* [RFC PATCH 0/1] Create header for fortified string functions.
@ 2021-01-07 14:51 laniel_francis
2021-01-07 14:51 ` [RFC PATCH 1/1] string.h: " laniel_francis
0 siblings, 1 reply; 4+ messages in thread
From: laniel_francis @ 2021-01-07 14:51 UTC (permalink / raw)
To: linux-kernel; +Cc: akpm, Francis Laniel
From: Francis Laniel <laniel_francis@privacyrequired.com>
Hi.
First, I do hope you are fine and the same for your relatives.
In a recent mail about the merge of a new fortified string function, Linus
Torvalds suggested the creation of a dedicated header file for these functions:
https://marc.info/?l=linux-mm-commits&m=160810366111244
This will make the code cleaner and also improve compile time for people who do
not set CONFIG_FORTIFY_SOURCE.
So, this patch creates fortify-string.h which is a new header which contains
all the fortified versions of functions declared in string.h.
Since code was moved, I might as well correct the warnings raised by
checkpatch.pl.
I benchmarked the code compilation with and without CONFIG_FORTIFY_SOURCE.
To do this, I compiled 10 times a x86_64_defconfig'ured kernel using make -j4
and cleaning after each compilation.
These compilations were first done without CONFIG_FORTIFY_SOURCE defined,
then with this option defined.
The results were collected using the time bash builtin and are the following
(in seconds, rounded to 10^-3):
| | min | max | mean | std. dev. | median | 99th percentile |
| --- | ------- | ------- | ------- | --------- | ------- | --------------- |
| w/o | 524.488 | 526.982 | 525.111 | 0.722 | 524.901 | 526.848 |
| w/ | 529.502 | 531.795 | 529.939 | 0.671 | 529.783 | 531.633 |
First, the results are quite stable as shown by the standard deviation
(less than 1 second).
On average, compile time without CONFIG_FORTIFY_SOURCE is 0.919% faster.
For the median case, compiling without setting this option is 0.930% faster.
Finally, with the 99th percentile, not using CONFIG_FORTIFY_SOURCE is 0.908%
faster.
Globally, using a different header seems to provide a roughly 1% faster compile
time for people who do not set CONFIG_FORTIFY_SOURCE.
This is not a huge gain... but still a gain!
Especially on compilation which is an operation kernel developers do a lot.
So, I await your opinions and reviews on this patch.
Best regards.
Francis Laniel (1):
string.h: Move fortified functions definitions in a dedicated header.
include/linux/fortify-string.h | 302 +++++++++++++++++++++++++++++++++
include/linux/string.h | 282 +-----------------------------
2 files changed, 303 insertions(+), 281 deletions(-)
create mode 100644 include/linux/fortify-string.h
--
2.20.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [RFC PATCH 1/1] string.h: Create header for fortified string functions.
2021-01-07 14:51 [RFC PATCH 0/1] Create header for fortified string functions laniel_francis
@ 2021-01-07 14:51 ` laniel_francis
2021-01-07 16:30 ` kernel test robot
2021-01-07 16:33 ` kernel test robot
0 siblings, 2 replies; 4+ messages in thread
From: laniel_francis @ 2021-01-07 14:51 UTC (permalink / raw)
To: linux-kernel; +Cc: akpm, Francis Laniel
From: Francis Laniel <laniel_francis@privacyrequired.com>
This patch adds fortify-string.h to contain fortified functions definitions.
Thus, the code is more separated and compile time is slightly faster for people
who do not set CONFIG_FORTIFY_SOURCE.
Signed-off-by: Francis Laniel <laniel_francis@privacyrequired.com>
---
include/linux/fortify-string.h | 302 +++++++++++++++++++++++++++++++++
include/linux/string.h | 282 +-----------------------------
2 files changed, 303 insertions(+), 281 deletions(-)
create mode 100644 include/linux/fortify-string.h
diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
new file mode 100644
index 000000000000..8a61b983318b
--- /dev/null
+++ b/include/linux/fortify-string.h
@@ -0,0 +1,302 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LINUX_FORTIFY_STRING_H_
+#define _LINUX_FORTIFY_STRING_H_
+
+
+#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
+extern void *__underlying_memchr(const void *p, int c, __kernel_size_t size) __RENAME(memchr);
+extern int __underlying_memcmp(const void *p, const void *q, __kernel_size_t size) __RENAME(memcmp);
+extern void *__underlying_memcpy(void *p, const void *q, __kernel_size_t size) __RENAME(memcpy);
+extern void *__underlying_memmove(void *p, const void *q, __kernel_size_t size) __RENAME(memmove);
+extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset);
+extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat);
+extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy);
+extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen);
+extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat);
+extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy);
+#else
+#define __underlying_memchr __builtin_memchr
+#define __underlying_memcmp __builtin_memcmp
+#define __underlying_memcpy __builtin_memcpy
+#define __underlying_memmove __builtin_memmove
+#define __underlying_memset __builtin_memset
+#define __underlying_strcat __builtin_strcat
+#define __underlying_strcpy __builtin_strcpy
+#define __underlying_strlen __builtin_strlen
+#define __underlying_strncat __builtin_strncat
+#define __underlying_strncpy __builtin_strncpy
+#endif
+
+__FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size)
+{
+ size_t p_size = __builtin_object_size(p, 1);
+
+ if (__builtin_constant_p(size) && p_size < size)
+ __write_overflow();
+ if (p_size < size)
+ fortify_panic(__func__);
+ return __underlying_strncpy(p, q, size);
+}
+
+__FORTIFY_INLINE char *strcat(char *p, const char *q)
+{
+ size_t p_size = __builtin_object_size(p, 1);
+
+ if (p_size == (size_t)-1)
+ return __underlying_strcat(p, q);
+ if (strlcat(p, q, p_size) >= p_size)
+ fortify_panic(__func__);
