Linux kernel finally rips out strncpy after 6 years and 360+ patches

The Linux kernel has removed the long-deprecated strncpy() function entirely, landing in what the source describes as the Linux 7.2 merge window. The cleanup took roughly six years and about 362 commits to convert every in-tree caller, plus the removal of the last per-architecture strncpy implementations. With no remaining users, maintainers were able to delete the interface outright.

strncpy had been a recurring source of bugs because of its counterintuitive handling of NUL termination — it does not guarantee a terminating null when the source fills the buffer — and it wasted cycles by zero-filling the entire destination on every call. Those footguns made it a poor fit for kernel code, where a missing terminator can become a memory-safety problem.

Kernel developers are now expected to reach for purpose-built replacements: strscpy() for ordinary NUL-terminated copies, strscpy_pad() when zero-padding is also needed, strtomem_pad() for non-terminated fixed-width fields, memcpy_and_pad() for bounded copies with explicit padding, and plain memcpy() when the length is already known. The change reflects the kernel’s broader, incremental push to retire unsafe C string APIs in favor of clearer, harder-to-misuse primitives.