scsi: bfa: Replace all non-returning strlcpy() with strscpy()

strlcpy() reads the entire source buffer first.  This read may exceed the
destination size limit.  This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated [1].  In an effort
to remove strlcpy() completely [2], replace strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Link: https://lore.kernel.org/r/20230516013345.723623-1-azeemshaikh38@gmail.com
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/bfa/bfa_fcbuild.c b/drivers/scsi/bfa/bfa_fcbuild.c
index df18d9d..773c84a 100644 (file)
--- a/drivers/scsi/bfa/bfa_fcbuild.c
+++ b/drivers/scsi/bfa/bfa_fcbuild.c
@@ -1134,7 +1134,7 @@ fc_rspnid_build(struct fchs_s *fchs, void *pyld, u32 s_id, u16 ox_id,
        memset(rspnid, 0, sizeof(struct fcgs_rspnid_req_s));
 
        rspnid->dap = s_id;
-       strlcpy(rspnid->spn, name, sizeof(rspnid->spn));
+       strscpy(rspnid->spn, name, sizeof(rspnid->spn));
        rspnid->spn_len = (u8) strlen(rspnid->spn);
 
        return sizeof(struct fcgs_rspnid_req_s) + sizeof(struct ct_hdr_s);
@@ -1155,7 +1155,7 @@ fc_rsnn_nn_build(struct fchs_s *fchs, void *pyld, u32 s_id,
        memset(rsnn_nn, 0, sizeof(struct fcgs_rsnn_nn_req_s));
 
        rsnn_nn->node_name = node_name;
-       strlcpy(rsnn_nn->snn, name, sizeof(rsnn_nn->snn));
+       strscpy(rsnn_nn->snn, name, sizeof(rsnn_nn->snn));
        rsnn_nn->snn_len = (u8) strlen(rsnn_nn->snn);
 
        return sizeof(struct fcgs_rsnn_nn_req_s) + sizeof(struct ct_hdr_s);

diff --git a/drivers/scsi/bfa/bfa_fcs.c b/drivers/scsi/bfa/bfa_fcs.c
index d2d396c..5023c0a 100644 (file)
--- a/drivers/scsi/bfa/bfa_fcs.c
+++ b/drivers/scsi/bfa/bfa_fcs.c
@@ -761,7 +761,7 @@ bfa_fcs_fabric_psymb_init(struct bfa_fcs_fabric_s *fabric)
        bfa_ioc_get_adapter_model(&fabric->fcs->bfa->ioc, model);
 
        /* Model name/number */
-       strlcpy(port_cfg->sym_name.symname, model,
+       strscpy(port_cfg->sym_name.symname, model,
                BFA_SYMNAME_MAXLEN);
        strlcat(port_cfg->sym_name.symname, BFA_FCS_PORT_SYMBNAME_SEPARATOR,
                BFA_SYMNAME_MAXLEN);
@@ -822,7 +822,7 @@ bfa_fcs_fabric_nsymb_init(struct bfa_fcs_fabric_s *fabric)
        bfa_ioc_get_adapter_model(&fabric->fcs->bfa->ioc, model);
 
        /* Model name/number */
-       strlcpy(port_cfg->node_sym_name.symname, model,
+       strscpy(port_cfg->node_sym_name.symname, model,
                BFA_SYMNAME_MAXLEN);
        strlcat(port_cfg->node_sym_name.symname,
                        BFA_FCS_PORT_SYMBNAME_SEPARATOR,

diff --git a/drivers/scsi/bfa/bfa_fcs_lport.c b/drivers/scsi/bfa/bfa_fcs_lport.c
index b12afcc..008afd8 100644 (file)
--- a/drivers/scsi/bfa/bfa_fcs_lport.c
+++ b/drivers/scsi/bfa/bfa_fcs_lport.c
@@ -2642,10 +2642,10 @@ bfa_fcs_fdmi_get_hbaattr(struct bfa_fcs_lport_fdmi_s *fdmi,
        bfa_ioc_get_adapter_fw_ver(&port->fcs->bfa->ioc,
                                        hba_attr->fw_version);
 
-       strlcpy(hba_attr->driver_version, (char *)driver_info->version,
+       strscpy(hba_attr->driver_version, (char *)driver_info->version,
                sizeof(hba_attr->driver_version));
 
-       strlcpy(hba_attr->os_name, driver_info->host_os_name,
+       strscpy(hba_attr->os_name, driver_info->host_os_name,
                sizeof(hba_attr->os_name));
 
        /*
@@ -2663,13 +2663,13 @@ bfa_fcs_fdmi_get_hbaattr(struct bfa_fcs_lport_fdmi_s *fdmi,
        bfa_fcs_fdmi_get_portattr(fdmi, &fcs_port_attr);
        hba_attr->max_ct_pyld = fcs_port_attr.max_frm_size;
 
-       strlcpy(hba_attr->node_sym_name.symname,
+       strscpy(hba_attr->node_sym_name.symname,
                port->port_cfg.node_sym_name.symname, BFA_SYMNAME_MAXLEN);
        strcpy(hba_attr->vendor_info, "QLogic");
        hba_attr->num_ports =
                cpu_to_be32(bfa_ioc_get_nports(&port->fcs->bfa->ioc));
        hba_attr->fabric_name = port->fabric->lps->pr_nwwn;
-       strlcpy(hba_attr->bios_ver, hba_attr->option_rom_ver, BFA_VERSION_LEN);
+       strscpy(hba_attr->bios_ver, hba_attr->option_rom_ver, BFA_VERSION_LEN);
 
 }
 
@@ -2736,19 +2736,19 @@ bfa_fcs_fdmi_get_portattr(struct bfa_fcs_lport_fdmi_s *fdmi,
        /*
         * OS device Name
         */
-       strlcpy(port_attr->os_device_name, driver_info->os_device_name,
+       strscpy(port_attr->os_device_name, driver_info->os_device_name,
                sizeof(port_attr->os_device_name));
 
        /*
         * Host name
         */
-       strlcpy(port_attr->host_name, driver_info->host_machine_name,
+       strscpy(port_attr->host_name, driver_info->host_machine_name,
                sizeof(port_attr->host_name));
 
        port_attr->node_name = bfa_fcs_lport_get_nwwn(port);
        port_attr->port_name = bfa_fcs_lport_get_pwwn(port);
 
-       strlcpy(port_attr->port_sym_name.symname,
+       strscpy(port_attr->port_sym_name.symname,
                bfa_fcs_lport_get_psym_name(port).symname, BFA_SYMNAME_MAXLEN);
        bfa_fcs_lport_get_attr(port, &lport_attr);
        port_attr->port_type = cpu_to_be32(lport_attr.port_type);
@@ -3229,7 +3229,7 @@ bfa_fcs_lport_ms_gmal_response(void *fcsarg, struct bfa_fcxp_s *fcxp,
                                        rsp_str[gmal_entry->len-1] = 0;
 
                                /* copy IP Address to fabric */
-                               strlcpy(bfa_fcs_lport_get_fabric_ipaddr(port),
+                               strscpy(bfa_fcs_lport_get_fabric_ipaddr(port),
                                        gmal_entry->ip_addr,
                                        BFA_FCS_FABRIC_IPADDR_SZ);
                                break;
@@ -4667,7 +4667,7 @@ bfa_fcs_lport_ns_send_rspn_id(void *ns_cbarg, struct bfa_fcxp_s *fcxp_alloced)
                 * to that of the base port.
                 */
 
-               strlcpy(symbl,
+               strscpy(symbl,
                        (char *)&(bfa_fcs_lport_get_psym_name
                         (bfa_fcs_get_base_port(port->fcs))),
                        sizeof(symbl));
@@ -5194,7 +5194,7 @@ bfa_fcs_lport_ns_util_send_rspn_id(void *cbarg, struct bfa_fcxp_s *fcxp_alloced)
                 * For Vports, we append the vport's port symbolic name
                 * to that of the base port.
                 */
-               strlcpy(symbl, (char *)&(bfa_fcs_lport_get_psym_name
+               strscpy(symbl, (char *)&(bfa_fcs_lport_get_psym_name
                        (bfa_fcs_get_base_port(port->fcs))),
                        sizeof(symbl));
 

diff --git a/drivers/scsi/bfa/bfa_ioc.c b/drivers/scsi/bfa/bfa_ioc.c
index 5740302..e1ed142 100644 (file)
--- a/drivers/scsi/bfa/bfa_ioc.c
+++ b/drivers/scsi/bfa/bfa_ioc.c
@@ -2788,7 +2788,7 @@ void
 bfa_ioc_get_adapter_manufacturer(struct bfa_ioc_s *ioc, char *manufacturer)
 {
        memset((void *)manufacturer, 0, BFA_ADAPTER_MFG_NAME_LEN);
-       strlcpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN);
+       strscpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN);
 }
 
 void

diff --git a/drivers/scsi/bfa/bfa_svc.c b/drivers/scsi/bfa/bfa_svc.c
index 4e3cef0..c9745c0 100644 (file)
--- a/drivers/scsi/bfa/bfa_svc.c
+++ b/drivers/scsi/bfa/bfa_svc.c
@@ -330,7 +330,7 @@ bfa_plog_str(struct bfa_plog_s *plog, enum bfa_plog_mid mid,
                lp.eid = event;
                lp.log_type = BFA_PL_LOG_TYPE_STRING;
                lp.misc = misc;
-               strlcpy(lp.log_entry.string_log, log_str,
+               strscpy(lp.log_entry.string_log, log_str,
                        BFA_PL_STRING_LOG_SZ);
                lp.log_entry.string_log[BFA_PL_STRING_LOG_SZ - 1] = '\0';
                bfa_plog_add(plog, &lp);

diff --git a/drivers/scsi/bfa/bfad.c b/drivers/scsi/bfa/bfad.c
index 529b73a..62cb7a8 100644 (file)
--- a/drivers/scsi/bfa/bfad.c
+++ b/drivers/scsi/bfa/bfad.c
@@ -965,19 +965,19 @@ bfad_start_ops(struct bfad_s *bfad) {
 
