* [RFC PATCH 0/1] Create header for fortified string functions. @ 2021-01-07 14:51 laniel_francis 2021-01-07 14:51 ` [RFC PATCH 1/1] string.h: " laniel_francis 0 siblings, 1 reply; 4+ messages in thread From: laniel_francis @ 2021-01-07 14:51 UTC (permalink / raw) To: linux-kernel; +Cc: akpm, Francis Laniel From: Francis Laniel <laniel_francis@privacyrequired.com> Hi. First, I do hope you are fine and the same for your relatives. In a recent mail about the merge of a new fortified string function, Linus Torvalds suggested the creation of a dedicated header file for these functions: https://marc.info/?l=linux-mm-commits&m=160810366111244 This will make the code cleaner and also improve compile time for people who do not set CONFIG_FORTIFY_SOURCE. So, this patch creates fortify-string.h which is a new header which contains all the fortified versions of functions declared in string.h. Since code was moved, I might as well correct the warnings raised by checkpatch.pl. I benchmarked the code compilation with and without CONFIG_FORTIFY_SOURCE. To do this, I compiled 10 times a x86_64_defconfig'ured kernel using make -j4 and cleaning after each compilation. These compilations were first done without CONFIG_FORTIFY_SOURCE defined, then with this option defined. The results were collected using the time bash builtin and are the following (in seconds, rounded to 10^-3): | | min | max | mean | std. dev. | median | 99th percentile | | --- | ------- | ------- | ------- | --------- | ------- | --------------- | | w/o | 524.488 | 526.982 | 525.111 | 0.722 | 524.901 | 526.848 | | w/ | 529.502 | 531.795 | 529.939 | 0.671 | 529.783 | 531.633 | First, the results are quite stable as shown by the standard deviation (less than 1 second). On average, compile time without CONFIG_FORTIFY_SOURCE is 0.919% faster. For the median case, compiling without setting this option is 0.930% faster. Finally, with the 99th percentile, not using CONFIG_FORTIFY_SOURCE is 0.908% faster. Globally, using a different header seems to provide a roughly 1% faster compile time for people who do not set CONFIG_FORTIFY_SOURCE. This is not a huge gain... but still a gain! Especially on compilation which is an operation kernel developers do a lot. So, I await your opinions and reviews on this patch. Best regards. Francis Laniel (1): string.h: Move fortified functions definitions in a dedicated header. include/linux/fortify-string.h | 302 +++++++++++++++++++++++++++++++++ include/linux/string.h | 282 +----------------------------- 2 files changed, 303 insertions(+), 281 deletions(-) create mode 100644 include/linux/fortify-string.h -- 2.20.1 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [RFC PATCH 1/1] string.h: Create header for fortified string functions. 2021-01-07 14:51 [RFC PATCH 0/1] Create header for fortified string functions laniel_francis @ 2021-01-07 14:51 ` laniel_francis 2021-01-07 16:30 ` kernel test robot 2021-01-07 16:33 ` kernel test robot 0 siblings, 2 replies; 4+ messages in thread From: laniel_francis @ 2021-01-07 14:51 UTC (permalink / raw) To: linux-kernel; +Cc: akpm, Francis Laniel From: Francis Laniel <laniel_francis@privacyrequired.com> This patch adds fortify-string.h to contain fortified functions definitions. Thus, the code is more separated and compile time is slightly faster for people who do not set CONFIG_FORTIFY_SOURCE. Signed-off-by: Francis Laniel <laniel_francis@privacyrequired.com> --- include/linux/fortify-string.h | 302 +++++++++++++++++++++++++++++++++ include/linux/string.h | 282 +----------------------------- 2 files changed, 303 insertions(+), 281 deletions(-) create mode 100644 include/linux/fortify-string.h diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h new file mode 100644 index 000000000000..8a61b983318b --- /dev/null +++ b/include/linux/fortify-string.h @@ -0,0 +1,302 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _LINUX_FORTIFY_STRING_H_ +#define _LINUX_FORTIFY_STRING_H_ + + +#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) +extern void *__underlying_memchr(const void *p, int c, __kernel_size_t size) __RENAME(memchr); +extern int __underlying_memcmp(const void *p, const void *q, __kernel_size_t size) __RENAME(memcmp); +extern void *__underlying_memcpy(void *p, const void *q, __kernel_size_t size) __RENAME(memcpy); +extern void *__underlying_memmove(void *p, const void *q, __kernel_size_t size) __RENAME(memmove); +extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset); +extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat); +extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy); +extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen); +extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat); +extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy); +#else +#define __underlying_memchr __builtin_memchr +#define __underlying_memcmp __builtin_memcmp +#define __underlying_memcpy __builtin_memcpy +#define __underlying_memmove __builtin_memmove +#define __underlying_memset __builtin_memset +#define __underlying_strcat __builtin_strcat +#define __underlying_strcpy __builtin_strcpy +#define __underlying_strlen __builtin_strlen +#define __underlying_strncat __builtin_strncat +#define __underlying_strncpy __builtin_strncpy +#endif + +__FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size) +{ + size_t p_size = __builtin_object_size(p, 1); + + if (__builtin_constant_p(size) && p_size < size) + __write_overflow(); + if (p_size < size) + fortify_panic(__func__); + return __underlying_strncpy(p, q, size); +} + +__FORTIFY_INLINE char *strcat(char *p, const char *q) +{ + size_t p_size = __builtin_object_size(p, 1); + + if (p_size == (size_t)-1) + return __underlying_strcat(p, q); + if (strlcat(p, q, p_size) >= p_size) + fortify_panic(__func__); + return p; +} + +__FORTIFY_INLINE __kernel_size_t strlen(const char *p) +{ + __kernel_size_t ret; + size_t p_size = __builtin_object_size(p, 1); + + /* Work around gcc excess stack consumption issue */ + if (p_size == (size_t)-1 || + (__builtin_constant_p(p[p_size - 1]) && p[p_size - 1] == '\0')) + return __underlying_strlen(p); + ret = strnlen(p, p_size); + if (p_size <= ret) + fortify_panic(__func__); + return ret; +} + +extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen); +__FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen) +{ + size_t p_size = __builtin_object_size(p, 1); + __kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size); + + if (p_size <= ret && maxlen != ret) + fortify_panic(__func__); + return ret; +} + +/* defined after fortified strlen to reuse it */ +extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy); +__FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) +{ + size_t ret; + size_t p_size = __builtin_object_size(p, 1); + size_t q_size = __builtin_object_size(q, 1); + + if (p_size == (size_t)-1 && q_size == (size_t)-1) + return __real_strlcpy(p, q, size); + ret = strlen(q); + if (size) { + size_t len = (ret >= size) ? size - 1 : ret; + + if (__builtin_constant_p(len) && len >= p_size) + __write_overflow(); + if (len >= p_size) + fortify_panic(__func__); + __underlying_memcpy(p, q, len); + p[len] = '\0'; + } + return ret; +} + +/* defined after fortified strnlen to reuse it */ +extern ssize_t __real_strscpy(char *, const char *, size_t) __RENAME(strscpy); +__FORTIFY_INLINE ssize_t strscpy(char *p, const char *q, size_t size) +{ + size_t len; + /* Use string size rather than possible enclosing struct size. */ + size_t p_size = __builtin_object_size(p, 1); + size_t q_size = __builtin_object_size(q, 1); + + /* If we cannot get size of p and q default to call strscpy. */ + if (p_size == (size_t) -1 && q_size == (size_t) -1) + return __real_strscpy(p, q, size); + + /* + * If size can be known at compile time and is greater than + * p_size, generate a compile time write overflow error. + */ + if (__builtin_constant_p(size) && size > p_size) + __write_overflow(); + + /* + * This call protects from read overflow, because len will default to q + * length if it smaller than size. + */ + len = strnlen(q, size); + /* + * If len equals size, we will copy only size bytes which leads to + * -E2BIG being returned. + * Otherwise we will copy len + 1 because of the final '\O'. + */ + len = len == size ? size : len + 1; + + /* + * Generate a runtime write overflow error if len is greater than + * p_size. + */ + if (len > p_size) + fortify_panic(__func__); + + /* + * We can now safely call vanilla strscpy because we are protected from: + * 1. Read overflow thanks to call to strnlen(). + * 2. Write overflow thanks to above ifs. + */ + return __real_strscpy(p, q, len); +} + +/* defined after fortified strlen and strnlen to reuse them */ +__FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count) +{ + size_t p_len, copy_len; + size_t p_size = __builtin_object_size(p, 1); + size_t q_size = __builtin_object_size(q, 1); + + if (p_size == (size_t)-1 && q_size == (size_t)-1) + return __underlying_strncat(p, q, count); + p_len = strlen(p); + copy_len = strnlen(q, count); + if (p_size < p_len + copy_len + 1) + fortify_panic(__func__); + __underlying_memcpy(p + p_len, q, copy_len); + p[p_len + copy_len] = '\0'; + return p; +} + +__FORTIFY_INLINE void *memset(void *p, int c, __kernel_size_t size) +{ + size_t p_size = __builtin_object_size(p, 0); + + if (__builtin_constant_p(size) && p_size < size) + __write_overflow(); + if (p_size < size) + fortify_panic(__func__); + return __underlying_memset(p, c, size); +} + +__FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size) +{ + size_t p_size = __builtin_object_size(p, 0); + size_t q_size = __builtin_object_size(q, 0); + + if (__builtin_constant_p(size)) { + if (p_size < size) + __write_overflow(); + if (q_size < size) + __read_overflow2(); + } + if (p_size < size || q_size < size) + fortify_panic(__func__); + return __underlying_memcpy(p, q, size); +} + +__FORTIFY_INLINE void *memmove(void *p, const void *q, __kernel_size_t size) +{ + size_t p_size = __builtin_object_size(p, 0); + size_t q_size = __builtin_object_size(q, 0); + + if (__builtin_constant_p(size)) { + if (p_size < size) + __write_overflow(); + if (q_size < size) + __read_overflow2(); + } + if (p_size < size || q_size < size) + fortify_panic(__func__); + return __underlying_memmove(p, q, size); +} + +extern void *__real_memscan(void *, int, __kernel_size_t) __RENAME(memscan); +__FORTIFY_INLINE void *memscan(void *p, int c, __kernel_size_t size) +{ + size_t p_size = __builtin_object_size(p, 0); + + if (__builtin_constant_p(size) && p_size < size) + __read_overflow(); + if (p_size < size) + fortify_panic(__func__); + return __real_memscan(p, c, size); +} + +__FORTIFY_INLINE int memcmp(const void *p, const void *q, __kernel_size_t size) +{ + size_t p_size = __builtin_object_size(p, 0); + size_t q_size = __builtin_object_size(q, 0); + + if (__builtin_constant_p(size)) { + if (p_size < size) + __read_overflow(); + if (q_size < size) + __read_overflow2(); + } + if (p_size < size || q_size < size) + fortify_panic(__func__); + return __underlying_memcmp(p, q, size); +} + +__FORTIFY_INLINE void *memchr(const void *p, int c, __kernel_size_t size) +{ + size_t p_size = __builtin_object_size(p, 0); + + if (__builtin_constant_p(size) && p_size < size) + __read_overflow(); + if (p_size < size) + fortify_panic(__func__); + return __underlying_memchr(p, c, size); +} + +void *__real_memchr_inv(const void *s, int c, size_t n) __RENAME(memchr_inv); +__FORTIFY_INLINE void *memchr_inv(const void *p, int c, size_t size) +{ + size_t p_size = __builtin_object_size(p, 0); + + if (__builtin_constant_p(size) && p_size < size) + __read_overflow(); + if (p_size < size) + fortify_panic(__func__); + return __real_memchr_inv(p, c, size); +} + +extern void *__real_kmemdup(const void *src, size_t len, gfp_t gfp) __RENAME(kmemdup); +__FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp) +{ + size_t p_size = __builtin_object_size(p, 0); + + if (__builtin_constant_p(size) && p_size < size) + __read_overflow(); + if (p_size < size) + fortify_panic(__func__); + return __real_kmemdup(p, size, gfp); +} + +/* defined after fortified strlen and memcpy to reuse them */ +__FORTIFY_INLINE char *strcpy(char *p, const char *q) +{ + size_t p_size = __builtin_object_size(p, 1); + size_t q_size = __builtin_object_size(q, 1); + size_t size; + + if (p_size == (size_t)-1 && q_size == (size_t)-1) + return __underlying_strcpy(p, q); + size = strlen(q) + 1; + /* test here to use the more stringent object size */ + if (p_size < size) + fortify_panic(__func__); + memcpy(p, q, size); + return p; +} + +/* Don't use these outside the FORITFY_SOURCE implementation */ +#undef __underlying_memchr +#undef __underlying_memcmp +#undef __underlying_memcpy +#undef __underlying_memmove +#undef __underlying_memset +#undef __underlying_strcat +#undef __underlying_strcpy +#undef __underlying_strlen +#undef __underlying_strncat +#undef __underlying_strncpy + +#endif /* _LINUX_FORTIFY_STRING_H_ */ diff --git a/include/linux/string.h b/include/linux/string.h index 4fcfb56abcf5..9521d8cab18e 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -266,287 +266,7 @@ void __read_overflow3(void) __compiletime_error("detected read beyond size of ob void __write_overflow(void) __compiletime_error("detected write beyond size of object passed as 1st parameter"); #if !defined(__NO_FORTIFY) && defined(__OPTIMIZE__) && defined(CONFIG_FORTIFY_SOURCE) - -#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) -extern void *__underlying_memchr(const void *p, int c, __kernel_size_t size) __RENAME(memchr); -extern int __underlying_memcmp(const void *p, const void *q, __kernel_size_t size) __RENAME(memcmp); -extern void *__underlying_memcpy(void *p, const void *q, __kernel_size_t size) __RENAME(memcpy); -extern void *__underlying_memmove(void *p, const void *q, __kernel_size_t size) __RENAME(memmove); -extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset); -extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat); -extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy); -extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen); -extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat); -extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy); -#else -#define __underlying_memchr __builtin_memchr -#define __underlying_memcmp __builtin_memcmp -#define __underlying_memcpy __builtin_memcpy -#define __underlying_memmove __builtin_memmove -#define __underlying_memset __builtin_memset -#define __underlying_strcat __builtin_strcat -#define __underlying_strcpy __builtin_strcpy -#define __underlying_strlen __builtin_strlen -#define __underlying_strncat __builtin_strncat -#define __underlying_strncpy __builtin_strncpy -#endif - -__FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size) -{ - size_t p_size = __builtin_object_size(p, 1); - if (__builtin_constant_p(size) && p_size < size) - __write_overflow(); - if (p_size < size) - fortify_panic(__func__); - return __underlying_strncpy(p, q, size); -} - -__FORTIFY_INLINE char *strcat(char *p, const char *q) -{ - size_t p_size = __builtin_object_size(p, 1); - if (p_size == (size_t)-1) - return __underlying_strcat(p, q); - if (strlcat(p, q, p_size) >= p_size) - fortify_panic(__func__); - return p; -} - -__FORTIFY_INLINE __kernel_size_t strlen(const char *p) -{ - __kernel_size_t ret; - size_t p_size = __builtin_object_size(p, 1); - - /* Work around gcc excess stack consumption issue */ - if (p_size == (size_t)-1 || - (__builtin_constant_p(p[p_size - 1]) && p[p_size - 1] == '\0')) - return __underlying_strlen(p); - ret = strnlen(p, p_size); - if (p_size <= ret) - fortify_panic(__func__); - return ret; -} - -extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen); -__FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen) -{ - size_t p_size = __builtin_object_size(p, 1); - __kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size); - if (p_size <= ret && maxlen != ret) - fortify_panic(__func__); - return ret; -} - -/* defined after fortified strlen to reuse it */ -extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy); -__FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) -{ - size_t ret; - size_t p_size = __builtin_object_size(p, 1); - size_t q_size = __builtin_object_size(q, 1); - if (p_size == (size_t)-1 && q_size == (size_t)-1) - return __real_strlcpy(p, q, size); - ret = strlen(q); - if (size) { - size_t len = (ret >= size) ? size - 1 : ret; - if (__builtin_constant_p(len) && len >= p_size) - __write_overflow(); - if (len >= p_size) - fortify_panic(__func__); - __underlying_memcpy(p, q, len); - p[len] = '\0'; - } - return ret; -} - -/* defined after fortified strnlen to reuse it */ -extern ssize_t __real_strscpy(char *, const char *, size_t) __RENAME(strscpy); -__FORTIFY_INLINE ssize_t strscpy(char *p, const char *q, size_t size) -{ - size_t len; - /* Use string size rather than possible enclosing struct size. */ - size_t p_size = __builtin_object_size(p, 1); - size_t q_size = __builtin_object_size(q, 1); - - /* If we cannot get size of p and q default to call strscpy. */ - if (p_size == (size_t) -1 && q_size == (size_t) -1) - return __real_strscpy(p, q, size); - - /* - * If size can be known at compile time and is greater than - * p_size, generate a compile time write overflow error. - */ - if (__builtin_constant_p(size) && size > p_size) - __write_overflow(); - - /* - * This call protects from read overflow, because len will default to q - * length if it smaller than size. - */ - len = strnlen(q, size); - /* - * If len equals size, we will copy only size bytes which leads to - * -E2BIG being returned. - * Otherwise we will copy len + 1 because of the final '\O'. - */ - len = len == size ? size : len + 1; - - /* - * Generate a runtime write overflow error if len is greater than - * p_size. - */ - if (len > p_size) - fortify_panic(__func__); - - /* - * We can now safely call vanilla strscpy because we are protected from: - * 1. Read overflow thanks to call to strnlen(). - * 2. Write overflow thanks to above ifs. - */ - return __real_strscpy(p, q, len); -} - -/* defined after fortified strlen and strnlen to reuse them */ -__FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count) -{ - size_t p_len, copy_len; - size_t p_size = __builtin_object_size(p, 1); - size_t q_size = __builtin_object_size(q, 1); - if (p_size == (size_t)-1 && q_size == (size_t)-1) - return __underlying_strncat(p, q, count); - p_len = strlen(p); - copy_len = strnlen(q, count); - if (p_size < p_len + copy_len + 1) - fortify_panic(__func__); - __underlying_memcpy(p + p_len, q, copy_len); - p[p_len + copy_len] = '\0'; - return p; -} - -__FORTIFY_INLINE void *memset(void *p, int c, __kernel_size_t size) -{ - size_t p_size = __builtin_object_size(p, 0); - if (__builtin_constant_p(size) && p_size < size) - __write_overflow(); - if (p_size < size) - fortify_panic(__func__); - return __underlying_memset(p, c, size); -} - -__FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size) -{ - size_t p_size = __builtin_object_size(p, 0); - size_t q_size = __builtin_object_size(q, 0); - if (__builtin_constant_p(size)) { - if (p_size < size) - __write_overflow(); - if (q_size < size) - __read_overflow2(); - } - if (p_size < size || q_size < size) - fortify_panic(__func__); - return __underlying_memcpy(p, q, size); -} - -__FORTIFY_INLINE void *memmove(void *p, const void *q, __kernel_size_t size) -{ - size_t p_size = __builtin_object_size(p, 0); - size_t q_size = __builtin_object_size(q, 0); - if (__builtin_constant_p(size)) { - if (p_size < size) - __write_overflow(); - if (q_size < size) - __read_overflow2(); - } - if (p_size < size || q_size < size) - fortify_panic(__func__); - return __underlying_memmove(p, q, size); -} - -extern void *__real_memscan(void *, int, __kernel_size_t) __RENAME(memscan); -__FORTIFY_INLINE void *memscan(void *p, int c, __kernel_size_t size) -{ - size_t p_size = __builtin_object_size(p, 0); - if (__builtin_constant_p(size) && p_size < size) - __read_overflow(); - if (p_size < size) - fortify_panic(__func__); - return __real_memscan(p, c, size); -} - -__FORTIFY_INLINE int memcmp(const void *p, const void *q, __kernel_size_t size) -{ - size_t p_size = __builtin_object_size(p, 0); - size_t q_size = __builtin_object_size(q, 0); - if (__builtin_constant_p(size)) { - if (p_size < size) - __read_overflow(); - if (q_size < size) - __read_overflow2(); - } - if (p_size < size || q_size < size) - fortify_panic(__func__); - return __underlying_memcmp(p, q, size); -} - -__FORTIFY_INLINE void *memchr(const void *p, int c, __kernel_size_t size) -{ - size_t p_size = __builtin_object_size(p, 0); - if (__builtin_constant_p(size) && p_size < size) - __read_overflow(); - if (p_size < size) - fortify_panic(__func__); - return __underlying_memchr(p, c, size); -} - -void *__real_memchr_inv(const void *s, int c, size_t n) __RENAME(memchr_inv); -__FORTIFY_INLINE void *memchr_inv(const void *p, int c, size_t size) -{ - size_t p_size = __builtin_object_size(p, 0); - if (__builtin_constant_p(size) && p_size < size) - __read_overflow(); - if (p_size < size) - fortify_panic(__func__); - return __real_memchr_inv(p, c, size); -} - -extern void *__real_kmemdup(const void *src, size_t len, gfp_t gfp) __RENAME(kmemdup); -__FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp) -{ - size_t p_size = __builtin_object_size(p, 0); - if (__builtin_constant_p(size) && p_size < size) - __read_overflow(); - if (p_size < size) - fortify_panic(__func__); - return __real_kmemdup(p, size, gfp); -} - -/* defined after fortified strlen and memcpy to reuse them */ -__FORTIFY_INLINE char *strcpy(char *p, const char *q) -{ - size_t p_size = __builtin_object_size(p, 1); - size_t q_size = __builtin_object_size(q, 1); - size_t size; - if (p_size == (size_t)-1 && q_size == (size_t)-1) - return __underlying_strcpy(p, q); - size = strlen(q) + 1; - /* test here to use the more stringent object size */ - if (p_size < size) - fortify_panic(__func__); - memcpy(p, q, size); - return p; -} - -/* Don't use these outside the FORITFY_SOURCE implementation */ -#undef __underlying_memchr -#undef __underlying_memcmp -#undef __underlying_memcpy -#undef __underlying_memmove -#undef __underlying_memset -#undef __underlying_strcat -#undef __underlying_strcpy -#undef __underlying_strlen -#undef __underlying_strncat -#undef __underlying_strncpy +#include <linux/fortify-string.h> #endif /** -- 2.20.