_MODE_LEN);
- out->name[DRM_DISPLAY_MODE_LEN-1] = 0;
+ strscpy(out->name, in->name, DRM_DISPLAY_MODE_LEN);
}

/**
@@ -2659,8 +2658,7 @@ int drm_mode_convert_umode(struct drm_device *dev,
* useful for the kernel->userspace direction anyway.
*/
out->type = in->type & DRM_MODE_TYPE_ALL;
- strncpy(out->name, in->name, DRM_DISPLAY_MODE_LEN);
- out->name[DRM_DISPLAY_MODE_LEN-1] = 0;
+ strscpy(out->name, in->name, DRM_DISPLAY_MODE_LEN);

/* Clearing picture aspect ratio bits from out flags,
* as the aspect-ratio information is not stored in

---
base-commit: 3669558bdf354cd352be955ef2764cde6a9bf5ec
change-id: 20230914-strncpy-drivers-gpu-drm-drm_modes-c-a35d782cad01

Best regards,
--
Justin Stitt <[email protected]>

2023-09-15 05:31:23

by Kees Cook

[permalink] [raw]

Subject: Re: [PATCH] drm/modes: refactor deprecated strncpy

On Thu, Sep 14, 2023 at 06:08:44PM +0000, Justin Stitt wrote:
> `strncpy` is deprecated for use on NUL-terminated destination strings [1].
>
> We should prefer more robust and less ambiguous string interfaces.
>
> A suitable replacement is `strscpy` [2] due to the fact that it guarantees
> NUL-termination on the destination buffer and doesn't incur the
> performance loss of unnecessarily NUL-padding.

How did you decide it didn't need %NUL padding?

I suspect it should have it, as I see what looks like full struct copies
happening in places:

struct drm_mode_modeinfo umode;

...
struct drm_property_blob *blob;

drm_mode_convert_to_umode(&umode, mode);
blob = drm_property_create_blob(crtc->dev,
sizeof(umode), &umode);

Can you send a v2 using strscpy_pad() instead?

Thanks!

-Kees

--
Kees Cook