+ return p;
+}
+
+__FORTIFY_INLINE __kernel_size_t strlen(const char *p)
+{
+ __kernel_size_t ret;
+ size_t p_size = __builtin_object_size(p, 1);
+
+ /* Work around gcc excess stack consumption issue */
+ if (p_size == (size_t)-1 ||
+ (__builtin_constant_p(p[p_size - 1]) && p[p_size - 1] == '\0'))
+ return __underlying_strlen(p);
+ ret = strnlen(p, p_size);
+ if (p_size <= ret)
+ fortify_panic(__func__);
+ return ret;
+}
+
+extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen);
+__FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen)
+{
+ size_t p_size = __builtin_object_size(p, 1);
+ __kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size);
+
+ if (p_size <= ret && maxlen != ret)
+ fortify_panic(__func__);
+ return ret;
+}
+
+/* defined after fortified strlen to reuse it */
+extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy);
+__FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size)
+{
+ size_t ret;
+ size_t p_size = __builtin_object_size(p, 1);
+ size_t q_size = __builtin_object_size(q, 1);
+
+ if (p_size == (size_t)-1 && q_size == (size_t)-1)
+ return __real_strlcpy(p, q, size);
+ ret = strlen(q);
+ if (size) {
+ size_t len = (ret >= size) ? size - 1 : ret;
+
+ if (__builtin_constant_p(len) && len >= p_size)
+ __write_overflow();
+ if (len >= p_size)
+ fortify_panic(__func__);
+ __underlying_memcpy(p, q, len);
+ p[len] = '\0';
+ }
+ return ret;
+}
+
+/* defined after fortified strnlen to reuse it */
+extern ssize_t __real_strscpy(char *, const char *, size_t) __RENAME(strscpy);
+__FORTIFY_INLINE ssize_t strscpy(char *p, const char *q, size_t size)
+{
+ size_t len;
+ /* Use string size rather than possible enclosing struct size. */
+ size_t p_size = __builtin_object_size(p, 1);
+ size_t q_size = __builtin_object_size(q, 1);
+
+ /* If we cannot get size of p and q default to call strscpy. */
+ if (p_size == (size_t) -1 && q_size == (size_t) -1)
+ return __real_strscpy(p, q, size);
+
+ /*
+ * If size can be known at compile time and is greater than
+ * p_size, generate a compile time write overflow error.
+ */
+ if (__builtin_constant_p(size) && size > p_size)
+ __write_overflow();
+
+ /*
+ * This call protects from read overflow, because len will default to q
+ * length if it smaller than size.
+ */
+ len = strnlen(q, size);
+ /*
+ * If len equals size, we will copy only size bytes which leads to
+ * -E2BIG being returned.
+ * Otherwise we will copy len + 1 because of the final '\O'.
+ */
+ len = len == size ? size : len + 1;
+
+ /*
+ * Generate a runtime write overflow error if len is greater than
+ * p_size.
+ */
+ if (len > p_size)
+ fortify_panic(__func__);
+
+ /*
+ * We can now safely call vanilla strscpy because we are protected from:
+ * 1. Read overflow thanks to call to strnlen().
+ * 2. Write overflow thanks to above ifs.
+ */
+ return __real_strscpy(p, q, len);
+}
+
+/* defined after fortified strlen and strnlen to reuse them */
+__FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count)
+{
+ size_t p_len, copy_len;
+ size_t p_size = __builtin_object_size(p, 1);
+ size_t q_size = __builtin_object_size(q, 1);
+
+ if (p_size == (size_t)-1 && q_size == (size_t)-1)
+ return __underlying_strncat(p, q, count);
+ p_len = strlen(p);
+ copy_len = strnlen(q, count);
+ if (p_size < p_len + copy_len + 1)
+ fortify_panic(__func__);
+ __underlying_memcpy(p + p_len, q, copy_len);
+ p[p_len + copy_len] = '\0';
+ return p;
+}
+
+__FORTIFY_INLINE void *memset(void *p, int c, __kernel_size_t size)
+{
+ size_t p_size = __builtin_object_size(p, 0);
+
+ if (__builtin_constant_p(size) && p_size < size)
+ __write_overflow();
+ if (p_size < size)
+ fortify_panic(__func__);
+ return __underlying_memset(p, c, size);
+}
+
+__FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size)
+{
+ size_t p_size = __builtin_object_size(p, 0);
+ size_t q_size = __builtin_object_size(q, 0);
+
+ if (__builtin_constant_p(size)) {
+ if (p_size < size)
+ __write_overflow();
+ if (q_size < size)
+ __read_overflow2();
+ }
+ if (p_size < size || q_size < size)
+ fortify_panic(__func__);
+ return __underlying_memcpy(p, q, size);
+}
+
+__FORTIFY_INLINE void *memmove(void *p, const void *q, __kernel_size_t size)
+{
+ size_t p_size = __builtin_object_size(p, 0);
+ size_t q_size = __builtin_object_size(q, 0);
+
+ if (__builtin_constant_p(size)) {
+ if (p_size < size)
+ __write_overflow();
+ if (q_size < size)
+ __read_overflow2();
+ }
+ if (p_size < size || q_size < size)
+ fortify_panic(__func__);
+ return __underlying_memmove(p, q, size);
+}
+
+extern void *__real_memscan(void *, int, __kernel_size_t) __RENAME(memscan);
+__FORTIFY_INLINE void *memscan(void *p, int c, __kernel_size_t size)
+{
+ size_t p_size = __builtin_object_size(p, 0);
+
+ if (__builtin_constant_p(size) && p_size < size)
+ __read_overflow();
+ if (p_size < size)
+ fortify_panic(__func__);
+ return __real_memscan(p, c, size);
+}
+
+__FORTIFY_INLINE int memcmp(const void *p, const void *q, __kernel_size_t size)
+{
+ size_t p_size = __builtin_object_size(p, 0);
+ size_t q_size = __builtin_object_size(q, 0);
+
+ if (__builtin_constant_p(size)) {
+ if (p_size < size)
+ __read_overflow();
+ if (q_size < size)
+ __read_overflow2();
+ }
+ if (p_size < size || q_size < size)
+ fortify_panic(__func__);
+ return __underlying_memcmp(p, q, size);
+}
+
+__FORTIFY_INLINE void *memchr(const void *p, int c, __kernel_size_t size)
+{
+ size_t p_size = __builtin_object_size(p, 0);
+
+ if (__builtin_constant_p(size) && p_size < size)
+ __read_overflow();
+ if (p_size < size)
+ fortify_panic(__func__);
+ return __underlying_memchr(p, c, size);
+}
+
+void *__real_memchr_inv(const void *s, int c, size_t n) __RENAME(memchr_inv);
+__FORTIFY_INLINE void *memchr_inv(const void *p, int c, size_t size)
+{
