By Linux 7.2 RC1 landed on June 28, and buried in Linus Torvalds’s merge summary is a milestone six years in the making: strncpy() is gone from the kernel. Not deprecated, not discouraged — gone. After 362 commits and contributions from 70 kernel developers, a function the kernel’s own documentation called “actively dangerous” has been fully excised from the codebase.
Why strncpy Was a Problem
strncpy() entered Unix for a specific, narrow purpose: copying strings into fixed-width fields inside old-style directory structs. For that use case, its semantics made sense. For everything else — which is how it has been used in practice for decades — it is a trap.
The core issue is null termination. When the source string is as long as or longer than the size limit, strncpy() does not null-terminate the destination. Any code that subsequently reads the result as a C string will keep scanning until it finds a null byte somewhere else in memory. In kernel context, that “somewhere else” can be sensitive data — user credentials, cryptographic material, address space layout. The result is a memory disclosure vulnerability, and it is trivially easy to introduce by accident.
There is a secondary annoyance: when the source is shorter than the limit, strncpy() zero-fills the entire remaining destination. Copying a 10-byte string into a 256-byte buffer costs 246 extra writes. Pointless overhead, baked in by design.
The kernel’s documentation was blunt about all of this. The guidance labeled strncpy “actively dangerous.” The function was not misunderstood — it was simply wrong for virtually every use case developers reached for it to solve.
What Six Years of Cleanup Actually Looks Like
Removing a single function from a codebase of 43 million lines is not a weekend project. Each call site had to be manually reviewed because the correct replacement depends on intent: do you want a NUL-terminated copy? A zero-padded copy? A raw memory copy of a known length? Applying the wrong replacement mechanically would trade one class of bug for another.
The kernel standardized on a family of purpose-named replacements:
strscpy()— the primary replacement; copies until NUL, always terminates the destinationstrscpy_pad()— same, but zero-fills the remainder (for cases where the padding was intentional)strtomem_pad()— for non-NUL-terminated fixed-width protocol fields (strncpy’s original use case)memcpy()— for known-length memory regions where both sides are controlled
The process required 362 commits and the hands-on involvement of 70 contributors over six years. Kees Cook drove much of the tooling and coordination. The effort accelerated in recent cycles as automated static analysis improved, but the final mile still required careful human review. The strncpy removal merged into the 7.2 development tree on June 20.
The Rest of Linux 7.2
The strncpy story is the headline, but the RC1 merge window brought meaningful work across the kernel:
Cache Aware Scheduling (CAS) addresses a scheduler assumption that has been wrong for years on modern server hardware. Linux treated each socket’s Last Level Cache as unified — which held for older CPU designs. AMD EPYC’s multi-die CCX topology and Intel Xeon 6’s partitioned LLC do not work that way. CAS gives the scheduler actual topology awareness, with the biggest gains landing in database and high-concurrency networking workloads on multi-socket configurations.
AMD ISP4 Driver brings AMD’s fourth-generation Image Signal Processor to mainline. The ISP4 handles camera noise reduction, HDR stitching, and autofocus in hardware on upcoming Ryzen SoCs. Linux laptop camera quality has lagged behind other platforms; mainline ISP4 support is a meaningful step toward closing that gap.
IMA/EVM Post-Quantum ML-DSA Signatures — the Integrity Measurement Architecture and Extended Verification Module can now validate using ML-DSA post-quantum signatures. Kernel module signing, file integrity verification, and secure boot chains are now resistant to quantum adversaries in the same release that retired a 37-year-old C string footgun.
AMDGPU HDMI 2.1 FRL and a long-standing PCIe fix round out the hardware-facing changes. The NTFS driver introduced in Linux 7.1 received correctness fixes for issues surfaced in early deployments.
If You Maintain Out-of-Tree Kernel Modules
This is the part that requires action. strncpy() is gone from kernel internal headers. Out-of-tree drivers that call it will fail to compile against 7.2. Linux 7.2 stable is expected around August 2026 — that is your runway. The migration is straightforward for most call sites: swap strncpy(dest, src, n) for strscpy(dest, src, n) and verify the surrounding logic assumes a NUL-terminated result. If your code relied on strncpy’s zero-padding, use strscpy_pad() instead.
For application developers using strncpy() in userspace: this change does not affect you. The removal is strictly kernel-internal. glibc still has the function.
The Memory Safety Arc
The Linux kernel is approaching memory safety from two directions at once. Rust brings new code that cannot express certain classes of memory bug by construction — and Rust kernel code grows with every release. The strncpy removal represents the other direction: retroactive cleanup of C code that has been accumulating risk for decades, enforced by removing the dangerous abstraction entirely rather than hoping developers choose correctly.
Both approaches are present in Linux 7.2. Six years is a long time for one function. The result is a whole class of kernel memory disclosure bug that is now structurally impossible to introduce — not just discouraged, not just flagged by linters, but impossible. That is what finished work looks like.
