RCE (for strcpy/memcpy-family functions).
Applied to 6.7/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Justin,
> `strncpy` is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
Applied to 6.7/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Justin,
> `strncpy` is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
Applied to 6.7/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
//git.kernel.org/mkp/scsi/c/caf22c969ed1
--
Martin K. Petersen Oracle Linux Engineering
padding of edev members is needed.
>
> [...]
Applied to 6.7/scsi-queue, thanks!
[1/1] scsi: message: fusion: replace deprecated strncpy with strscpy
https://git.kernel.org/mkp/scsi/c/45e833f0e5bb
--
Martin K. Petersen Oracle Linux Engineering
trncpy with strscpy_pad
https://git.kernel.org/mkp/scsi/c/4280a0a70170
--
Martin K. Petersen Oracle Linux Engineering
Justin,
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
Applied to 6.8/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Justin,
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
Applied to 6.8/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Justin,
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
Applied to 6.8/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Justin,
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
Applied to 6.8/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Justin,
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
Applied to 6.8/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
eplace deprecated strncpy with strscpy
https://git.kernel.org/mkp/scsi/c/7936a19e944b
--
Martin K. Petersen Oracle Linux Engineering
t; | hw = kzalloc(sizeof(struct csio_hw), GFP_KERNEL);
>
> [...]
Applied to 6.8/scsi-queue, thanks!
[1/1] scsi: csiostor: replace deprecated strncpy with strscpy
https://git.kernel.org/mkp/scsi/c/4592411784cc
--
Martin K. Petersen Oracle Linux Engineering
they are
> NUL-terminated and NUL-padded.
>
> [...]
Applied to 6.8/scsi-queue, thanks!
[1/1] scsi: ch: replace deprecated strncpy with strscpy
https://git.kernel.org/mkp/scsi/c/dc7a7f10e673
--
Martin K. Petersen Oracle Linux Engineering
name NUL-padded
> and NUL-terminated let's use strscpy_pad() as this implicitly provides
> both.
>
> [...]
Applied to 6.8/scsi-queue, thanks!
[1/1] scsi: elx: libefc: replace deprecated strncpy with strscpy_pad/memcpy
https://git.kernel.org/mkp/scsi/c/1057f44137c5
--
sage with
> format strings:
>
> [...]
Applied to 6.8/scsi-queue, thanks!
[1/1] scsi: bnx2fc: replace deprecated strncpy with strscpy
https://git.kernel.org/mkp/scsi/c/b04a2eff9e9c
--
Martin K. Petersen Oracle Linux Engineering
> resulting size of the destination string. In an effort to remove
> strlcpy() completely[2], replace strlcpy() here with strscpy().
Applied to 6.8/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
to me too.
>
> Reviewed-by: Kees Cook
Applied to 6.8/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
to 6.8/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Justin,
> Instead of copying @buf into a new buffer and carefully managing its
> newline/null-terminating status, we can just use sysfs_match_string()
> as it uses sysfs_streq() internally which handles newline/null-term:
Applied to 6.8/scsi-staging, thanks!
--
Martin K. Petersen
s\n",
> |hostdata->madapter_info.partition_name);
>
> [...]
Applied to 6.8/scsi-queue, thanks!
[1/1] scsi: ibmvscsi: replace deprecated strncpy with strscpy
https://git.kernel.org/mkp/scsi/c/712b3f43ba0e
--
Martin K. Petersen Oracle Linux Engineering
erty names from
> which they are derived are also NUL-terminated.
>
> [...]
Applied to 6.8/scsi-queue, thanks!
[1/1] scsi: ibmvfc: replace deprecated strncpy with strscpy
https://git.kernel.org/mkp/scsi/c/a9baa16b4fc1
--
Martin K. Petersen Oracle Linux Engineering
tps://git.kernel.org/mkp/scsi/c/0d224b1088af
--
Martin K. Petersen Oracle Linux Engineering
eue, thanks!
[1/1] scsi: fcoe: use sysfs_match_string over fcoe_parse_mode
https://git.kernel.org/mkp/scsi/c/edc22a7c8688
--
Martin K. Petersen Oracle Linux Engineering
Kees,
> Great; thanks! Are you taking this, or should I carry it in the
> hardening tree?