+ size_t p_size = __builtin_object_size(p, 0);
+
+ if (__builtin_constant_p(size) && p_size < size)
+ __read_overflow();
+ if (p_size < size)
+ fortify_panic(__func__);
+ return __real_memchr_inv(p, c, size);
+}
+
+extern void *__real_kmemdup(const void *src, size_t len, gfp_t gfp) __RENAME(kmemdup);
+__FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp)
+{
+ size_t p_size = __builtin_object_size(p, 0);
+
+ if (__builtin_constant_p(size) && p_size < size)
+ __read_overflow();
+ if (p_size < size)
+ fortify_panic(__func__);
+ return __real_kmemdup(p, size, gfp);
+}
+
+/* defined after fortified strlen and memcpy to reuse them */
+__FORTIFY_INLINE char *strcpy(char *p, const char *q)
+{
+ size_t p_size = __builtin_object_size(p, 1);
+ size_t q_size = __builtin_object_size(q, 1);
+ size_t size;
+
+ if (p_size == (size_t)-1 && q_size == (size_t)-1)
+ return __underlying_strcpy(p, q);
+ size = strlen(q) + 1;
+ /* test here to use the more stringent object size */
+ if (p_size < size)
+ fortify_panic(__func__);
+ memcpy(p, q, size);
+ return p;
+}
+
+/* Don't use these outside the FORITFY_SOURCE implementation */
+#undef __underlying_memchr
+#undef __underlying_memcmp
+#undef __underlying_memcpy
+#undef __underlying_memmove
+#undef __underlying_memset
+#undef __underlying_strcat
+#undef __underlying_strcpy
+#undef __underlying_strlen
+#undef __underlying_strncat
+#undef __underlying_strncpy
+
+#endif /* _LINUX_FORTIFY_STRING_H_ */
diff --git a/include/linux/string.h b/include/linux/string.h
index 4fcfb56abcf5..9521d8cab18e 100644
--- a/include/linux/string.h
+++ b/include/linux/string.h
@@ -266,287 +266,7 @@ void __read_overflow3(void) __compiletime_error("detected read beyond size of ob
void __write_overflow(void) __compiletime_error("detected write beyond size of object passed as 1st parameter");
#if !defined(__NO_FORTIFY) && defined(__OPTIMIZE__) && defined(CONFIG_FORTIFY_SOURCE)
-
-#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
-extern void *__underlying_memchr(const void *p, int c, __kernel_size_t size) __RENAME(memchr);
-extern int __underlying_memcmp(const void *p, const void *q, __kernel_size_t size) __RENAME(memcmp);
-extern void *__underlying_memcpy(void *p, const void *q, __kernel_size_t size) __RENAME(memcpy);
-extern void *__underlying_memmove(void *p, const void *q, __kernel_size_t size) __RENAME(memmove);
-extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset);
-extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat);
-extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy);
-extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen);
-extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat);
-extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy);
-#else
-#define __underlying_memchr __builtin_memchr
-#define __underlying_memcmp __builtin_memcmp
-#define __underlying_memcpy __builtin_memcpy
-#define __underlying_memmove __builtin_memmove
-#define __underlying_memset __builtin_memset
-#define __underlying_strcat __builtin_strcat
-#define __underlying_strcpy __builtin_strcpy
-#define __underlying_strlen __builtin_strlen
-#define __underlying_strncat __builtin_strncat
-#define __underlying_strncpy __builtin_strncpy
-#endif
-
-__FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size)
-{
- size_t p_size = __builtin_object_size(p, 1);
- if (__builtin_constant_p(size) && p_size < size)
- __write_overflow();
- if (p_size < size)
- fortify_panic(__func__);
- return __underlying_strncpy(p, q, size);
-}
-
-__FORTIFY_INLINE char *strcat(char *p, const char *q)
-{
- size_t p_size = __builtin_object_size(p, 1);
- if (p_size == (size_t)-1)
- return __underlying_strcat(p, q);
- if (strlcat(p, q, p_size) >= p_size)
- fortify_panic(__func__);
- return p;
-}
-
-__FORTIFY_INLINE __kernel_size_t strlen(const char *p)
-{
- __kernel_size_t ret;
- size_t p_size = __builtin_object_size(p, 1);
-
- /* Work around gcc excess stack consumption issue */
- if (p_size == (size_t)-1 ||
- (__builtin_constant_p(p[p_size - 1]) && p[p_size - 1] == '\0'))
- return __underlying_strlen(p);
- ret = strnlen(p, p_size);
- if (p_size <= ret)
- fortify_panic(__func__);
- return ret;
-}
-
-extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen);
-__FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen)
-{
- size_t p_size = __builtin_object_size(p, 1);
- __kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size);
- if (p_size <= ret && maxlen != ret)
- fortify_panic(__func__);
- return ret;
-}
-
-/* defined after fortified strlen to reuse it */
-extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy);
-__FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size)
-{
- size_t ret;
- size_t p_size = __builtin_object_size(p, 1);
- size_t q_size = __builtin_object_size(q, 1);
- if (p_size == (size_t)-1 && q_size == (size_t)-1)
- return __real_strlcpy(p, q, size);
- ret = strlen(q);
- if (size) {
- size_t len = (ret >= size) ? size - 1 : ret;
- if (__builtin_constant_p(len) && len >= p_size)
- __write_overflow();
- if (len >= p_size)
- fortify_panic(__func__);
- __underlying_memcpy(p, q, len);
- p[len] = '\0';
- }
- return ret;
-}
-
-/* defined after fortified strnlen to reuse it */
-extern ssize_t __real_strscpy(char *, const char *, size_t) __RENAME(strscpy);
-__FORTIFY_INLINE ssize_t strscpy(char *p, const char *q, size_t size)
-{
- size_t len;
- /* Use string size rather than possible enclosing struct size. */
- size_t p_size = __builtin_object_size(p, 1);
- size_t q_size = __builtin_object_size(q, 1);
-
- /* If we cannot get size of p and q default to call strscpy. */
- if (p_size == (size_t) -1 && q_size == (size_t) -1)
- return __real_strscpy(p, q, size);
-
- /*
- * If size can be known at compile time and is greater than
- * p_size, generate a compile time write overflow error.
