Commit 08a77676 authored by Tejun Heo's avatar Tejun Heo

string: drop __must_check from strscpy() and restore strscpy() usages in cgroup

e7fd37ba ("cgroup: avoid copying strings longer than the buffers")
converted possibly unsafe strncpy() usages in cgroup to strscpy().
However, although the callsites are completely fine with truncated
copied, because strscpy() is marked __must_check, it led to the
following warnings.

  kernel/cgroup/cgroup.c: In function ‘cgroup_file_name’:
  kernel/cgroup/cgroup.c:1400:10: warning: ignoring return value of ‘strscpy’, declared with attribute warn_unused_result [-Wunused-result]
     strscpy(buf, cft->name, CGROUP_FILE_NAME_MAX);
	       ^

To avoid the warnings, 50034ed4 ("cgroup: use strlcpy() instead of
strscpy() to avoid spurious warning") switched them to strlcpy().

strlcpy() is worse than strlcpy() because it unconditionally runs
strlen() on the source string, and the only reason we switched to
strlcpy() here was because it was lacking __must_check, which doesn't
reflect any material differences between the two function.  It's just
that someone added __must_check to strscpy() and not to strlcpy().

These basic string copy operations are used in variety of ways, and
one of not-so-uncommon use cases is safely handling truncated copies,
where the caller naturally doesn't care about the return value.  The
__must_check doesn't match the actual use cases and forces users to
opt for inferior variants which lack __must_check by happenstance or
spread ugly (void) casts.

Remove __must_check from strscpy() and restore strscpy() usages in
cgroup.
Signed-off-by: default avatarTejun Heo <tj@kernel.org>
Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Cc: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Chris Metcalf <cmetcalf@ezchip.com>
parent 2c4736d9
...@@ -28,7 +28,7 @@ extern char * strncpy(char *,const char *, __kernel_size_t); ...@@ -28,7 +28,7 @@ extern char * strncpy(char *,const char *, __kernel_size_t);
size_t strlcpy(char *, const char *, size_t); size_t strlcpy(char *, const char *, size_t);
#endif #endif
#ifndef __HAVE_ARCH_STRSCPY #ifndef __HAVE_ARCH_STRSCPY
ssize_t __must_check strscpy(char *, const char *, size_t); ssize_t strscpy(char *, const char *, size_t);
#endif #endif
#ifndef __HAVE_ARCH_STRCAT #ifndef __HAVE_ARCH_STRCAT
extern char * strcat(char *, const char *); extern char * strcat(char *, const char *);
......
...@@ -1397,7 +1397,7 @@ static char *cgroup_file_name(struct cgroup *cgrp, const struct cftype *cft, ...@@ -1397,7 +1397,7 @@ static char *cgroup_file_name(struct cgroup *cgrp, const struct cftype *cft,
cgroup_on_dfl(cgrp) ? ss->name : ss->legacy_name, cgroup_on_dfl(cgrp) ? ss->name : ss->legacy_name,
cft->name); cft->name);
else else
strlcpy(buf, cft->name, CGROUP_FILE_NAME_MAX); strscpy(buf, cft->name, CGROUP_FILE_NAME_MAX);
return buf; return buf;
} }
...@@ -1864,9 +1864,9 @@ void init_cgroup_root(struct cgroup_root *root, struct cgroup_sb_opts *opts) ...@@ -1864,9 +1864,9 @@ void init_cgroup_root(struct cgroup_root *root, struct cgroup_sb_opts *opts)
root->flags = opts->flags; root->flags = opts->flags;
if (opts->release_agent) if (opts->release_agent)
strlcpy(root->release_agent_path, opts->release_agent, PATH_MAX); strscpy(root->release_agent_path, opts->release_agent, PATH_MAX);
if (opts->name) if (opts->name)
strlcpy(root->name, opts->name, MAX_CGROUP_ROOT_NAMELEN); strscpy(root->name, opts->name, MAX_CGROUP_ROOT_NAMELEN);
if (opts->cpuset_clone_children) if (opts->cpuset_clone_children)
set_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->cgrp.flags); set_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->cgrp.flags);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment