On Mon, Mar 16, 2026 at 04:17:28PM +0000, Josh Law wrote: > BUG_ON() in a library function is too harsh -- it panics the kernel > when a caller passes a dest string whose length already meets or > exceeds count. This is a caller bug, not a reason to bring down the > entire system. > > Replace with WARN_ON_ONCE() and a safe early return. The return value > of count signals truncation to the caller, consistent with strlcat > semantics (return >= count means the output was truncated). > > This follows the guidance in include/asm-generic/bug.h which > explicitly discourages BUG_ON: "Don't use BUG() or BUG_ON() unless > there's really no way out." > > Signed-off-by: Josh Law <[email protected]> > --- > lib/string.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/lib/string.c b/lib/string.c > index b632c71df1a5..ae3eb192534d 100644 > --- a/lib/string.c > +++ b/lib/string.c > @@ -255,8 +255,9 @@ size_t strlcat(char *dest, const char *src, size_t count) > size_t len = strlen(src); > size_t res = dsize + len; > > - /* This would be a bug */ > - BUG_ON(dsize >= count); > + /* This would be a caller bug */ > + if (WARN_ON_ONCE(dsize >= count)) > + return count;
You still just crashed the system for the few billion or so Linux systems out there with panic-on-warn enabled :( And is returning 'count' really the correct thing to do here when you didn't actually copy any data? thanks, greg k-h
