Re: [PATCH] lib/string: replace BUG_ON with WARN_ON_ONCE in strlcat

[Andy Shevchenko]

On Mon, Mar 16, 2026 at 04:36:40PM +0000, Josh Law wrote:
> On 16 March 2026 16:30:15 GMT, Andy Shevchenko <andriy.shevchenko@xxxxxxxxx> wrote:
> >On Mon, Mar 16, 2026 at 04:17:28PM +0000, Josh Law wrote:
> >> BUG_ON() in a library function is too harsh -- it panics the kernel
> >> when a caller passes a dest string whose length already meets or
> >> exceeds count. This is a caller bug, not a reason to bring down the
> >> entire system.
> >> 
> >> Replace with WARN_ON_ONCE() and a safe early return. The return value
> >> of count signals truncation to the caller, consistent with strlcat
> >> semantics (return >= count means the output was truncated).
> >> 
> >> This follows the guidance in include/asm-generic/bug.h which
> >> explicitly discourages BUG_ON: "Don't use BUG() or BUG_ON() unless
> >> there's really no way out."
> >
> >First of all, this doesn't really change much, especially if one uses
> >panic_on_oops.
> >
> >Second, the entire function is kinda deprecated, it's better just to drop it.
> >
> >$ git grep -lw strlcat | wc -l
> >142
> >
> >(In reality it's less as tools and implementation are not users of it)
> >
> >Third, if the caller is that problematic this may lead to the serious
> >(security) issues.
> >
> >Based on that, NAK.
> 
> Hmm, good call, but how would I implement that? BUG_ON seems a bit too harsh
> for a library function.

Drop the function. Start from converting users to strscpy() or similar
(we have a few for different cases) and then drop strlcat() all for good.

-- 
With Best Regards,
Andy Shevchenko