I'll pick it up now that Tyrel has reviewed it.
--
Martin K. Petersen Oracle Linux Engineering
Tyrel,
> To reaffirm the assumption, as I mentioned in my response to v1 these are
> intended to be handled as C strings.
>
> Acked-by: Tyrel Datwyler
Applied to 6.9/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
https://git.kernel.org/mkp/scsi/c/165470fb2600
--
Martin K. Petersen Oracle Linux Engineering
Justin,
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
Applied to 6.9/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Justin,
> strncpy() is deprecated [1] and as such we should use different apis to
> copy string data.
Applied to 6.9/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Justin,
> This series contains multiple replacements of strncpy throughout the
> scsi subsystem.
I've queued this up for 6.10.
--
Martin K. Petersen Oracle Linux Engineering
here's a
> comment that says as much; these attr strings are also used with other
> string APIs, further cementing the fact.
>
> [...]
Applied to 6.9/scsi-queue, thanks!
[1/1] scsi: lpfc: replace deprecated strncpy with strscpy
https://git.kernel.org/mkp/scsi/c/e100c01efa85
_ns_rspn) + len,
> ...
>
> [...]
Applied to 6.9/scsi-queue, thanks!
[1/1] scsi: libfc: replace deprecated strncpy with memcpy
https://git.kernel.org/mkp/scsi/c/3e24118ec185
--
Martin K. Petersen Oracle Linux Engineering
Hi Kees!
>> This series fixes all 4 of the instances I could find in the SCSI
>> subsystem.
>
> Friendly ping. Can the SCSI tree pick this up, or should I take it
> through the hardening tree?
It's on my list of series to review. Have a couple of fires going right
no
Kees,
> As the string KUnit tests have seen some refactoring, I'm taking this
> patch and refactoring it onto my tree. Once the SCSI fixes are
> reviewed, if we want to land them in -next, it's probably easiest for
> them to go via my tree.
Sure, no problem.
--
Martin K
gs and NUL-terminated strings in the storage
protocols and hardware programming interfaces. But both types are
definitely referred to as "strings" colloquially and not so much
"memory".
Reviewed-by: Martin K. Petersen
--
Martin K. Petersen Oracle Linux Engineering
see the benefit of updating a legacy driver which
hasn't seen updates in ages. Why risk introducing a regression?
--
Martin K. Petersen Oracle Linux Engineering
gt; [ 65.219923] Call Trace:
> [ 65.221556]
> [ 65.223029] dump_stack_lvl+0x93/0xd0
> [ 65.225573] handle_overflow+0x171/0x1b0
> [ 65.228219] sr_select_speed+0xeb/0xf0
> [ 65.230786] ? __pm_runtime_resume+0xe6/0x130
> [ 65.233606] sr_block_ioctl+0x15d/0x1d0
> .
65.233606] sr_block_ioctl+0x15d/0x1d0
> ...
>
> [...]
Applied to 6.10/scsi-queue, thanks!
[1/1] scsi: sr: fix unintentional arithmetic wraparound
https://git.kernel.org/mkp/scsi/c/9fad9d560af5
--
Martin K. Petersen Oracle Linux Engineering
Kees,
> Replace all the uses of deprecated 1-element "fake" flexible arrays
> with modern C99 flexible arrays.
Applied to 6.12/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Kees,
> Replace the deprecated[1] use of a 1-element array in struct
> MR_LD_VF_MAP with a modern flexible array.
Applied to 6.12/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Kees,
> Replace the deprecated[1] use of a 1-element array in struct
> MR_HOST_DEVICE_LIST with a modern flexible array.
Applied to 6.12/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Kees,
> Replace the deprecated[1] use of a 1-element array in union aac_init
> with a modern flexible array.
Applied to 6.12/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Kees,
> Replace the deprecated[1] use of a 1-element array in struct
> aac_ciss_phys_luns_resp with a modern flexible array.
Applied to 6.12/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Kees,
> Replace the deprecated[1] use of a 1-element arrays in struct
> ipr_hostrcb_fabric_desc and struct ipr_hostrcb64_fabric_desc with
> modern flexible arrays.
