From 0eb1927502e870e4b8beaab403775056a8f4f0db Mon Sep 17 00:00:00 2001
From: Thorsten Blum <thorsten.blum@linux.dev>
Date: Mon, 22 Dec 2025 11:00:57 +0100
Subject: orangefs: Replace deprecated strcpy with strscpy

strcpy() has been deprecated [1] because it performs no bounds checking
on the destination buffer, which can lead to buffer overflows. Replace
it with the safer strscpy().  No functional changes.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
---
 fs/orangefs/xattr.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/fs/orangefs/xattr.c b/fs/orangefs/xattr.c
index eee3c5ed1bbb..a431aa07a229 100644
--- a/fs/orangefs/xattr.c
+++ b/fs/orangefs/xattr.c
@@ -152,7 +152,7 @@ ssize_t orangefs_inode_getxattr(struct inode *inode, const char *name,
 		goto out_unlock;
 
 	new_op->upcall.req.getxattr.refn = orangefs_inode->refn;
-	strcpy(new_op->upcall.req.getxattr.key, name);
+	strscpy(new_op->upcall.req.getxattr.key, name);
 
 	/*
 	 * NOTE: Although keys are meant to be NULL terminated textual
@@ -173,7 +173,7 @@ ssize_t orangefs_inode_getxattr(struct inode *inode, const char *name,
 				     (char *)new_op->upcall.req.getxattr.key);
 			cx = kmalloc(sizeof *cx, GFP_KERNEL);
 			if (cx) {
-				strcpy(cx->key, name);
+				strscpy(cx->key, name);
 				cx->length = -1;
 				cx->timeout = jiffies +
 				    orangefs_getattr_timeout_msecs*HZ/1000;
@@ -220,14 +220,14 @@ ssize_t orangefs_inode_getxattr(struct inode *inode, const char *name,
 	ret = length;
 
 	if (cx) {
-		strcpy(cx->key, name);
+		strscpy(cx->key, name);
 		memcpy(cx->val, buffer, length);
 		cx->length = length;
 		cx->timeout = jiffies + HZ;
 	} else {
 		cx = kmalloc(sizeof *cx, GFP_KERNEL);
 		if (cx) {
-			strcpy(cx->key, name);
+			strscpy(cx->key, name);
 			memcpy(cx->val, buffer, length);
 			cx->length = length;
 			cx->timeout = jiffies + HZ;
@@ -267,7 +267,7 @@ static int orangefs_inode_removexattr(struct inode *inode, const char *name,
 	 * textual strings, I am going to explicitly pass the
 	 * length just in case we change this later on...
 	 */
-	strcpy(new_op->upcall.req.removexattr.key, name);
+	strscpy(new_op->upcall.req.removexattr.key, name);
 	new_op->upcall.req.removexattr.key_sz = strlen(name) + 1;
 
 	gossip_debug(GOSSIP_XATTR_DEBUG,
@@ -361,7 +361,7 @@ int orangefs_inode_setxattr(struct inode *inode, const char *name,
 	 * strings, I am going to explicitly pass the length just in
 	 * case we change this later on...
 	 */
-	strcpy(new_op->upcall.req.setxattr.keyval.key, name);
+	strscpy(new_op->upcall.req.setxattr.keyval.key, name);
 	new_op->upcall.req.setxattr.keyval.key_sz = strlen(name) + 1;
 	memcpy(new_op->upcall.req.setxattr.keyval.val, value, size);
 	new_op->upcall.req.setxattr.keyval.val_sz = size;
-- 
cgit v1.2.3


From 9e835108a9ae1c37aef52a6f8d53265f474904a1 Mon Sep 17 00:00:00 2001
From: Thorsten Blum <thorsten.blum@linux.dev>
Date: Sat, 17 Jan 2026 14:49:53 +0100
Subject: fs/orangefs: Replace deprecated strcpy with memcpy + strscpy

strcpy() is deprecated [1] and using strcat() is discouraged. In
orangefs_debugfs_init() and orangefs_client_debug_init(), replace them
with memcpy() since the string lengths are already known. Replace all
other uses of strcpy() with the safer strscpy().

