TL;DR
- Kernel-Side Removal: Linux 7.2’s June 20 kernel merge has removed strncpy from kernel code.
- Cleanup Scale: The cleanup took about six years and more than 360 patches because calls blurred termination, padding, and raw-copy intent.
- Developer Impact: Developers now choose strscpy, strscpy_pad, strtomem_pad, memcpy_and_pad, or memcpy based on destination behavior.
- Migration Risk: Out-of-tree drivers and embedded platforms may need checks when existing string-copy assumptions surface.
Linux kernel maintainers released a June 20 Linux 7.2 merge that removes the legacy C string-copy function strncpy from kernel code. Kernel-side is the key scope: strncpy remains part of user-space C libraries and general C programming, but the Linux kernel no longer treats it as an in-tree application programming interface, or API, for string copying.
More than 360 patches across roughly six years turned a small-looking API deletion into a maintenance milestone. The merge removed the strncpy API from the kernel and moved former callers to safer alternatives. Old strncpy calls blurred whether code wanted a terminated string, a padded fixed-width field, or a raw memory copy, so the removal gives a clearer signal about what each call site is supposed to do.
What Changed Inside the Kernel
strncpy copies a fixed number of bytes. In kernel code, the awkward part was not the copy alone but the rules around the end of a string. A C string normally ends with a NUL terminator, the zero byte that marks where the string stops; when a source string was equal to or longer than the chosen size, strncpy could omit a NUL terminator, allowing later reads past the intended buffer.
Because strncpy also padded destinations with zero bytes even when padding was not the goal, kernel documentation tied that combination to ambiguous intent. A strncpy call might be building a string, filling a fixed-width character array, or copying known-length memory. Linus Torvalds called the old interface “a truly stupid interface”, a short criticism that follows the technical problem rather than replacing it.
Maintainers also eliminated the last per-CPU-architecture strncpy implementations. Former callers and architecture routines had to move so the kernel no longer carried separate versions of a deprecated interface across several CPU families.
The migration replaces inference with intent. Instead of reading an old strncpy call and guessing whether it meant a C string, a fixed-width field, or a counted byte sequence, they can expect the helper name to carry that choice. Kernel architecture code, drivers, and subsystem helpers can preserve old idioms long after maintainers have marked them as unsafe or confusing, so explicit helper names reduce review ambiguity.
Replacement Helpers Now
Replacement choice depends on the destination. Kernel code that needs a terminated string can use strscpy, while strscpy_pad handles terminated strings that also need padding. strtomem_pad covers fixed-width character arrays that are not NUL-terminated, and memcpy_and_pad or memcpy applies to bounded memory-copy cases. Kernel guidance says the strscpy replacement applies when a destination must be NUL-terminated, while padding and fixed-width memory cases use separate helpers.
After the removal, developers get a narrower decision tree, not a guarantee that C memory handling becomes safe. strscpy offers a clearer string-copy path because it NUL-terminates within the destination limit and reports truncation, while other helpers cover padding or raw memory-copy jobs. A driver, module, or embedded kernel-adjacent component still has to choose termination for string destinations, padding for fixed layouts, or byte copying for memory.
Buffer sizes and truncation checks remain the developer’s responsibility. By eliminating the overloaded default, the kernel now forces code to express which behavior it needs. Out-of-tree drivers or embedded platforms can carry old string-copy assumptions until a kernel migration exposes them.
Low-level kernel changes can also reach software far from the subsystem that changed. A Linux 7.0 PostgreSQL regression showed how database performance can shift after a scheduler option changes.
A separate FreeBSD kernel exploit developed with Claude illustrates why low-level cleanup carries security stakes beyond Linux. Removal narrows a long-standing source of ambiguity, while duplicate AI-found bugs underscored how triage pressure can strain Linux maintainers across security-sensitive code.
Downstream maintainers now face one concrete task: scan kernel-adjacent strncpy dependencies and migrate each one to the helper whose termination, padding, and copy-length behavior fits the code.