- */
- if (__builtin_constant_p(size) && size > p_size)
- __write_overflow();
-
- /*
- * This call protects from read overflow, because len will default to q
- * length if it smaller than size.
- */
- len = strnlen(q, size);
- /*
- * If len equals size, we will copy only size bytes which leads to
- * -E2BIG being returned.
- * Otherwise we will copy len + 1 because of the final '\O'.
- */
- len = len == size ? size : len + 1;
-
- /*
- * Generate a runtime write overflow error if len is greater than
- * p_size.
- */
- if (len > p_size)
- fortify_panic(__func__);
-
- /*
- * We can now safely call vanilla strscpy because we are protected from:
- * 1. Read overflow thanks to call to strnlen().
- * 2. Write overflow thanks to above ifs.
- */
- return __real_strscpy(p, q, len);
-}
-
-/* defined after fortified strlen and strnlen to reuse them */
-__FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count)
-{
- size_t p_len, copy_len;
- size_t p_size = __builtin_object_size(p, 1);
- size_t q_size = __builtin_object_size(q, 1);
- if (p_size == (size_t)-1 && q_size == (size_t)-1)
- return __underlying_strncat(p, q, count);
- p_len = strlen(p);
- copy_len = strnlen(q, count);
- if (p_size < p_len + copy_len + 1)
- fortify_panic(__func__);
- __underlying_memcpy(p + p_len, q, copy_len);
- p[p_len + copy_len] = '\0';
- return p;
-}
-
-__FORTIFY_INLINE void *memset(void *p, int c, __kernel_size_t size)
-{
- size_t p_size = __builtin_object_size(p, 0);
- if (__builtin_constant_p(size) && p_size < size)
- __write_overflow();
- if (p_size < size)
- fortify_panic(__func__);
- return __underlying_memset(p, c, size);
-}
-
-__FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size)
-{
- size_t p_size = __builtin_object_size(p, 0);
- size_t q_size = __builtin_object_size(q, 0);
- if (__builtin_constant_p(size)) {
- if (p_size < size)
- __write_overflow();
- if (q_size < size)
- __read_overflow2();
- }
- if (p_size < size || q_size < size)
- fortify_panic(__func__);
- return __underlying_memcpy(p, q, size);
-}
-
-__FORTIFY_INLINE void *memmove(void *p, const void *q, __kernel_size_t size)
-{
- size_t p_size = __builtin_object_size(p, 0);
- size_t q_size = __builtin_object_size(q, 0);
- if (__builtin_constant_p(size)) {
- if (p_size < size)
- __write_overflow();
- if (q_size < size)
- __read_overflow2();
- }
- if (p_size < size || q_size < size)
- fortify_panic(__func__);
- return __underlying_memmove(p, q, size);
-}
-
-extern void *__real_memscan(void *, int, __kernel_size_t) __RENAME(memscan);
-__FORTIFY_INLINE void *memscan(void *p, int c, __kernel_size_t size)
-{
- size_t p_size = __builtin_object_size(p, 0);
- if (__builtin_constant_p(size) && p_size < size)
- __read_overflow();
- if (p_size < size)
- fortify_panic(__func__);
- return __real_memscan(p, c, size);
-}
-
-__FORTIFY_INLINE int memcmp(const void *p, const void *q, __kernel_size_t size)
-{
- size_t p_size = __builtin_object_size(p, 0);
- size_t q_size = __builtin_object_size(q, 0);
- if (__builtin_constant_p(size)) {
- if (p_size < size)
- __read_overflow();
- if (q_size < size)
- __read_overflow2();
- }
- if (p_size < size || q_size < size)
- fortify_panic(__func__);
- return __underlying_memcmp(p, q, size);
-}
-
-__FORTIFY_INLINE void *memchr(const void *p, int c, __kernel_size_t size)
-{
- size_t p_size = __builtin_object_size(p, 0);
- if (__builtin_constant_p(size) && p_size < size)
- __read_overflow();
- if (p_size < size)
- fortify_panic(__func__);
- return __underlying_memchr(p, c, size);
-}
-
-void *__real_memchr_inv(const void *s, int c, size_t n) __RENAME(memchr_inv);
-__FORTIFY_INLINE void *memchr_inv(const void *p, int c, size_t size)
-{
- size_t p_size = __builtin_object_size(p, 0);
- if (__builtin_constant_p(size) && p_size < size)
- __read_overflow();
- if (p_size < size)
- fortify_panic(__func__);
- return __real_memchr_inv(p, c, size);
-}
-
-extern void *__real_kmemdup(const void *src, size_t len, gfp_t gfp) __RENAME(kmemdup);
-__FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp)
-{
- size_t p_size = __builtin_object_size(p, 0);
- if (__builtin_constant_p(size) && p_size < size)
- __read_overflow();
- if (p_size < size)
- fortify_panic(__func__);
- return __real_kmemdup(p, size, gfp);
-}
-
-/* defined after fortified strlen and memcpy to reuse them */
-__FORTIFY_INLINE char *strcpy(char *p, const char *q)
-{
- size_t p_size = __builtin_object_size(p, 1);
- size_t q_size = __builtin_object_size(q, 1);
- size_t size;
- if (p_size == (size_t)-1 && q_size == (size_t)-1)
- return __underlying_strcpy(p, q);
- size = strlen(q) + 1;
- /* test here to use the more stringent object size */
- if (p_size < size)
- fortify_panic(__func__);
- memcpy(p, q, size);
- return p;
-}
-
-/* Don't use these outside the FORITFY_SOURCE implementation */
-#undef __underlying_memchr
-#undef __underlying_memcmp
-#undef __underlying_memcpy
-#undef __underlying_memmove
-#undef __underlying_memset
-#undef __underlying_strcat
-#undef __underlying_strcpy
-#undef __underlying_strlen
-#undef __underlying_strncat
-#undef __underlying_strncpy
+#include <linux/fortify-string.h>
#endif
/**
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [RFC PATCH 1/1] string.h: Create header for fortified string functions.