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [RFC PATCH 1/1] string.h: Create header for fortified string functions. 2021-01-07 14:51 ` [RFC PATCH 1/1] string.h: " laniel_francis @ 2021-01-07 16:30 ` kernel test robot 2021-01-07 16:33 ` kernel test robot 1 sibling, 0 replies; 4+ messages in thread From: kernel test robot @ 2021-01-07 16:30 UTC (permalink / raw) To: kbuild-all [-- Attachment #1: Type: text/plain, Size: 7289 bytes --] Hi, [FYI, it's a private test report for your RFC patch.] [auto build test WARNING on linus/master] [also build test WARNING on v5.11-rc2 next-20210104] [cannot apply to linux/master hnaz-linux-mm/master] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/laniel_francis-privacyrequired-com/Create-header-for-fortified-string-functions/20210107-230744 base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62 config: arm-randconfig-s032-20210107 (attached as .config) compiler: arm-linux-gnueabi-gcc (GCC) 9.3.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # apt-get install sparse # sparse version: v0.6.3-208-g46a52ca4-dirty # https://github.com/0day-ci/linux/commit/81d740d53ef9c7156a507c3782dab9dac21927d3 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review laniel_francis-privacyrequired-com/Create-header-for-fortified-string-functions/20210107-230744 git checkout 81d740d53ef9c7156a507c3782dab9dac21927d3 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=arm If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@intel.com> All warnings (new ones prefixed by >>): In file included from include/linux/string.h:269, from include/linux/bitmap.h:9, from include/linux/cpumask.h:12, from include/linux/smp.h:13, from include/linux/lockdep.h:14, from include/linux/spinlock.h:59, from include/linux/ipc.h:5, from include/uapi/linux/sem.h:5, from include/linux/sem.h:5, from include/linux/compat.h:14, from drivers/hid/uhid.c:11: In function 'strncpy', inlined from 'uhid_dev_create2' at drivers/hid/uhid.c:499:2, inlined from 'uhid_char_write' at drivers/hid/uhid.c:738:9: >> include/linux/fortify-string.h:27:30: warning: '__builtin_strncpy' output may be truncated copying 127 bytes from a string of length 127 [-Wstringop-truncation] 27 | #define __underlying_strncpy __builtin_strncpy | ^ include/linux/fortify-string.h:38:9: note: in expansion of macro '__underlying_strncpy' 38 | return __underlying_strncpy(p, q, size); | ^~~~~~~~~~~~~~~~~~~~ In function 'strncpy', inlined from 'uhid_dev_create2' at drivers/hid/uhid.c:501:2, inlined from 'uhid_char_write' at drivers/hid/uhid.c:738:9: include/linux/fortify-string.h:27:30: warning: '__builtin_strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Wstringop-truncation] 27 | #define __underlying_strncpy __builtin_strncpy | ^ include/linux/fortify-string.h:38:9: note: in expansion of macro '__underlying_strncpy' 38 | return __underlying_strncpy(p, q, size); | ^~~~~~~~~~~~~~~~~~~~ In function 'strncpy', inlined from 'uhid_dev_create2' at drivers/hid/uhid.c:503:2, inlined from 'uhid_char_write' at drivers/hid/uhid.c:738:9: include/linux/fortify-string.h:27:30: warning: '__builtin_strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Wstringop-truncation] 27 | #define __underlying_strncpy __builtin_strncpy | ^ include/linux/fortify-string.h:38:9: note: in expansion of macro '__underlying_strncpy' 38 | return __underlying_strncpy(p, q, size); | ^~~~~~~~~~~~~~~~~~~~ -- In file included from include/linux/string.h:269, from include/linux/bitmap.h:9, from include/linux/cpumask.h:12, from include/linux/smp.h:13, from include/linux/lockdep.h:14, from include/linux/rcupdate.h:29, from include/linux/rculist.h:11, from include/linux/pid.h:5, from include/linux/sched.h:14, from include/linux/ratelimit.h:6, from include/linux/dev_printk.h:16, from include/linux/device.h:15, from drivers/i3c/master.c:10: In function 'strncpy', inlined from 'i3c_master_i2c_adapter_init' at drivers/i3c/master.c:2186:2, inlined from 'i3c_master_register' at drivers/i3c/master.c:2550:8: >> include/linux/fortify-string.h:27:30: warning: '__builtin_strncpy' specified bound 48 equals destination size [-Wstringop-truncation] 27 | #define __underlying_strncpy __builtin_strncpy | ^ include/linux/fortify-string.h:38:9: note: in expansion of macro '__underlying_strncpy' 38 | return __underlying_strncpy(p, q, size); | ^~~~~~~~~~~~~~~~~~~~ vim +/__builtin_strncpy +27 include/linux/fortify-string.h 4 5 6 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) 7 extern void *__underlying_memchr(const void *p, int c, __kernel_size_t size) __RENAME(memchr); 8 extern int __underlying_memcmp(const void *p, const void *q, __kernel_size_t size) __RENAME(memcmp); 9 extern void *__underlying_memcpy(void *p, const void *q, __kernel_size_t size) __RENAME(memcpy); 10 extern void *__underlying_memmove(void *p, const void *q, __kernel_size_t size) __RENAME(memmove); 11 extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset); 12 extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat); 13 extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy); 14 extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen); 15 extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat); 16 extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy); 17 #else 18 #define __underlying_memchr __builtin_memchr 19 #define __underlying_memcmp __builtin_memcmp 20 #define __underlying_memcpy __builtin_memcpy 21 #define __underlying_memmove __builtin_memmove 22 #define __underlying_memset __builtin_memset 23 #define __underlying_strcat __builtin_strcat 24 #define __underlying_strcpy __builtin_strcpy 25 #define __underlying_strlen __builtin_strlen 26 #define __underlying_strncat __builtin_strncat > 27 #define __underlying_strncpy __builtin_strncpy 28 #endif 29 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org [-- Attachment #2: config.gz --] [-- Type: application/gzip, Size: 29725 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [RFC PATCH 1/1] string.h: Create header for fortified string functions. 2021-01-07 14:51 ` [RFC PATCH 1/1] string.h: " laniel_francis 2021-01-07 16:30 ` kernel test robot @ 2021-01-07 16:33 ` kernel test robot 1 sibling, 0 replies; 4+ messages in thread From: kernel test robot @ 2021-01-07 16:33 UTC (permalink / raw) To: kbuild-all [-- Attachment #1: Type: text/plain, Size: 21164 bytes --] Hi, [FYI, it's a private test report for your RFC patch.] [auto build test WARNING on linus/master] [also build test WARNING on v5.11-rc2 next-20210104] [cannot apply to linux/master hnaz-linux-mm/master] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/laniel_francis-privacyrequired-com/Create-header-for-fortified-string-functions/20210107-230744 base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62 config: x86_64-allyesconfig (attached as .config) compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 reproduce (this is a W=1 build): # https://github.com/0day-ci/linux/commit/81d740d53ef9c7156a507c3782dab9dac21927d3 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review laniel_francis-privacyrequired-com/Create-header-for-fortified-string-functions/20210107-230744 git checkout 81d740d53ef9c7156a507c3782dab9dac21927d3 # save the attached .config to linux build tree make W=1 ARCH=x86_64 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@intel.com> All warnings (new ones prefixed by >>): In file included from include/linux/string.h:269, from include/linux/uuid.h:12, from include/linux/mod_devicetable.h:13, from scripts/mod/devicetable-offsets.c:3: include/linux/fortify-string.h: In function 'strlcpy': >> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 94 | if (len >= p_size) | ^~ include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 96 | __underlying_memcpy(p, q, len); | ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h: In function 'strncat': include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 160 | if (p_size < p_len + copy_len + 1) | ^~ include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 162 | __underlying_memcpy(p + p_len, q, copy_len); | ^~~~~~~~~~~~~~~~~~~ -- In file included from include/linux/string.h:269, from include/linux/zutil.h:17, from lib/decompress_inflate.c:21: include/linux/fortify-string.h: In function 'strlcpy': >> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 94 | if (len >= p_size) | ^~ include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 96 | __underlying_memcpy(p, q, len); | ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h: In function 'strncat': include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 160 | if (p_size < p_len + copy_len + 1) | ^~ include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 162 | __underlying_memcpy(p + p_len, q, copy_len); | ^~~~~~~~~~~~~~~~~~~ lib/decompress_inflate.c: At top level: lib/decompress_inflate.c:42:17: warning: no previous prototype for '__gunzip' [-Wmissing-prototypes] 42 | STATIC int INIT __gunzip(unsigned char *buf, long len, | ^~~~~~~~ -- In file included from include/linux/string.h:269, from include/linux/bitmap.h:9, from include/linux/cpumask.h:12, from arch/x86/include/asm/cpumask.h:5, from arch/x86/include/asm/msr.h:11, from arch/x86/include/asm/processor.h:22, from arch/x86/include/asm/cpufeature.h:5, from arch/x86/include/asm/thread_info.h:53, from include/linux/thread_info.h:56, from arch/x86/include/asm/preempt.h:7, from include/linux/preempt.h:78, from include/linux/spinlock.h:51, from include/linux/wait.h:9, from include/linux/wait_bit.h:8, from include/linux/fs.h:6, from include/linux/decompress/mm.h:72, from lib/decompress_unlzo.c:28: include/linux/fortify-string.h: In function 'strlcpy': >> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 94 | if (len >= p_size) | ^~ include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 96 | __underlying_memcpy(p, q, len); | ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h: In function 'strncat': include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 160 | if (p_size < p_len + copy_len + 1) | ^~ include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 162 | __underlying_memcpy(p + p_len, q, copy_len); | ^~~~~~~~~~~~~~~~~~~ lib/decompress_unlzo.c: In function 'parse_header': lib/decompress_unlzo.c:46:5: warning: variable 