| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250207131305.0fe9622d@pumpkin> Date: Fri, 7 Feb 2025 13:13:05 +0000 From: David Laight <david.laight.linux@...il.com> To: Rasmus Villemoes <ravi@...vas.dk> Cc: Kees Cook <kees@...nel.org>, Suren Baghdasaryan <surenb@...gle.com>, Kent Overstreet <kent.overstreet@...ux.dev>, Andy Shevchenko <andy@...nel.org>, Luc Van Oostenryck <luc.vanoostenryck@...il.com>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, Philipp Reisner <philipp.reisner@...bit.com>, Miguel Ojeda <ojeda@...nel.org>, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org, llvm@...ts.linux.dev Subject: Re: [PATCH 2/3] compiler.h: Introduce __must_be_char_array() On Fri, 07 Feb 2025 09:55:00 +0100 Rasmus Villemoes <ravi@...vas.dk> wrote: > On Thu, Feb 06 2025, Kees Cook <kees@...nel.org> wrote: > > > In preparation for adding stricter type checking to the str/mem*() > > helpers, provide a way to check that a variable is a character array > > via __must_be_char_array(). > > > > Signed-off-by: Kees Cook <kees@...nel.org> > > --- > > include/linux/compiler.h | 8 +++++++- > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/include/linux/compiler.h b/include/linux/compiler.h > > index 7af999a131cb..a577fe0b1f8a 100644 > > --- a/include/linux/compiler.h > > +++ b/include/linux/compiler.h > > @@ -221,7 +221,13 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val, > > #endif /* __CHECKER__ */ > > > > /* &a[0] degrades to a pointer: a different type from an array */ > > -#define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(__same_type((a), &(a)[0]), "must be array") > > +#define __is_array(a) (!__same_type((a), &(a)[0])) > > +#define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \ > > + "must be array") > > + > > +#define __is_char_array(a) (__is_array(a) && sizeof((a)[0]) == 1) > > +#define __must_be_char_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_char_array(a), \ > > + "must be byte array") > > > > It's probably unlikely to ever encounter an array of _Bool or array of > structs-with-a-single-char-member in the wild, but it does seem a bit > odd to base the test on sizeof(). Why not add a > > __is_character_type(t) (__same_type(t, char) || > __same_type(t, signed char) || > __same_type(t, unsigned char) ) > > helper and write the test using __is_character_type((a)[0])? > > Or if you really mean that it must be an array of char, not any of the > three "character types", simply replace the sizeof() by > __same_type(a[0], char) I'm not sure it matters enough to slow down the compilation by that much cpp bloat. David
Powered by blists - more mailing lists