2021-01-07 14:51 ` [RFC PATCH 1/1] string.h: " laniel_francis
@ 2021-01-07 16:30 ` kernel test robot
2021-01-07 16:33 ` kernel test robot
1 sibling, 0 replies; 4+ messages in thread
From: kernel test robot @ 2021-01-07 16:30 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 7289 bytes --]
Hi,
[FYI, it's a private test report for your RFC patch.]
[auto build test WARNING on linus/master]
[also build test WARNING on v5.11-rc2 next-20210104]
[cannot apply to linux/master hnaz-linux-mm/master]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/laniel_francis-privacyrequired-com/Create-header-for-fortified-string-functions/20210107-230744
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62
config: arm-randconfig-s032-20210107 (attached as .config)
compiler: arm-linux-gnueabi-gcc (GCC) 9.3.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# apt-get install sparse
# sparse version: v0.6.3-208-g46a52ca4-dirty
# https://github.com/0day-ci/linux/commit/81d740d53ef9c7156a507c3782dab9dac21927d3
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review laniel_francis-privacyrequired-com/Create-header-for-fortified-string-functions/20210107-230744
git checkout 81d740d53ef9c7156a507c3782dab9dac21927d3
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=arm
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
In file included from include/linux/string.h:269,
from include/linux/bitmap.h:9,
from include/linux/cpumask.h:12,
from include/linux/smp.h:13,
from include/linux/lockdep.h:14,
from include/linux/spinlock.h:59,
from include/linux/ipc.h:5,
from include/uapi/linux/sem.h:5,
from include/linux/sem.h:5,
from include/linux/compat.h:14,
from drivers/hid/uhid.c:11:
In function 'strncpy',
inlined from 'uhid_dev_create2' at drivers/hid/uhid.c:499:2,
inlined from 'uhid_char_write' at drivers/hid/uhid.c:738:9:
>> include/linux/fortify-string.h:27:30: warning: '__builtin_strncpy' output may be truncated copying 127 bytes from a string of length 127 [-Wstringop-truncation]
27 | #define __underlying_strncpy __builtin_strncpy
| ^
include/linux/fortify-string.h:38:9: note: in expansion of macro '__underlying_strncpy'
38 | return __underlying_strncpy(p, q, size);
| ^~~~~~~~~~~~~~~~~~~~
In function 'strncpy',
inlined from 'uhid_dev_create2' at drivers/hid/uhid.c:501:2,
inlined from 'uhid_char_write' at drivers/hid/uhid.c:738:9:
include/linux/fortify-string.h:27:30: warning: '__builtin_strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Wstringop-truncation]
27 | #define __underlying_strncpy __builtin_strncpy
| ^
include/linux/fortify-string.h:38:9: note: in expansion of macro '__underlying_strncpy'
38 | return __underlying_strncpy(p, q, size);
| ^~~~~~~~~~~~~~~~~~~~
In function 'strncpy',
inlined from 'uhid_dev_create2' at drivers/hid/uhid.c:503:2,
inlined from 'uhid_char_write' at drivers/hid/uhid.c:738:9:
include/linux/fortify-string.h:27:30: warning: '__builtin_strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Wstringop-truncation]
27 | #define __underlying_strncpy __builtin_strncpy
| ^
include/linux/fortify-string.h:38:9: note: in expansion of macro '__underlying_strncpy'
38 | return __underlying_strncpy(p, q, size);
| ^~~~~~~~~~~~~~~~~~~~
--
In file included from include/linux/string.h:269,
from include/linux/bitmap.h:9,
from include/linux/cpumask.h:12,
from include/linux/smp.h:13,
from include/linux/lockdep.h:14,
from include/linux/rcupdate.h:29,
from include/linux/rculist.h:11,
from include/linux/pid.h:5,
from include/linux/sched.h:14,
from include/linux/ratelimit.h:6,
from include/linux/dev_printk.h:16,
from include/linux/device.h:15,
from drivers/i3c/master.c:10:
In function 'strncpy',
inlined from 'i3c_master_i2c_adapter_init' at drivers/i3c/master.c:2186:2,
inlined from 'i3c_master_register' at drivers/i3c/master.c:2550:8:
>> include/linux/fortify-string.h:27:30: warning: '__builtin_strncpy' specified bound 48 equals destination size [-Wstringop-truncation]
27 | #define __underlying_strncpy __builtin_strncpy
| ^
include/linux/fortify-string.h:38:9: note: in expansion of macro '__underlying_strncpy'
38 | return __underlying_strncpy(p, q, size);
| ^~~~~~~~~~~~~~~~~~~~
vim +/__builtin_strncpy +27 include/linux/fortify-string.h
4
5
6 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
7 extern void *__underlying_memchr(const void *p, int c, __kernel_size_t size) __RENAME(memchr);
8 extern int __underlying_memcmp(const void *p, const void *q, __kernel_size_t size) __RENAME(memcmp);
9 extern void *__underlying_memcpy(void *p, const void *q, __kernel_size_t size) __RENAME(memcpy);
10 extern void *__underlying_memmove(void *p, const void *q, __kernel_size_t size) __RENAME(memmove);
11 extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset);
12 extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat);
13 extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy);
14 extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen);
15 extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat);
16 extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy);
17 #else
18 #define __underlying_memchr __builtin_memchr
19 #define __underlying_memcmp __builtin_memcmp
20 #define __underlying_memcpy __builtin_memcpy
21 #define __underlying_memmove __builtin_memmove
22 #define __underlying_memset __builtin_memset
23 #define __underlying_strcat __builtin_strcat
24 #define __underlying_strcpy __builtin_strcpy
25 #define __underlying_strlen __builtin_strlen
26 #define __underlying_strncat __builtin_strncat
> 27 #define __underlying_strncpy __builtin_strncpy
28 #endif
29
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 29725 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [RFC PATCH 1/1] string.h: Create header for fortified string functions.
2021-01-07 14:51 ` [RFC PATCH 1/1] string.h: " laniel_francis
2021-01-07 16:30 ` kernel test robot
@ 2021-01-07 16:33 ` kernel test robot
1 sibling, 0 replies; 4+ messages in thread
From: kernel test robot @ 2021-01-07 16:33 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 21164 bytes --]
Hi,
[FYI, it's a private test report for your RFC patch.]
[auto build test WARNING on linus/master]
[also build test WARNING on v5.11-rc2 next-20210104]
[cannot apply to linux/master hnaz-linux-mm/master]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/laniel_francis-privacyrequired-com/Create-header-for-fortified-string-functions/20210107-230744
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62
config: x86_64-allyesconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
reproduce (this is a W=1 build):
# https://github.com/0day-ci/linux/commit/81d740d53ef9c7156a507c3782dab9dac21927d3
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review laniel_francis-privacyrequired-com/Create-header-for-fortified-string-functions/20210107-230744
git checkout 81d740d53ef9c7156a507c3782dab9dac21927d3
# save the attached .config to linux build tree
make W=1 ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
In file included from include/linux/string.h:269,
from include/linux/uuid.h:12,
from include/linux/mod_devicetable.h:13,
from scripts/mod/devicetable-offsets.c:3:
include/linux/fortify-string.h: In function 'strlcpy':
>> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
94 | if (len >= p_size)
| ^~
include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
96 | __underlying_memcpy(p, q, len);
| ^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h: In function 'strncat':
include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
160 | if (p_size < p_len + copy_len + 1)
| ^~
include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
162 | __underlying_memcpy(p + p_len, q, copy_len);
| ^~~~~~~~~~~~~~~~~~~
--
In file included from include/linux/string.h:269,
from include/linux/zutil.h:17,
from lib/decompress_inflate.c:21:
include/linux/fortify-string.h: In function 'strlcpy':
>> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
94 | if (len >= p_size)
| ^~
include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
96 | __underlying_memcpy(p, q, len);
| ^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h: In function 'strncat':
include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
160 | if (p_size < p_len + copy_len + 1)
| ^~
include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
162 | __underlying_memcpy(p + p_len, q, copy_len);
| ^~~~~~~~~~~~~~~~~~~
lib/decompress_inflate.c: At top level:
lib/decompress_inflate.c:42:17: warning: no previous prototype for '__gunzip' [-Wmissing-prototypes]
42 | STATIC int INIT __gunzip(unsigned char *buf, long len,
| ^~~~~~~~
--
In file included from include/linux/string.h:269,
from include/linux/bitmap.h:9,
from include/linux/cpumask.h:12,
from arch/x86/include/asm/cpumask.h:5,
from arch/x86/include/asm/msr.h:11,
from arch/x86/include/asm/processor.h:22,
from arch/x86/include/asm/cpufeature.h:5,
from arch/x86/include/asm/thread_info.h:53,
from include/linux/thread_info.h:56,
from arch/x86/include/asm/preempt.h:7,
from include/linux/preempt.h:78,
from include/linux/spinlock.h:51,
from include/linux/wait.h:9,
from include/linux/wait_bit.h:8,
from include/linux/fs.h:6,
from include/linux/decompress/mm.h:72,
from lib/decompress_unlzo.c:28:
include/linux/fortify-string.h: In function 'strlcpy':
>> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
94 | if (len >= p_size)
| ^~
include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
96 | __underlying_memcpy(p, q, len);
| ^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h: In function 'strncat':
include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
160 | if (p_size < p_len + copy_len + 1)
| ^~
include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
162 | __underlying_memcpy(p + p_len, q, copy_len);
| ^~~~~~~~~~~~~~~~~~~
lib/decompress_unlzo.c: In function 'parse_header':
lib/decompress_unlzo.c:46:5: warning: variable 'level' set but not used [-Wunused-but-set-variable]
46 | u8 level = 0;
| ^~~~~
--
In file included from include/linux/string.h:269,
from include/linux/bitmap.h:9,
from include/linux/cpumask.h:12,
from arch/x86/include/asm/cpumask.h:5,
from arch/x86/include/asm/msr.h:11,
from arch/x86/include/asm/processor.h:22,
from arch/x86/include/asm/cpufeature.h:5,
from arch/x86/include/asm/thread_info.h:53,
from include/linux/thread_info.h:56,
from arch/x86/include/asm/preempt.h:7,
from include/linux/preempt.h:78,
from include/linux/spinlock.h:51,
from include/linux/wait.h:9,
from include/linux/wait_bit.h:8,
from include/linux/fs.h:6,
from include/linux/decompress/mm.h:72,
from lib/decompress_unxz.c:107:
include/linux/fortify-string.h: In function 'strlcpy':
>> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
94 | if (len >= p_size)
| ^~
include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
96 | __underlying_memcpy(p, q, len);
| ^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h: In function 'strncat':
include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
160 | if (p_size < p_len + copy_len + 1)
| ^~
include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
162 | __underlying_memcpy(p + p_len, q, copy_len);
| ^~~~~~~~~~~~~~~~~~~
lib/decompress_unxz.c: At top level:
lib/decompress_unxz.c:251:17: warning: no previous prototype for 'unxz' [-Wmissing-prototypes]
251 | STATIC int INIT unxz(unsigned char *in, long in_size,
| ^~~~
--
In file included from include/linux/string.h:269,
from include/linux/bitmap.h:9,
from include/linux/cpumask.h:12,
from arch/x86/include/asm/cpumask.h:5,
from arch/x86/include/asm/msr.h:11,
from arch/x86/include/asm/processor.h:22,
from arch/x86/include/asm/cpufeature.h:5,
from arch/x86/include/asm/thread_info.h:53,
from include/linux/thread_info.h:56,
from arch/x86/include/asm/preempt.h:7,
from include/linux/preempt.h:78,
from include/linux/spinlock.h:51,
from include/linux/wait.h:9,
from include/linux/wait_bit.h:8,
from include/linux/fs.h:6,
from include/linux/decompress/mm.h:72,
from lib/decompress_unzstd.c:78:
include/linux/fortify-string.h: In function 'strlcpy':
>> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
94 | if (len >= p_size)
| ^~
include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
96 | __underlying_memcpy(p, q, len);
| ^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h: In function 'strncat':
include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
160 | if (p_size < p_len + copy_len + 1)
| ^~
include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
162 | __underlying_memcpy(p + p_len, q, copy_len);
| ^~~~~~~~~~~~~~~~~~~
lib/decompress_unzstd.c: At top level:
lib/decompress_unzstd.c:331:17: warning: no previous prototype for 'unzstd' [-Wmissing-prototypes]
331 | STATIC int INIT unzstd(unsigned char *buf, long len,
| ^~~~~~
In file included from lib/decompress_unzstd.c:80:
include/linux/zstd.h:798:21: warning: 'ZSTD_skippableHeaderSize' defined but not used [-Wunused-const-variable=]
798 | static const size_t ZSTD_skippableHeaderSize = 8;
| ^~~~~~~~~~~~~~~~~~~~~~~~
include/linux/zstd.h:796:21: warning: 'ZSTD_frameHeaderSize_max' defined but not used [-Wunused-const-variable=]
796 | static const size_t ZSTD_frameHeaderSize_max = ZSTD_FRAMEHEADERSIZE_MAX;
| ^~~~~~~~~~~~~~~~~~~~~~~~
include/linux/zstd.h:795:21: warning: 'ZSTD_frameHeaderSize_min' defined but not used [-Wunused-const-variable=]
795 | static const size_t ZSTD_frameHeaderSize_min = ZSTD_FRAMEHEADERSIZE_MIN;
| ^~~~~~~~~~~~~~~~~~~~~~~~
include/linux/zstd.h:794:21: warning: 'ZSTD_frameHeaderSize_prefix' defined but not used [-Wunused-const-variable=]
794 | static const size_t ZSTD_frameHeaderSize_prefix = 5;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
--
In file included from include/linux/string.h:269,
from include/linux/bitmap.h:9,
from lib/radix-tree.c:12:
include/linux/fortify-string.h: In function 'strlcpy':
>> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
94 | if (len >= p_size)
| ^~
include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
96 | __underlying_memcpy(p, q, len);
| ^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h: In function 'strncat':
include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
160 | if (p_size < p_len + copy_len + 1)
| ^~
include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
162 | __underlying_memcpy(p + p_len, q, copy_len);
| ^~~~~~~~~~~~~~~~~~~
lib/radix-tree.c: At top level:
lib/radix-tree.c:288:6: warning: no previous prototype for 'radix_tree_node_rcu_free' [-Wmissing-prototypes]
288 | void radix_tree_node_rcu_free(struct rcu_head *head)
| ^~~~~~~~~~~~~~~~~~~~~~~~
--
In file included from include/linux/string.h:269,
from include/linux/bitmap.h:9,
from include/linux/cpumask.h:12,
from include/linux/smp.h:13,
from include/linux/lockdep.h:14,
from include/linux/mutex.h:17,
from include/linux/notifier.h:14,
from include/linux/clk.h:14,
from lib/vsprintf.c:22:
include/linux/fortify-string.h: In function 'strlcpy':
>> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
94 | if (len >= p_size)
| ^~
include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
96 | __underlying_memcpy(p, q, len);
| ^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h: In function 'strncat':
include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
160 | if (p_size < p_len + copy_len + 1)
| ^~
include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
162 | __underlying_memcpy(p + p_len, q, copy_len);
| ^~~~~~~~~~~~~~~~~~~
lib/vsprintf.c: In function 'va_format':
lib/vsprintf.c:1663:2: warning: function 'va_format' might be a candidate for 'gnu_printf' format attribute [-Wsuggest-attribute=format]
