Re: [PATCH net-next] net/devlink: Use strscpy() to copy strings into arrays

[David Laight]

On Tue, 9 Jun 2026 15:39:35 +0200
Paolo Abeni <pabeni@xxxxxxxxxx> wrote:

> On 6/8/26 11:54 AM, david.laight.linux@xxxxxxxxx wrote:
> > From: David Laight <david.laight.linux@xxxxxxxxx>
> > 
> > Replacing strcpy() with strscpy() ensures that overflow of the target
> > buffer cannot happen.
> > 
> > Signed-off-by: David Laight <david.laight.linux@xxxxxxxxx>
> > ---
> > This is one of a group of patches that remove potentially unbounded
> > strcpy() calls.
> > 
> > They are mostly replaced by strscpy() or, when strlen() has just been
> > called, with memcpy() (usually including the '\0').
> > 
> > Calls with copy string literals into arrays are left unchanged.
> > They are safe and easily detected as such.
> > 
> > The changes were made by getting the compiler to detect the calls and
> > then fixing the code by hand.
> > 
> > Note that all the changes are only compile tested.
> > 
> > Some Makefiles were changed to allow files to contain strcpy().
> > As well as 'difficult to fix' files, this included 'show' functions
> > as they really need to use sysfs_emit() or seq_printf().
> > 
> > All the patches are being sent individually to avoid very long cc lists.
> > Apologies for the terse commit messages and likely unexpected tags.
> > (There are about 100 patches in total.)
> > 
> >  net/devlink/port.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/net/devlink/port.c b/net/devlink/port.c
> > index 485029d43428..108926d3f899 100644
> > --- a/net/devlink/port.c
> > +++ b/net/devlink/port.c
> > @@ -1222,7 +1222,7 @@ static void __devlink_port_type_set(struct devlink_port *devlink_port,
> >  			devlink_port->type_eth.ifindex = netdev->ifindex;
> >  			BUILD_BUG_ON(sizeof(devlink_port->type_eth.ifname) !=
> >  				     sizeof(netdev->name));
> > -			strcpy(devlink_port->type_eth.ifname, netdev->name);
> > +			strscpy(devlink_port->type_eth.ifname, netdev->name);  
> 
> Given the above BUILD_BUG, I don't see how this change can help?!?
> 
> Generally speaking, I suggest restricting this kind of tool-assisted
> changes to real problems (if any).

My aim is to get to the point where the calling strcpy() is invalid
unless it is used to copy a string literal into an array.
If/when all the .c files are changed the .h file change can be committed
to stop any new potential unbounded copies being added.

I do want to look at the 'fortify' version of strspcy().
The current version can call strnlen() and then real_strscpy(), so
ends up doing the length scan twice.
(Never mind how much gets inlined.)
strscpy() between arrays could be implemented as a memcpy() of the
shorter length and an explicit zero of the final byte.

With the BUILD_BUG_ON() (which I didn't notice) the above could
be e memcpy().

-- David

> 
> Thanks,
> 
> Paolo
>