Re: [PATCH] lib/string: replace BUG_ON with WARN_ON_ONCE in strlcat

Next message: Geert Uytterhoeven: "Re: [PATCH v2 08/13] firmware: arm_scmi: Harden clock protocol initialization"
Previous message: Joel Fernandes: "Re: [PATCH v9 01/23] gpu: nova-core: Select GPU_BUDDY for VRAM allocation"
In reply to: Josh Law: "Re: [PATCH] lib/string: replace BUG_ON with WARN_ON_ONCE in strlcat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg KH

Date: Mon Mar 16 2026 - 12:34:55 EST

On Mon, Mar 16, 2026 at 04:17:28PM +0000, Josh Law wrote:
> BUG_ON() in a library function is too harsh -- it panics the kernel
> when a caller passes a dest string whose length already meets or
> exceeds count. This is a caller bug, not a reason to bring down the
> entire system.
>
> Replace with WARN_ON_ONCE() and a safe early return. The return value
> of count signals truncation to the caller, consistent with strlcat
> semantics (return >= count means the output was truncated).
>
> This follows the guidance in include/asm-generic/bug.h which
> explicitly discourages BUG_ON: "Don't use BUG() or BUG_ON() unless
> there's really no way out."
>
> Signed-off-by: Josh Law <objecting@xxxxxxxxxxxxx>
> ---
> lib/string.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/lib/string.c b/lib/string.c
> index b632c71df1a5..ae3eb192534d 100644
> --- a/lib/string.c
> +++ b/lib/string.c
> @@ -255,8 +255,9 @@ size_t strlcat(char *dest, const char *src, size_t count)
> size_t len = strlen(src);
> size_t res = dsize + len;
>
> - /* This would be a bug */
> - BUG_ON(dsize >= count);
> + /* This would be a caller bug */
> + if (WARN_ON_ONCE(dsize >= count))
> + return count;

You still just crashed the system for the few billion or so Linux
systems out there with panic-on-warn enabled :(

And is returning 'count' really the correct thing to do here when you
didn't actually copy any data?

thanks,

greg k-h