1663 | buf += vsnprintf(buf, end > buf ? end - buf : 0, va_fmt->fmt, va);
| ^~~
--
In file included from include/linux/string.h:269,
from include/linux/bitmap.h:9,
from include/linux/cpumask.h:12,
from arch/x86/include/asm/cpumask.h:5,
from arch/x86/include/asm/msr.h:11,
from arch/x86/include/asm/processor.h:22,
from arch/x86/include/asm/cpufeature.h:5,
from arch/x86/include/asm/thread_info.h:53,
from include/linux/thread_info.h:56,
from arch/x86/include/asm/preempt.h:7,
from include/linux/preempt.h:78,
from include/linux/spinlock.h:51,
from include/linux/mmzone.h:8,
from include/linux/gfp.h:6,
from include/linux/mm.h:10,
from include/linux/mman.h:5,
from lib/test_kasan_module.c:10:
include/linux/fortify-string.h: In function 'strlcpy':
>> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
94 | if (len >= p_size)
| ^~
include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
96 | __underlying_memcpy(p, q, len);
| ^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h: In function 'strncat':
include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
160 | if (p_size < p_len + copy_len + 1)
| ^~
include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
162 | __underlying_memcpy(p + p_len, q, copy_len);
| ^~~~~~~~~~~~~~~~~~~
lib/test_kasan_module.c: In function 'copy_user_test':
lib/test_kasan_module.c:25:6: warning: variable 'unused' set but not used [-Wunused-but-set-variable]
25 | int unused;
| ^~~~~~
--
In file included from include/linux/string.h:269,
from include/linux/bitmap.h:9,
from include/linux/cpumask.h:12,
from arch/x86/include/asm/cpumask.h:5,
from arch/x86/include/asm/msr.h:11,
from arch/x86/include/asm/processor.h:22,
from arch/x86/include/asm/timex.h:5,
from include/linux/timex.h:65,
from include/linux/time32.h:13,
from include/linux/time.h:60,
from include/linux/stat.h:19,
from include/linux/module.h:13,
from lib/test_blackhole_dev.c:13:
include/linux/fortify-string.h: In function 'strlcpy':
>> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
94 | if (len >= p_size)
| ^~
include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
96 | __underlying_memcpy(p, q, len);
| ^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h: In function 'strncat':
include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
160 | if (p_size < p_len + copy_len + 1)
| ^~
include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
162 | __underlying_memcpy(p + p_len, q, copy_len);
| ^~~~~~~~~~~~~~~~~~~
lib/test_blackhole_dev.c: In function 'test_blackholedev_init':
lib/test_blackhole_dev.c:32:17: warning: variable 'ethh' set but not used [-Wunused-but-set-variable]
32 | struct ethhdr *ethh;
| ^~~~
--
In file included from include/linux/string.h:269,
from include/linux/bitmap.h:9,
from include/linux/cpumask.h:12,
from arch/x86/include/asm/cpumask.h:5,
from arch/x86/include/asm/msr.h:11,
from arch/x86/include/asm/processor.h:22,
from arch/x86/include/asm/timex.h:5,
from include/linux/timex.h:65,
from include/linux/time32.h:13,
from include/linux/time.h:60,
from include/linux/skbuff.h:15,
from include/linux/ip.h:16,
from net/netfilter/ipvs/ip_vs_proto_tcp.c:20:
include/linux/fortify-string.h: In function 'strlcpy':
>> include/linux/fortify-string.h:94:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
94 | if (len >= p_size)
| ^~
include/linux/fortify-string.h:96:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
96 | __underlying_memcpy(p, q, len);
| ^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h: In function 'strncat':
include/linux/fortify-string.h:160:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
160 | if (p_size < p_len + copy_len + 1)
| ^~
include/linux/fortify-string.h:162:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
162 | __underlying_memcpy(p + p_len, q, copy_len);
| ^~~~~~~~~~~~~~~~~~~
net/netfilter/ipvs/ip_vs_proto_tcp.c: At top level:
net/netfilter/ipvs/ip_vs_proto_tcp.c:147:1: warning: no previous prototype for 'tcp_snat_handler' [-Wmissing-prototypes]
147 | tcp_snat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp,
| ^~~~~~~~~~~~~~~~
..
vim +/if +94 include/linux/fortify-string.h
77
78 /* defined after fortified strlen to reuse it */
79 extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy);
80 __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size)
81 {
82 size_t ret;
83 size_t p_size = __builtin_object_size(p, 1);
84 size_t q_size = __builtin_object_size(q, 1);
85
86 if (p_size == (size_t)-1 && q_size == (size_t)-1)
87 return __real_strlcpy(p, q, size);
88 ret = strlen(q);
89 if (size) {
90 size_t len = (ret >= size) ? size - 1 : ret;
91
92 if (__builtin_constant_p(len) && len >= p_size)
93 __write_overflow();
> 94 if (len >= p_size)
95 fortify_panic(__func__);
96 __underlying_memcpy(p, q, len);
97 p[len] = '\0';
98 }
99 return ret;
100 }
101
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 77759 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-01-07 16:33 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-07 14:51 [RFC PATCH 0/1] Create header for fortified string functions laniel_francis
2021-01-07 14:51 ` [RFC PATCH 1/1] string.h: " laniel_francis
2021-01-07 16:30 ` kernel test robot
2021-01-07 16:33 ` kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.