This pattern of strncpy with some pointer arithmetic setting fixed-sized
intervals with string literal data is a bit weird so let's use
ethtool_sprintf() as this has more obvious behavior and is less-error
prone.
Nicely, we also get to drop a usage of the now deprecated strncpy() [1].
One might consider this pattern:
| ethtool_sprintf(&buf, lan9303_mib[u].name);
... but this triggers a -Wformat-security warning.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://github.com/KSPP/linux/issues/90
Cc: [email protected]
Cc: Kees Cook <[email protected]>
Signed-off-by: Justin Stitt <[email protected]>
Suggested-by: Alexander Lobakin <[email protected]>
---
Changes in v2:
- use ethtool_sprintf (thanks Alexander)
- Link to v1: https://lore.kernel.org/r/20231005-strncpy-drivers-net-dsa-lan9303-core-c-v1-1-5a66c538147e@google.com
---
Note: build-tested only.
---
drivers/net/dsa/lan9303-core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/dsa/lan9303-core.c b/drivers/net/dsa/lan9303-core.c
index ee67adeb2cdb..95a8e5168c2a 100644
--- a/drivers/net/dsa/lan9303-core.c
+++ b/drivers/net/dsa/lan9303-core.c
@@ -1007,14 +1007,14 @@ static const struct lan9303_mib_desc lan9303_mib[] = {
static void lan9303_get_strings(struct dsa_switch *ds, int port,
u32 stringset, uint8_t *data)
{
+ u8 *buf = data;
unsigned int u;
if (stringset != ETH_SS_STATS)
return;
for (u = 0; u < ARRAY_SIZE(lan9303_mib); u++) {
- strncpy(data + u * ETH_GSTRING_LEN, lan9303_mib[u].name,
- ETH_GSTRING_LEN);
+ ethtool_sprintf(&buf, "%s", lan9303_mib[u].name);
}
}
---
base-commit: cbf3a2cb156a2c911d8f38d8247814b4c07f49a2
change-id: 20231005-strncpy-drivers-net-dsa-lan9303-core-c-6386858e5c22
Best regards,
--
Justin Stitt <[email protected]>
On Thu, Oct 05, 2023 at 06:56:50PM +0000, Justin Stitt wrote:
> This pattern of strncpy with some pointer arithmetic setting fixed-sized
> intervals with string literal data is a bit weird so let's use
> ethtool_sprintf() as this has more obvious behavior and is less-error
> prone.
>
> Nicely, we also get to drop a usage of the now deprecated strncpy() [1].
>
> One might consider this pattern:
> | ethtool_sprintf(&buf, lan9303_mib[u].name);
> ... but this triggers a -Wformat-security warning.
>
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: [email protected]
> Cc: Kees Cook <[email protected]>
> Signed-off-by: Justin Stitt <[email protected]>
Ah, cool ethtool_sprintf() works. Maybe some day we can fix the whole
API to actually have bounds, but yes, this is fine.
Reviewed-by: Kees Cook <[email protected]>
--
Kees Cook
From: Justin Stitt <[email protected]>
Date: Thu, 05 Oct 2023 18:56:50 +0000
> This pattern of strncpy with some pointer arithmetic setting fixed-sized
> intervals with string literal data is a bit weird so let's use
> ethtool_sprintf() as this has more obvious behavior and is less-error
> prone.
[...]
> diff --git a/drivers/net/dsa/lan9303-core.c b/drivers/net/dsa/lan9303-core.c
> index ee67adeb2cdb..95a8e5168c2a 100644
> --- a/drivers/net/dsa/lan9303-core.c
> +++ b/drivers/net/dsa/lan9303-core.c
> @@ -1007,14 +1007,14 @@ static const struct lan9303_mib_desc lan9303_mib[] = {
> static void lan9303_get_strings(struct dsa_switch *ds, int port,
> u32 stringset, uint8_t *data)
> {
> + u8 *buf = data;
Is it needed here? I thought you could pass @data directly to
ethtool_sprintf(), if it doesn't mind.
> unsigned int u;
>
> if (stringset != ETH_SS_STATS)
> return;
>
> for (u = 0; u < ARRAY_SIZE(lan9303_mib); u++) {
> - strncpy(data + u * ETH_GSTRING_LEN, lan9303_mib[u].name,
> - ETH_GSTRING_LEN);
> + ethtool_sprintf(&buf, "%s", lan9303_mib[u].name);
> }
> }
Either way, this was a nitpick, so
Reviewed-by: Alexander Lobakin <[email protected]>
>
>
> ---
> base-commit: cbf3a2cb156a2c911d8f38d8247814b4c07f49a2
> change-id: 20231005-strncpy-drivers-net-dsa-lan9303-core-c-6386858e5c22
>
> Best regards,
> --
> Justin Stitt <[email protected]>
>
Thanks,
Olek
On Thu, 05 Oct 2023 18:56:50 +0000, Justin Stitt wrote:
> This pattern of strncpy with some pointer arithmetic setting fixed-sized
> intervals with string literal data is a bit weird so let's use
> ethtool_sprintf() as this has more obvious behavior and is less-error
> prone.
>
> Nicely, we also get to drop a usage of the now deprecated strncpy() [1].
>
> [...]
Applied to for-next/hardening, thanks!
[1/1] net: dsa: lan9303: use ethtool_sprintf() for lan9303_get_strings()
https://git.kernel.org/kees/c/f1c7720549bf
Take care,
--
Kees Cook
On Thu, 30 Nov 2023 13:59:58 -0800 Kees Cook wrote:
> Applied to for-next/hardening, thanks!
>
> [1/1] net: dsa: lan9303: use ethtool_sprintf() for lan9303_get_strings()
> https://git.kernel.org/kees/c/f1c7720549bf
Please drop this, it got changes requested on our end because
I figured Alexander's comment is worth addressing.
On Thu, Nov 30, 2023 at 10:40:21PM -0800, Jakub Kicinski wrote:
> On Thu, 30 Nov 2023 13:59:58 -0800 Kees Cook wrote:
> > Applied to for-next/hardening, thanks!
> >
> > [1/1] net: dsa: lan9303: use ethtool_sprintf() for lan9303_get_strings()
> > https://git.kernel.org/kees/c/f1c7720549bf
>
> Please drop this, it got changes requested on our end because
> I figured Alexander's comment is worth addressing.
Done. Justin, can you please refresh this patch (or, actually, make sure
the ethtool_puts() series lands?)
--
Kees Cook
On Fri, Dec 1, 2023 at 10:19 AM Kees Cook <[email protected]> wrote:
>
> On Thu, Nov 30, 2023 at 10:40:21PM -0800, Jakub Kicinski wrote:
> > On Thu, 30 Nov 2023 13:59:58 -0800 Kees Cook wrote:
> > > Applied to for-next/hardening, thanks!
> > >
> > > [1/1] net: dsa: lan9303: use ethtool_sprintf() for lan9303_get_strings()
> > > https://git.kernel.org/kees/c/f1c7720549bf
> >
> > Please drop this, it got changes requested on our end because
> > I figured Alexander's comment is worth addressing.
>
> Done. Justin, can you please refresh this patch (or, actually, make sure
> the ethtool_puts() series lands?)
Yeah, let's let this patch die. The ethtool_puts() is on v5 and is
getting good reviewed-by's. I suspect it
will be in soon. Then I'll double back and do right by the intent of this patch.
>
> --
> Kees Cook
Justin