Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp483267rdg; Tue, 10 Oct 2023 17:01:40 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHpfFBpMHnhxYZCLwXVSLvfUckQc0HlOCHxsB3R+Pi4rg4kKZO1NhueXlc0sxi1eaVU9/vj X-Received: by 2002:a05:6808:652:b0:3ab:5e9e:51f8 with SMTP id z18-20020a056808065200b003ab5e9e51f8mr20700638oih.9.1696982499704; Tue, 10 Oct 2023 17:01:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696982499; cv=none; d=google.com; s=arc-20160816; b=qhtWSCinE1fe43vZhi1PADmg6xIxurmi2XEDJ/LrABVogACno4eKLEVS6pSklZwh/2 8iQnjmaBjWfxRnjtclCOK5Gb6ozT+/X8XKXa2yLOKCbFoA6ve9Zykbt4fr1oUdgWSKxf I6sPDQCFtjSXa/lyveNoO9U4j5EIhar6JJhOeBDzdGiy3kIfU60k238T7/nqBow+gUjK 0jc2P+vJztX+6DB/1j8GoORx4gqRt9yY5YkAJ5TO/4eCtvHmfJReM8w7u/u1LdFVgYnm d/XCJBY7QxlYkP1JKN2dzGQpAtF4DQVn7Z+vZifs/ILNrlSlf5KGOK/Upmw+OSe5cYJG C7Og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=zXwHFTTSHqHksZHyWZ3bFkL07EMOlYzNsZg2rCsLLcM=; fh=5R7nz869+IjMQyG6lgFt9pLVR5zaUm3zeQusFsFDXH4=; b=M0099MAmOgBPHxxYnmo3ix+3S6TojtT3evOL9xCKMWm1qwCjkgOBx6fsoLyPNvAGX3 67zpU5Vzm0eTwnpCHYf/j99eYKpu2Z1X/9aBHrQo3IQD8yBvA+VFTtSLLRbPxzECSziQ wCIaowS3H8nrffMxlxRFk9ghhWnHO1Krt1BIiMG7Q0VjcV2YusIAcJpRzFU4AKWESbNn NJBcp4ZWHl6qiMCpbRdFmQ+23giDAtJpb+CQMXKX2fArgBh6UEIyvDXeyRoD/tZC2GhJ Uy5vwem7ae5uD/1pOBOsc++JGVp3h3dFUsVWco9yqBazhjGhFwaJlyyHf19/EaHIfMjZ 6/Kg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="C7d/yRC5"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id k3-20020a633d03000000b00588e13f4cc8si10044020pga.519.2023.10.10.17.01.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 17:01:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="C7d/yRC5"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 535BF8030A91; Tue, 10 Oct 2023 17:01:36 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344229AbjJKAB1 (ORCPT + 99 others); Tue, 10 Oct 2023 20:01:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344204AbjJKABZ (ORCPT ); Tue, 10 Oct 2023 20:01:25 -0400 Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1ADFE8F for ; Tue, 10 Oct 2023 17:01:24 -0700 (PDT) Received: by mail-pg1-x529.google.com with SMTP id 41be03b00d2f7-578b407045bso5027941a12.0 for ; Tue, 10 Oct 2023 17:01:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1696982483; x=1697587283; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=zXwHFTTSHqHksZHyWZ3bFkL07EMOlYzNsZg2rCsLLcM=; b=C7d/yRC5Raip0nMfFJljMYPZuVOwrxYCRUe4z9sSsoYFSsYqcS2kS0sUXwh5r8TxEU LQnikAzpaJOvdDZDRbVIeUFUS8fZSlviJTGP/SJnQKoAkLUysfm/xq9HTYN1Inai9hNA 9oHroh9cjqDL0M3UEJNqIxP+fOMIkbxuH1kcM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696982483; x=1697587283; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=zXwHFTTSHqHksZHyWZ3bFkL07EMOlYzNsZg2rCsLLcM=; b=JVNSTqQ6PvTim9MD7dmzJ4WsZ+ST0CnjXrTgBQCnKvv7dectj9VyRfSXVmSPbC3l9X DtswaDcEAGWhAgvHBKjGHegbTjgMvmnpUyXhVGIkqnP/EgXnkAGvhnWjrKlZhQN4K5/k M6HlBw2TaqboIZHreNyteLHNxEEzwug6Uia/Vs8og9UwiDa/ARrjX5xQuI/0L0bjMAlc JWEQ3MPd0MChdElJAOVBwmUqLrH1IM5mO0lgbCATgqVWZ8p7dPgwLrNqF+CaSznIFUDS nDgMZMsyl4NkwMG8VDXbRsjS0DKnmeJj+uIQ9DKFVsYZ097MT/j4dQYWucF94ZFnIjW2 OgnQ== X-Gm-Message-State: AOJu0Yz32lYkOHaXFfZD3h5VwY9Cfg389jja09wlKvOEpc9xVbfFT1MX D75soVZeqORcWhJTisRqK48Dpg== X-Received: by 2002:a05:6a20:2590:b0:151:577:32d1 with SMTP id k16-20020a056a20259000b00151057732d1mr23567638pzd.22.1696982483550; Tue, 10 Oct 2023 17:01:23 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id g12-20020a170902868c00b001c625acfed0sm12371984plo.44.2023.10.10.17.01.