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
---
 fs/orangefs/orangefs-debugfs.c | 36 +++++++++++++++++++-----------------
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/fs/orangefs/orangefs-debugfs.c b/fs/orangefs/orangefs-debugfs.c
index 79267b3419f2..002092950605 100644
--- a/fs/orangefs/orangefs-debugfs.c
+++ b/fs/orangefs/orangefs-debugfs.c
@@ -238,14 +238,16 @@ void orangefs_debugfs_init(int debug_mask)
 static void orangefs_kernel_debug_init(void)
 {
 	static char k_buffer[ORANGEFS_MAX_DEBUG_STRING_LEN] = { };
+	size_t len = strlen(kernel_debug_string);
 
 	gossip_debug(GOSSIP_DEBUGFS_DEBUG, "%s: start\n", __func__);
 
-	if (strlen(kernel_debug_string) + 1 < ORANGEFS_MAX_DEBUG_STRING_LEN) {
-		strcpy(k_buffer, kernel_debug_string);
-		strcat(k_buffer, "\n");
+	if (len + 1 < ORANGEFS_MAX_DEBUG_STRING_LEN) {
+		memcpy(k_buffer, kernel_debug_string, len);
+		k_buffer[len] = '\n';
+		k_buffer[len + 1] = '\0';
 	} else {
-		strcpy(k_buffer, "none\n");
+		strscpy(k_buffer, "none\n");
 		pr_info("%s: overflow 1!\n", __func__);
 	}
 
@@ -336,16 +338,17 @@ static int help_show(struct seq_file *m, void *v)
  */
 static void orangefs_client_debug_init(void)
 {
-
 	static char c_buffer[ORANGEFS_MAX_DEBUG_STRING_LEN] = { };
+	size_t len = strlen(client_debug_string);
 
 	gossip_debug(GOSSIP_DEBUGFS_DEBUG, "%s: start\n", __func__);
 
-	if (strlen(client_debug_string) + 1 < ORANGEFS_MAX_DEBUG_STRING_LEN) {
-		strcpy(c_buffer, client_debug_string);
-		strcat(c_buffer, "\n");
+	if (len + 1 < ORANGEFS_MAX_DEBUG_STRING_LEN) {
+		memcpy(c_buffer, client_debug_string, len);
+		c_buffer[len] = '\n';
+		c_buffer[len + 1] = '\0';
 	} else {
-		strcpy(c_buffer, "none\n");
+		strscpy(c_buffer, "none\n");
 		pr_info("%s: overflow! 2\n", __func__);
 	}
 
@@ -748,15 +751,14 @@ static void debug_mask_to_string(void *mask, int type)
 	else if (len)
 		kernel_debug_string[len - 1] = '\0';
 	else if (type)
-		strcpy(client_debug_string, "none");
+		strscpy(client_debug_string, "none");
 	else
-		strcpy(kernel_debug_string, "none");
+		strscpy(kernel_debug_string, "none");
 
 out:
 gossip_debug(GOSSIP_UTILS_DEBUG, "%s: string:%s:\n", __func__, debug_string);
 
 	return;
-
 }
 
 static void do_k_string(void *k_mask, int index)
@@ -775,7 +777,7 @@ static void do_k_string(void *k_mask, int index)
 				strcat(kernel_debug_string, ",");
 			} else {
 				gossip_err("%s: overflow!\n", __func__);
-				strcpy(kernel_debug_string, ORANGEFS_ALL);
+				strscpy(kernel_debug_string, ORANGEFS_ALL);
 				goto out;
 			}
 	}
@@ -802,7 +804,7 @@ static void do_c_string(void *c_mask, int index)
 				strcat(client_debug_string, ",");
 			} else {
 				gossip_err("%s: overflow!\n", __func__);
-				strcpy(client_debug_string, ORANGEFS_ALL);
+				strscpy(client_debug_string, ORANGEFS_ALL);
 				goto out;
 			}
 	}
@@ -838,14 +840,14 @@ static int check_amalgam_keyword(void *mask, int type)
 
 		if ((c_mask->mask1 == cdm_array[client_all_index].mask1) &&
 		    (c_mask->mask2 == cdm_array[client_all_index].mask2)) {
-			strcpy(client_debug_string, ORANGEFS_ALL);
+			strscpy(client_debug_string, ORANGEFS_ALL);
 			rc = 1;
 			goto out;
 		}
 
 		if ((c_mask->mask1 == cdm_array[client_verbose_index].mask1) &&
 		    (c_mask->mask2 == cdm_array[client_verbose_index].mask2)) {
-			strcpy(client_debug_string, ORANGEFS_VERBOSE);
+			strscpy(client_debug_string, ORANGEFS_VERBOSE);
 			rc = 1;
 			goto out;
 		}
@@ -854,7 +856,7 @@ static int check_amalgam_keyword(void *mask, int type)
 		k_mask = (__u64 *) mask;
 
 		if (*k_mask >= s_kmod_keyword_mask_map[k_all_index].mask_val) {
-			strcpy(kernel_debug_string, ORANGEFS_ALL);
+			strscpy(kernel_debug_string, ORANGEFS_ALL);
 			rc = 1;
 			goto out;
 		}
-- 
cgit v1.2.3