Applied to 6.12/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Kees,
> Replace all remaining uses of deprecated 1-element "fake" flexible
> arrays with modern C99 flexible arrays. Add __counted_by annotations
> at the same time.
Applied to 6.12/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
t;yes, that
> is the source of the binary differences" debugging patch can be found
> here[1].
Applied to 6.12/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
t.kernel.org/mkp/scsi/c/6e5860b0ad49
[2/2] scsi: aacraid: struct {user,}sgmap{,64,raw}: Replace 1-element arrays
with flexible arrays
https://git.kernel.org/mkp/scsi/c/fdb1db6ea7f6
--
Martin K. Petersen Oracle Linux Engineering
rray
with flexible array
https://git.kernel.org/mkp/scsi/c/f296cc1d7f5a
--
Martin K. Petersen Oracle Linux Engineering
1/1] scsi: aacraid: struct aac_ciss_phys_luns_resp: Replace 1-element array
with flexible array
https://git.kernel.org/mkp/scsi/c/2e35b43bc9a8
--
Martin K. Petersen Oracle Linux Engineering
same value used to control
> the loop):
>
> [...]
Applied to 6.12/scsi-queue, thanks!
[1/1] scsi: aacraid: union aac_init: Replace 1-element array with flexible array
https://git.kernel.org/mkp/scsi/c/575b9be63684
--
Martin K. Petersen Oracle Linux Engineering
gt;
> [...]
Applied to 6.12/scsi-queue, thanks!
[1/1] scsi: ipr: Replace 1-element arrays with flexible arrays
https://git.kernel.org/mkp/scsi/c/c72e13cf820b
--
Martin K. Petersen Oracle Linux Engineering
97bfddc
[3/4] scsi: mpi3mr: struct mpi3_sas_io_unit_page0: Replace 1-element array with
flexible array
https://git.kernel.org/mkp/scsi/c/41bb96296f9d
[4/4] scsi: mpi3mr: struct mpi3_sas_io_unit_page1: Replace 1-element array with
flexible array
https://git.kernel.org/mkp/scsi/c/a6
scsi: megaraid_sas: struct MR_LD_VF_MAP: Replace 1-element arrays with
flexible arrays
https://git.kernel.org/mkp/scsi/c/ed8ab02c85b3
--
Martin K. Petersen Oracle Linux Engineering
Thorsten,
> Replace the deprecated zero-length array with a modern flexible array
> member in the struct iscsi_bsg_host_vendor_reply.
Applied to 6.14/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
array member
https://git.kernel.org/mkp/scsi/c/cdb03e598750
--
Martin K. Petersen Oracle Linux Engineering
Joel,
> Add the const qualifier to all the ctl_tables in the tree except the
> ones in ./net dir. The "net" sysctl code is special as it modifies the
> arrays before passing it on to the registration function.
Reviewed-by: Martin K. Petersen # SCSI
--
Martin K. Peterse
nd we can validate the
> annotation on the arguments of the helpers. Add the the infrastructure
> to do this, and then update all the places where these annotations are
> currently missing.
Reviewed-by: Martin K. Petersen # SCSI
--
Martin K. Petersen Oracle Linux Engineering
ssary strncpy()
https://git.kernel.org/mkp/scsi/c/d69ddae194ca
--
Martin K. Petersen Oracle Linux Engineering
g the string.
Applied to 6.15/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
lied to 6.15/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
Thorsten,
> strncpy() is deprecated for NUL-terminated destination buffers; use
> strscpy() instead. The destination buffer db_root is only used with
> "%s" format strings and must therefore be NUL-terminated, but not
> NUL-padded.
Applied to 6.15/scsi-staging, thanks!
en to the string
> buffer, which is always within the bounds of db_root_stage, and should
> be preferred over snprintf().
>
> [...]
Applied to 6.15/scsi-queue, thanks!
[1/1] scsi: target: Replace deprecated strncpy() with strscpy()
https://git.kernel.org/mkp/scsi/c/dfb7df1ddb29
--
Martin K. Petersen Oracle Linux Engineering
62 matches
Mail list logo