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 17:01:23 -0700 (PDT) Date: Tue, 10 Oct 2023 17:01:19 -0700 From: Kees Cook To: Justin Stitt Cc: Sunil Goutham , Linu Cherian , Geetha sowjanya , Jerin Jacob , hariprasad , Subbaraya Sundeep , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] octeontx2-af: replace deprecated strncpy with strscpy Message-ID: <202310101700.1BE3455BE6@keescook> References: <20231010-strncpy-drivers-net-ethernet-marvell-octeontx2-af-cgx-c-v1-1-a443e18f9de8@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231010-strncpy-drivers-net-ethernet-marvell-octeontx2-af-cgx-c-v1-1-a443e18f9de8@google.com> X-Spam-Status: No, score=2.7 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Tue, 10 Oct 2023 17:01:36 -0700 (PDT) X-Spam-Level: ** On Tue, Oct 10, 2023 at 09:38:11PM +0000, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > We can see that linfo->lmac_type is expected to be NUL-terminated based > on the `... - 1`'s present in the current code. Presumably making room > for a NUL-byte at the end of the buffer. > > Considering the above, a suitable replacement is `strscpy` [2] due to > the fact that it guarantees NUL-termination on the destination buffer > without unnecessarily NUL-padding. > > Let's also prefer the more idiomatic strscpy usage of (dest, src, > sizeof(dest)) rather than (dest, src, SOME_LEN). > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt > --- > Note: build-tested only. > --- > drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 8 +++----- > 1 file changed, 3 insertions(+), 5 deletions(-) > > diff --git a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c > index e06f77ad6106..6c70c8498690 100644 > --- a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c > +++ b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c > @@ -1218,8 +1218,6 @@ static inline void link_status_user_format(u64 lstat, > struct cgx_link_user_info *linfo, > struct cgx *cgx, u8 lmac_id) > { > - const char *lmac_string; > - > linfo->link_up = FIELD_GET(RESP_LINKSTAT_UP, lstat); > linfo->full_duplex = FIELD_GET(RESP_LINKSTAT_FDUPLEX, lstat); > linfo->speed = cgx_speed_mbps[FIELD_GET(RESP_LINKSTAT_SPEED, lstat)]; > @@ -1230,12 +1228,12 @@ static inline void link_status_user_format(u64 lstat, > if (linfo->lmac_type_id >= LMAC_MODE_MAX) { > dev_err(&cgx->pdev->dev, "Unknown lmac_type_id %d reported by firmware on cgx port%d:%d", > linfo->lmac_type_id, cgx->cgx_id, lmac_id); > - strncpy(linfo->lmac_type, "Unknown", LMACTYPE_STR_LEN - 1); > + strscpy(linfo->lmac_type, "Unknown", sizeof(linfo->lmac_type)); > return; > } > > - lmac_string = cgx_lmactype_string[linfo->lmac_type_id]; > - strncpy(linfo->lmac_type, lmac_string, LMACTYPE_STR_LEN - 1); > + strscpy(linfo->lmac_type, cgx_lmactype_string[linfo->lmac_type_id], > + sizeof(linfo->lmac_type)); Yup, sizes match. Good replacement and simplification. drivers/net/ethernet/marvell/octeontx2/af/mbox.h:565:#define LMACTYPE_STR_LEN 16 drivers/net/ethernet/marvell/octeontx2/af/mbox.h:566: char lmac_type[LMACTYPE_STR_LEN]; Reviewed-by: Kees Cook -- Kees Cook