        /* Fill the driver_info info to fcs*/
        memset(&driver_info, 0, sizeof(driver_info));
-       strlcpy(driver_info.version, BFAD_DRIVER_VERSION,
+       strscpy(driver_info.version, BFAD_DRIVER_VERSION,
                sizeof(driver_info.version));
        if (host_name)
-               strlcpy(driver_info.host_machine_name, host_name,
+               strscpy(driver_info.host_machine_name, host_name,
                        sizeof(driver_info.host_machine_name));
        if (os_name)
-               strlcpy(driver_info.host_os_name, os_name,
+               strscpy(driver_info.host_os_name, os_name,
                        sizeof(driver_info.host_os_name));
        if (os_patch)
-               strlcpy(driver_info.host_os_patch, os_patch,
+               strscpy(driver_info.host_os_patch, os_patch,
                        sizeof(driver_info.host_os_patch));
 
-       strlcpy(driver_info.os_device_name, bfad->pci_name,
+       strscpy(driver_info.os_device_name, bfad->pci_name,
                sizeof(driver_info.os_device_name));
 
        /* FCS driver info init */

diff --git a/drivers/scsi/bfa/bfad_attr.c b/drivers/scsi/bfa/bfad_attr.c
index 5a85401..e96e4b6 100644 (file)
--- a/drivers/scsi/bfa/bfad_attr.c
+++ b/drivers/scsi/bfa/bfad_attr.c
@@ -834,7 +834,7 @@ bfad_im_symbolic_name_show(struct device *dev, struct device_attribute *attr,
        char symname[BFA_SYMNAME_MAXLEN];
 
        bfa_fcs_lport_get_attr(&bfad->bfa_fcs.fabric.bport, &port_attr);
-       strlcpy(symname, port_attr.port_cfg.sym_name.symname,
+       strscpy(symname, port_attr.port_cfg.sym_name.symname,
                        BFA_SYMNAME_MAXLEN);
        return sysfs_emit(buf, "%s\n", symname);
 }

diff --git a/drivers/scsi/bfa/bfad_bsg.c b/drivers/scsi/bfa/bfad_bsg.c
index 79d4f7e..520f915 100644 (file)
--- a/drivers/scsi/bfa/bfad_bsg.c
+++ b/drivers/scsi/bfa/bfad_bsg.c
@@ -119,7 +119,7 @@ bfad_iocmd_ioc_get_attr(struct bfad_s *bfad, void *cmd)
 
        /* fill in driver attr info */
        strcpy(iocmd->ioc_attr.driver_attr.driver, BFAD_DRIVER_NAME);
-       strlcpy(iocmd->ioc_attr.driver_attr.driver_ver,
+       strscpy(iocmd->ioc_attr.driver_attr.driver_ver,
                BFAD_DRIVER_VERSION, BFA_VERSION_LEN);
        strcpy(iocmd->ioc_attr.driver_attr.fw_ver,
                iocmd->ioc_attr.adapter_attr.fw_ver);
@@ -307,7 +307,7 @@ bfad_iocmd_port_get_attr(struct bfad_s *bfad, void *cmd)
        iocmd->attr.port_type = port_attr.port_type;
        iocmd->attr.loopback = port_attr.loopback;
        iocmd->attr.authfail = port_attr.authfail;
-       strlcpy(iocmd->attr.port_symname.symname,
+       strscpy(iocmd->attr.port_symname.symname,
                port_attr.port_cfg.sym_name.symname,
                sizeof(iocmd->attr.port_symname.symname));
 

diff --git a/drivers/scsi/bfa/bfad_im.c b/drivers/scsi/bfa/bfad_im.c
index c335f7a..a9d3d85 100644 (file)
--- a/drivers/scsi/bfa/bfad_im.c
+++ b/drivers/scsi/bfa/bfad_im.c
@@ -1046,7 +1046,7 @@ bfad_fc_host_init(struct bfad_im_port_s *im_port)
        /* For fibre channel services type 0x20 */
        fc_host_supported_fc4s(host)[7] = 1;
 
-       strlcpy(symname, bfad->bfa_fcs.fabric.bport.port_cfg.sym_name.symname,
+       strscpy(symname, bfad->bfa_fcs.fabric.bport.port_cfg.sym_name.symname,
                BFA_SYMNAME_MAXLEN);
        sprintf(fc_host_symbolic_name(host), "%s", symname);