From: Kees Cook Date: Mon, 23 Mar 2026 17:20:16 +0000 (-0700) Subject: wifi: mac80211: Replace strncpy() with strscpy_pad() in drv_switch_vif_chanctx tracepoint X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f21614c20053e083f07de58202032a73b04a1b7;p=thirdparty%2Flinux.git wifi: mac80211: Replace strncpy() with strscpy_pad() in drv_switch_vif_chanctx tracepoint Replace the deprecated[1] strncpy() with strscpy_pad() for copying the interface name into a tracepoint entry. The source "sdata->name" is a NUL-terminated char[IFNAMSIZ] buffer populated via NUL-guaranteeing paths: strscpy() in ieee80211_if_add(), snprintf() in ieee80211_add_virtual_monitor(), or memcpy() from ndev->name in ieee80211_if_add() and netdev_notify() (net/mac80211/iface.c). In the memcpy() cases, the source ndev->name is itself always NUL-terminated (populated via snprintf() or strscpy() in __dev_alloc_name() and dev_prep_valid_name() in net/core/dev.c). The destination "local_vifs[i].vif.vif_name" is a char[IFNAMSIZ] field in struct trace_vif_entry, stored in a __dynamic_array within the trace ring buffer. Since ring buffer entries are not zeroed on allocation, strscpy_pad() is used to zero-fill trailing bytes and prevent exposing stale ring buffer contents to userspace readers of tracefs. No behavioral change: since interface names are always at most 15 characters plus a NUL terminator, strscpy_pad() with size IFNAMSIZ (16) produces identical output to the original strncpy(). Link: https://github.com/KSPP/linux/issues/90 [1] Signed-off-by: Kees Cook Link: https://patch.msgid.link/20260323172015.work.146-kees@kernel.org Signed-off-by: Johannes Berg --- diff --git a/net/mac80211/trace.h b/net/mac80211/trace.h index 1f0c07eaad1bd..e5968d754f8be 100644 --- a/net/mac80211/trace.h +++ b/net/mac80211/trace.h @@ -1778,9 +1778,8 @@ TRACE_EVENT(drv_switch_vif_chanctx, SWITCH_ENTRY_ASSIGN(vif.vif_type, vif->type); SWITCH_ENTRY_ASSIGN(vif.p2p, vif->p2p); SWITCH_ENTRY_ASSIGN(link_id, link_conf->link_id); - strncpy(local_vifs[i].vif.vif_name, - sdata->name, - sizeof(local_vifs[i].vif.vif_name)); + strscpy_pad(local_vifs[i].vif.vif_name, + sdata->name); SWITCH_ENTRY_ASSIGN(old_chandef.control_freq, old_ctx->def.chan->center_freq); SWITCH_ENTRY_ASSIGN(old_chandef.freq_offset,