PM: hibernate: replace deprecated strncpy with strscpy

Message ID	20240429-strncpy-kernel-power-hibernate-c-v1-1-8688f492d3e6@google.com (mailing list archive)
State	Mainlined
Commit	7b831bd3cf322fdacd07f321d6d7297914ed79bc
Headers	show Received: from mail-io1-f73.google.com (mail-io1-f73.google.com [209.85.166.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA9191411EF for <linux-hardening@vger.kernel.org>; Mon, 29 Apr 2024 20:50:33 +0000 (UTC) Date: Mon, 29 Apr 2024 20:50:30 +0000 Precedence: bulk Mime-Version: 1.0 Message-ID: <20240429-strncpy-kernel-power-hibernate-c-v1-1-8688f492d3e6@google.com> Subject: [PATCH] PM: hibernate: replace deprecated strncpy with strscpy From: Justin Stitt <justinstitt@google.com> To: "Rafael J. Wysocki" <rafael@kernel.org>, Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz> Cc: linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, Justin Stitt <justinstitt@google.com> Content-Type: text/plain; charset="utf-8"
Series	PM: hibernate: replace deprecated strncpy with strscpy \| expand PM: hibernate: replace deprecated strncpy with strscpy

Message ID

20240429-strncpy-kernel-power-hibernate-c-v1-1-8688f492d3e6@google.com (mailing list archive)

State

Mainlined

Commit

7b831bd3cf322fdacd07f321d6d7297914ed79bc

Headers

Date: Mon, 29 Apr 2024 20:50:30 +0000
Precedence: bulk
Mime-Version: 1.0
Message-ID: 
 <20240429-strncpy-kernel-power-hibernate-c-v1-1-8688f492d3e6@google.com>
Subject: [PATCH] PM: hibernate: replace deprecated strncpy with strscpy
From: Justin Stitt <justinstitt@google.com>
To: "Rafael J. Wysocki" <rafael@kernel.org>, Len Brown <len.brown@intel.com>,
 Pavel Machek <pavel@ucw.cz>
Cc: linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-hardening@vger.kernel.org, Justin Stitt <justinstitt@google.com>
Content-Type: text/plain; charset="utf-8"

Series

PM: hibernate: replace deprecated strncpy with strscpy | expand

Commit Message

Justin Stitt April 29, 2024, 8:50 p.m. UTC

strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.

This kernel config option is simply assigned with the resume_file
buffer. It should be NUL-terminated but not necessarily NUL-padded as
per its further usage with other string apis:
|	static int __init find_resume_device(void)
|	{
|		if (!strlen(resume_file))
|			return -ENOENT;
|
|		pm_pr_dbg("Checking hibernation image partition %s\n", resume_file);

Use strscpy [2] as it guarantees NUL-termination on the destination
buffer. Specifically, use the new 2-argument version of strscpy()
introduced in Commit e6584c3964f2f ("string: Allow 2-argument
strscpy()").

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
---
Note: build-tested only.

Found with: $ rg "strncpy\("
---
 kernel/power/hibernate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


---
base-commit: d7ad0581567927c433918bb5f06f3d29f89807d3
change-id: 20240412-strncpy-kernel-power-hibernate-c-77985696443c

Best regards,
--
Justin Stitt <justinstitt@google.com>

Comments

Kees Cook April 29, 2024, 9:58 p.m. UTC | #1

On Mon, Apr 29, 2024 at 08:50:30PM +0000, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
> 
> This kernel config option is simply assigned with the resume_file
> buffer. It should be NUL-terminated but not necessarily NUL-padded as
> per its further usage with other string apis:
> |	static int __init find_resume_device(void)
> |	{
> |		if (!strlen(resume_file))
> |			return -ENOENT;
> |
> |		pm_pr_dbg("Checking hibernation image partition %s\n", resume_file);
> 
> Use strscpy [2] as it guarantees NUL-termination on the destination
> buffer. Specifically, use the new 2-argument version of strscpy()
> introduced in Commit e6584c3964f2f ("string: Allow 2-argument
> strscpy()").
> 
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Justin Stitt <justinstitt@google.com>
> ---
> Note: build-tested only.
> 
> Found with: $ rg "strncpy\("
> ---
>  kernel/power/hibernate.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
> index 43b1a82e800c..0a213f69a9e4 100644
> --- a/kernel/power/hibernate.c
> +++ b/kernel/power/hibernate.c
> @@ -1361,7 +1361,7 @@ static int __init resume_setup(char *str)
>  	if (noresume)
>  		return 1;
>  
> -	strncpy(resume_file, str, 255);
> +	strscpy(resume_file, str);
>  	return 1;
>  }
>  

Yup, this looks correct to me. resume_file is:

static char resume_file[256] = CONFIG_PM_STD_PARTITION;

Reviewed-by: Kees Cook <keescook@chromium.org>

Dhruva Gole April 30, 2024, 9:36 a.m. UTC | #2

On Apr 29, 2024 at 20:50:30 +0000, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
> 
> This kernel config option is simply assigned with the resume_file
> buffer. It should be NUL-terminated but not necessarily NUL-padded as
> per its further usage with other string apis:
> |	static int __init find_resume_device(void)
> |	{
> |		if (!strlen(resume_file))
> |			return -ENOENT;
> |
> |		pm_pr_dbg("Checking hibernation image partition %s\n", resume_file);
> 
> Use strscpy [2] as it guarantees NUL-termination on the destination
> buffer. Specifically, use the new 2-argument version of strscpy()
> introduced in Commit e6584c3964f2f ("string: Allow 2-argument
> strscpy()").
> 
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Justin Stitt <justinstitt@google.com>
> ---
[...]

Reviewed-by: Dhruva Gole <d-gole@ti.com>

Rafael J. Wysocki April 30, 2024, 11:01 a.m. UTC | #3

On Tue, Apr 30, 2024 at 11:36 AM Dhruva Gole <d-gole@ti.com> wrote:
>
> On Apr 29, 2024 at 20:50:30 +0000, Justin Stitt wrote:
> > strncpy() is deprecated for use on NUL-terminated destination strings
> > [1] and as such we should prefer more robust and less ambiguous string
> > interfaces.
> >
> > This kernel config option is simply assigned with the resume_file
> > buffer. It should be NUL-terminated but not necessarily NUL-padded as
> > per its further usage with other string apis:
> > |     static int __init find_resume_device(void)
> > |     {
> > |             if (!strlen(resume_file))
> > |                     return -ENOENT;
> > |
> > |             pm_pr_dbg("Checking hibernation image partition %s\n", resume_file);
> >
> > Use strscpy [2] as it guarantees NUL-termination on the destination
> > buffer. Specifically, use the new 2-argument version of strscpy()
> > introduced in Commit e6584c3964f2f ("string: Allow 2-argument
> > strscpy()").
> >
> > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> > Link: https://github.com/KSPP/linux/issues/90
> > Cc: linux-hardening@vger.kernel.org
> > Signed-off-by: Justin Stitt <justinstitt@google.com>
> > ---
> [...]
>
> Reviewed-by: Dhruva Gole <d-gole@ti.com>

Applied as 6.10 material, thanks!

diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index 43b1a82e800c..0a213f69a9e4 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -1361,7 +1361,7 @@  static int __init resume_setup(char *str)
 	if (noresume)
 		return 1;
 
-	strncpy(resume_file, str, 255);
+	strscpy(resume_file, str);
 	return 1;
 }

PM: hibernate: replace deprecated strncpy with strscpy

Commit Message

Comments

Patch