'level' set but not used [-Wunused-but-set-variable] 46 | u8 level = 0; | ^~~~~ -- In file included from include/linux/string.h:269, from include/linux/bitmap.h:9, from include/linux/cpumask.h:12, from arch/x86/include/asm/cpumask.h:5, from arch/x86/include/asm/msr.h:11, from arch/x86/include/asm/processor.h:22, from arch/x86/include/asm/cpufeature.h:5, from arch/x86/include/asm/thread_info.h:53, from include/linux/thread_info.h:56, from arch/x86/include/asm/preempt.h:7, from include/linux/preempt.h:78, from include/linux/spinlock.h:51, from include/linux/wait.h:9, from include/linux/wait_bit.h:8, from include/linux/fs.h:6, from include/linux/decompress/mm.h:72, from lib/decompress_unxz.c:107: include/linux/fortify-string.h: In function 'strlcpy': >> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 94 | if (len >= p_size) | ^~ include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 96 | __underlying_memcpy(p, q, len); | ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h: In function 'strncat': include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 160 | if (p_size < p_len + copy_len + 1) | ^~ include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 162 | __underlying_memcpy(p + p_len, q, copy_len); | ^~~~~~~~~~~~~~~~~~~ lib/decompress_unxz.c: At top level: lib/decompress_unxz.c:251:17: warning: no previous prototype for 'unxz' [-Wmissing-prototypes] 251 | STATIC int INIT unxz(unsigned char *in, long in_size, | ^~~~ -- In file included from include/linux/string.h:269, from include/linux/bitmap.h:9, from include/linux/cpumask.h:12, from arch/x86/include/asm/cpumask.h:5, from arch/x86/include/asm/msr.h:11, from arch/x86/include/asm/processor.h:22, from arch/x86/include/asm/cpufeature.h:5, from arch/x86/include/asm/thread_info.h:53, from include/linux/thread_info.h:56, from arch/x86/include/asm/preempt.h:7, from include/linux/preempt.h:78, from include/linux/spinlock.h:51, from include/linux/wait.h:9, from include/linux/wait_bit.h:8, from include/linux/fs.h:6, from include/linux/decompress/mm.h:72, from lib/decompress_unzstd.c:78: include/linux/fortify-string.h: In function 'strlcpy': >> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 94 | if (len >= p_size) | ^~ include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 96 | __underlying_memcpy(p, q, len); | ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h: In function 'strncat': include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 160 | if (p_size < p_len + copy_len + 1) | ^~ include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 162 | __underlying_memcpy(p + p_len, q, copy_len); | ^~~~~~~~~~~~~~~~~~~ lib/decompress_unzstd.c: At top level: lib/decompress_unzstd.c:331:17: warning: no previous prototype for 'unzstd' [-Wmissing-prototypes] 331 | STATIC int INIT unzstd(unsigned char *buf, long len, | ^~~~~~ In file included from lib/decompress_unzstd.c:80: include/linux/zstd.h:798:21: warning: 'ZSTD_skippableHeaderSize' defined but not used [-Wunused-const-variable=] 798 | static const size_t ZSTD_skippableHeaderSize = 8; | ^~~~~~~~~~~~~~~~~~~~~~~~ include/linux/zstd.h:796:21: warning: 'ZSTD_frameHeaderSize_max' defined but not used [-Wunused-const-variable=] 796 | static const size_t ZSTD_frameHeaderSize_max = ZSTD_FRAMEHEADERSIZE_MAX; | ^~~~~~~~~~~~~~~~~~~~~~~~ include/linux/zstd.h:795:21: warning: 'ZSTD_frameHeaderSize_min' defined but not used [-Wunused-const-variable=] 795 | static const size_t ZSTD_frameHeaderSize_min = ZSTD_FRAMEHEADERSIZE_MIN; | ^~~~~~~~~~~~~~~~~~~~~~~~ include/linux/zstd.h:794:21: warning: 'ZSTD_frameHeaderSize_prefix' defined but not used [-Wunused-const-variable=] 794 | static const size_t ZSTD_frameHeaderSize_prefix = 5; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ -- In file included from include/linux/string.h:269, from include/linux/bitmap.h:9, from lib/radix-tree.c:12: include/linux/fortify-string.h: In function 'strlcpy': >> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 94 | if (len >= p_size) | ^~ include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 96 | __underlying_memcpy(p, q, len); | ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h: In function 'strncat': include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 160 | if (p_size < p_len + copy_len + 1) | ^~ include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 162 | __underlying_memcpy(p + p_len, q, copy_len); | ^~~~~~~~~~~~~~~~~~~ lib/radix-tree.c: At top level: lib/radix-tree.c:288:6: warning: no previous prototype for 'radix_tree_node_rcu_free' [-Wmissing-prototypes] 288 | void radix_tree_node_rcu_free(struct rcu_head *head) | ^~~~~~~~~~~~~~~~~~~~~~~~ -- In file included from include/linux/string.h:269, from include/linux/bitmap.h:9, from include/linux/cpumask.h:12, from include/linux/smp.h:13, from include/linux/lockdep.h:14, from include/linux/mutex.h:17, from include/linux/notifier.h:14, from include/linux/clk.h:14, from lib/vsprintf.c:22: include/linux/fortify-string.h: In function 'strlcpy': >> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 94 | if (len >= p_size) | ^~ include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 96 | __underlying_memcpy(p, q, len); | ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h: In function 'strncat': include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 160 | if (p_size < p_len + copy_len + 1) | ^~ include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 162 | __underlying_memcpy(p + p_len, q, copy_len); | ^~~~~~~~~~~~~~~~~~~ lib/vsprintf.c: In function 'va_format': lib/vsprintf.c:1663:2: warning: function 'va_format' might be a candidate for 'gnu_printf' format attribute [-Wsuggest-attribute=format] 1663 | buf += vsnprintf(buf, end > buf ? end - buf : 0, va_fmt->fmt, va); | ^~~ -- In file included from include/linux/string.h:269, from include/linux/bitmap.h:9, from include/linux/cpumask.h:12, from arch/x86/include/asm/cpumask.h:5, from arch/x86/include/asm/msr.h:11, from arch/x86/include/asm/processor.h:22, from arch/x86/include/asm/cpufeature.h:5, from arch/x86/include/asm/thread_info.h:53, from include/linux/thread_info.h:56, from arch/x86/include/asm/preempt.h:7, from include/linux/preempt.h:78, from include/linux/spinlock.h:51, from include/linux/mmzone.h:8, from include/linux/gfp.h:6, from include/linux/mm.h:10, from include/linux/mman.h:5, from lib/test_kasan_module.c:10: include/linux/fortify-string.h: In function 'strlcpy': >> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 94 | if (len >= p_size) | ^~ include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 96 | __underlying_memcpy(p, q, len); | ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h: In function 'strncat': include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 160 | if (p_size < p_len + copy_len + 1) | ^~ include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 162 | __underlying_memcpy(p + p_len, q, copy_len); | ^~~~~~~~~~~~~~~~~~~ lib/test_kasan_module.c: In function 'copy_user_test': lib/test_kasan_module.c:25:6: warning: variable 'unused' set but not used [-Wunused-but-set-variable] 25 | int unused; | ^~~~~~ -- In file included from include/linux/string.h:269, from include/linux/bitmap.h:9, from include/linux/cpumask.h:12, from arch/x86/include/asm/cpumask.h:5, from arch/x86/include/asm/msr.h:11, from arch/x86/include/asm/processor.h:22, from arch/x86/include/asm/timex.h:5, from include/linux/timex.h:65, from include/linux/time32.h:13, from include/linux/time.h:60, from include/linux/stat.h:19, from include/linux/module.h:13, from lib/test_blackhole_dev.c:13: include/linux/fortify-string.h: In function 'strlcpy': >> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 94 | if (len >= p_size) | ^~ include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 96 | __underlying_memcpy(p, q, len); | ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h: In function 'strncat': include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 160 | if (p_size < p_len + copy_len + 1) | ^~ include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 162 | __underlying_memcpy(p + p_len, q, copy_len); | ^~~~~~~~~~~~~~~~~~~ lib/test_blackhole_dev.c: In function 'test_blackholedev_init': lib/test_blackhole_dev.c:32:17: warning: variable 'ethh' set but not used [-Wunused-but-set-variable] 32 | struct ethhdr *ethh; | ^~~~ -- In file included from include/linux/string.h:269, from include/linux/bitmap.h:9, from include/linux/cpumask.h:12, from arch/x86/include/asm/cpumask.h:5, from arch/x86/include/asm/msr.h:11, from arch/x86/include/asm/processor.h:22, from arch/x86/include/asm/timex.h:5, from include/linux/timex.h:65, from include/linux/time32.h:13, from include/linux/time.h:60, from include/linux/skbuff.h:15, from include/linux/ip.h:16, from net/netfilter/ipvs/ip_vs_proto_tcp.c:20: include/linux/fortify-string.h: In function 'strlcpy': >> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 94 | if (len >= p_size) | ^~ include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 96 | __underlying_memcpy(p, q, len); | ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h: In function 'strncat': include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 160 | if (p_size < p_len + copy_len + 1) | ^~ include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 162 | __underlying_memcpy(p + p_len, q, copy_len); | ^~~~~~~~~~~~~~~~~~~ net/netfilter/ipvs/ip_vs_proto_tcp.c: At top level: net/netfilter/ipvs/ip_vs_proto_tcp.c:147:1: warning: no previous prototype for 'tcp_snat_handler' [-Wmissing-prototypes] 147 | tcp_snat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp, | ^~~~~~~~~~~~~~~~ .. vim +/if +94 include/linux/fortify-string.h 77 78 /* defined after fortified strlen to reuse it */ 79 extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy); 80 __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) 81 { 82 size_t ret; 83 size_t p_size = __builtin_object_size(p, 1); 84 size_t q_size = __builtin_object_size(q, 1); 85 86 if (p_size == (size_t)-1 && q_size == (size_t)-1) 87 return __real_strlcpy(p, q, size); 88 ret = strlen(q); 89 if (size) { 90 size_t len = (ret >= size) ? size - 1 : ret; 91 92 if (__builtin_constant_p(len) && len >= p_size) 93 __write_overflow(); > 94 if (len >= p_size) 95 fortify_panic(__func__); 96 __underlying_memcpy(p, q, len); 97 p[len] = '\0'; 98 } 99 return ret; 100 } 101 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org [-- Attachment #2: config.gz --] [-- Type: application/gzip, Size: 77759 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-01-07 16:33 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-01-07 14:51 [RFC PATCH 0/1] Create header for fortified string functions laniel_francis 2021-01-07 14:51 ` [RFC PATCH 1/1] string.h: " laniel_francis 2021-01-07 16:30 ` kernel test robot 2021-01-07 16:33 ` kernel test robot
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.