Re: [PATCH] fanotify: replace deprecated strcpy in fanotify_info_copy_{name,name2}
From: Jan Kara
Date: Mon Mar 23 2026 - 07:26:56 EST
On Mon 23-03-26 12:00:27, Amir Goldstein wrote:
> On Mon, Mar 23, 2026 at 11:12 AM Christian Brauner <brauner@xxxxxxxxxx> wrote:
> >
> > On Mon, Mar 23, 2026 at 10:14:24AM +0100, Jan Kara wrote:
> > > On Sat 21-03-26 22:05:47, Thorsten Blum wrote:
> > > > strcpy() has been deprecated [1] because it performs no bounds checking
> > > > on the destination buffer, which can lead to buffer overflows. Replace
> > > > it with the safer strscpy().
> > > >
> > > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
> > > > Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>
> > >
> > > I was a bit undecided about this one because I was wondering what
> > > additional protection does the use of strscpy() bring here. But I guess the
> > > protection from corrupted qstr (where the length doesn't match the real string
> > > length) makes some sense. So I've taken the patch into my tree. Thanks!
> >
> > Fwiw, patches are now auto-tested on vfs-ci:
> > https://github.com/linux-fsdevel/vfs/pull/860
> > Just for some testing data. We should probably hook up the relevant LTP
> > tests for fanotify there as well.
>
> That would be cool :)
>
> I guess for vfs you would would to run these LTP test groups
> $ ls runtest/fs*
> runtest/fs runtest/fs_bind runtest/fs_perms_simple runtest/fs_readonly
>
> fanotify tests are currently only in the syscalls group.
>
> I could create an fsnotify test group or
> we could try to create a vfs focused group such as fs_syscalls,
> but actually, at a quick glance, it looks like ~75% are fs related syscalls.
Some of the LTP tests do take noticeable amount of time so I'm not sure if
we want to run all of them for each commit. Ideally tests would be selected
based on modified code but maybe that's a bit of overengineering (but it
might be an interesting project for AI to write a script that based on gcov
data outputs a set of tests to run for given patch :)).
Honza
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR