* -Wfortify-source in kernel/printk/printk.c
@ 2020-01-30 2:16 Nathan Chancellor
2020-01-30 5:17 ` Sergey Senozhatsky
0 siblings, 1 reply; 4+ messages in thread
From: Nathan Chancellor @ 2020-01-30 2:16 UTC (permalink / raw)
To: Petr Mladek, Sergey Senozhatsky
Cc: Steven Rostedt, linux-kernel, clang-built-linux
Hi all,
After commit 6d485ff455e ("Improve static checks for sprintf and
__builtin___sprintf_chk") in clang [1], the following warning appears
when CONFIG_PRINTK is disabled (e.g. allnoconfig):
../kernel/printk/printk.c:2416:10: warning: 'sprintf' will always
overflow; destination buffer has size 0, but format string expands
to at least 33 [-Wfortify-source]
len = sprintf(text,
^
1 warning generated.
Specifically referring to
https://elixir.bootlin.com/linux/v5.5/source/kernel/printk/printk.c#L2416.
It isn't wrong, given that when CONFIG_PRINTK is disabled, text's length
is 0 (LOG_LINE_MAX and PREFIX_MAX are both zero). How should this
warning be dealt this? I am not familiar enough with the printk code to
say myself.
[1]: https://github.com/llvm/llvm-project/commit/6d485ff455ea2b37fef9e06e426dae6c1241b231
Cheers,
Nathan
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: -Wfortify-source in kernel/printk/printk.c
2020-01-30 2:16 -Wfortify-source in kernel/printk/printk.c Nathan Chancellor
@ 2020-01-30 5:17 ` Sergey Senozhatsky
2020-01-30 6:39 ` Joe Perches
0 siblings, 1 reply; 4+ messages in thread
From: Sergey Senozhatsky @ 2020-01-30 5:17 UTC (permalink / raw)
To: Nathan Chancellor
Cc: Petr Mladek, Sergey Senozhatsky, Steven Rostedt, linux-kernel,
clang-built-linux
On (20/01/29 19:16), Nathan Chancellor wrote:
> Hi all,
>
> After commit 6d485ff455e ("Improve static checks for sprintf and
> __builtin___sprintf_chk") in clang [1], the following warning appears
> when CONFIG_PRINTK is disabled (e.g. allnoconfig):
>
> ../kernel/printk/printk.c:2416:10: warning: 'sprintf' will always
> overflow; destination buffer has size 0, but format string expands
> to at least 33 [-Wfortify-source]
> len = sprintf(text,
> ^
> 1 warning generated.
>
> Specifically referring to
> https://elixir.bootlin.com/linux/v5.5/source/kernel/printk/printk.c#L2416.
Good catch.
> It isn't wrong, given that when CONFIG_PRINTK is disabled, text's length
> is 0 (LOG_LINE_MAX and PREFIX_MAX are both zero). How should this
> warning be dealt this? I am not familiar enough with the printk code to
> say myself.
It's not wrong.
Unless I'm missing something completely obvious: with disabled printk()
we don't have any functions that can append messages to the logbuf, hence
we can't overflow it. So the error in question should never trigger.
- Normal printk() is void, so kernel cannot append messages;
- dev_printk() is void, so drivers cannot append messages and dicts;
- devkmsg_write() is void, so user space cannot write to logbuf.
So I think we should never trigger that overflow (assuming that I
didn't miss something) message.
In any case feel free to submit a patch - switch it to snprintf().
