[PATCH] dma-buf: Replace strlcpy() with strscpy()
Christian König
christian.koenig at amd.com
Mon Nov 20 09:59:45 UTC 2023
Am 17.11.23 um 19:50 schrieb T.J. Mercier:
> On Thu, Nov 16, 2023 at 11:14 AM Kees Cook <keescook at chromium.org> wrote:
>> strlcpy() reads the entire source buffer first. This read may exceed
>> the destination size limit. This is both inefficient and can lead
>> to linear read overflows if a source string is not NUL-terminated[1].
>> Additionally, it returns the size of the source string, not the
>> resulting size of the destination string. In an effort to remove strlcpy()
>> completely[2], replace strlcpy() here with strscpy().
>>
>> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [1]
>> Link: https://github.com/KSPP/linux/issues/89 [2]
>> Cc: Sumit Semwal <sumit.semwal at linaro.org>
>> Cc: "Christian König" <christian.koenig at amd.com>
>> Cc: Azeem Shaikh <azeemshaikh38 at gmail.com>
>> Cc: linux-media at vger.kernel.org
>> Cc: dri-devel at lists.freedesktop.org
>> Cc: linaro-mm-sig at lists.linaro.org
>> Signed-off-by: Kees Cook <keescook at chromium.org>
> Reviewed-by: T.J. Mercier <tjmercier at google.com>
>
> strscpy returns -E2BIG when it truncates / force null-terminates which
> would provide the wrong argument for dynamic_dname, but
> dma_buf_set_name{_user} makes sure we have a null-terminated string of
> the appropriate maximum size in dmabuf->name.
Thanks for that background check, I was about to note that this might
not be a good idea.
Linus pretty clearly stated that he doesn't want to see patches like
that one here, see this article as well. https://lwn.net/Articles/659214/
I think the commit message gives enough reason to merge the patch, so
I'm going to push it to drm-misc-next. But please make sure to triple
check stuff like this before sending.
Thanks,
Christian.
More information about the dri-devel
mailing list