-ss
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: -Wfortify-source in kernel/printk/printk.c
2020-01-30 5:17 ` Sergey Senozhatsky
@ 2020-01-30 6:39 ` Joe Perches
2020-01-30 6:57 ` Sergey Senozhatsky
0 siblings, 1 reply; 4+ messages in thread
From: Joe Perches @ 2020-01-30 6:39 UTC (permalink / raw)
To: Sergey Senozhatsky, Nathan Chancellor
Cc: Petr Mladek, Sergey Senozhatsky, Steven Rostedt, linux-kernel,
clang-built-linux
On Thu, 2020-01-30 at 14:17 +0900, Sergey Senozhatsky wrote:
> On (20/01/29 19:16), Nathan Chancellor wrote:
> > Hi all,
> >
> > After commit 6d485ff455e ("Improve static checks for sprintf and
> > __builtin___sprintf_chk") in clang [1], the following warning appears
> > when CONFIG_PRINTK is disabled (e.g. allnoconfig):
> >
> > ../kernel/printk/printk.c:2416:10: warning: 'sprintf' will always
> > overflow; destination buffer has size 0, but format string expands
> > to at least 33 [-Wfortify-source]
> > len = sprintf(text,
> > ^
> > 1 warning generated.
> >
> > Specifically referring to
> > https://elixir.bootlin.com/linux/v5.5/source/kernel/printk/printk.c#L2416.
>
> Good catch.
>
> > It isn't wrong, given that when CONFIG_PRINTK is disabled, text's length
> > is 0 (LOG_LINE_MAX and PREFIX_MAX are both zero). How should this
> > warning be dealt this? I am not familiar enough with the printk code to
> > say myself.
>
> It's not wrong.
>
> Unless I'm missing something completely obvious: with disabled printk()
> we don't have any functions that can append messages to the logbuf, hence
> we can't overflow it. So the error in question should never trigger.
>
> - Normal printk() is void, so kernel cannot append messages;
> - dev_printk() is void, so drivers cannot append messages and dicts;
> - devkmsg_write() is void, so user space cannot write to logbuf.
>
> So I think we should never trigger that overflow (assuming that I
> didn't miss something) message.
>
> In any case feel free to submit a patch - switch it to snprintf().
and/or make the code depend on CONFIG_PRINTK
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: -Wfortify-source in kernel/printk/printk.c
2020-01-30 6:39 ` Joe Perches
@ 2020-01-30 6:57 ` Sergey Senozhatsky
0 siblings, 0 replies; 4+ messages in thread
From: Sergey Senozhatsky @ 2020-01-30 6:57 UTC (permalink / raw)
To: Joe Perches
Cc: Sergey Senozhatsky, Nathan Chancellor, Petr Mladek,
Sergey Senozhatsky, Steven Rostedt, linux-kernel,
clang-built-linux
On (20/01/29 22:39), Joe Perches wrote:
> > > It isn't wrong, given that when CONFIG_PRINTK is disabled, text's length
> > > is 0 (LOG_LINE_MAX and PREFIX_MAX are both zero). How should this
> > > warning be dealt this? I am not familiar enough with the printk code to
> > > say myself.
> >
> > It's not wrong.
> >
> > Unless I'm missing something completely obvious: with disabled printk()
> > we don't have any functions that can append messages to the logbuf, hence
> > we can't overflow it. So the error in question should never trigger.
> >
> > - Normal printk() is void, so kernel cannot append messages;
> > - dev_printk() is void, so drivers cannot append messages and dicts;
> > - devkmsg_write() is void, so user space cannot write to logbuf.
> >
> > So I think we should never trigger that overflow (assuming that I
> > didn't miss something) message.
> >
> > In any case feel free to submit a patch - switch it to snprintf().
>
> and/or make the code depend on CONFIG_PRINTK
console_unlock() still needs to at least up() the console semaphore.
We don't have printk(), but the tty subsystem is still there and serial
consoles and definitely still up and running. So... maybe we can have
two versions of console_unlock().
-ss
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-01-30 6:57 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-30 2:16 -Wfortify-source in kernel/printk/printk.c Nathan Chancellor
2020-01-30 5:17 ` Sergey Senozhatsky
2020-01-30 6:39 ` Joe Perches
2020-01-30 6:57 ` Sergey Senozhatsky
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).