[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180217191035.gol4woxsgzpo4bfq@gmail.com>
Date: Sat, 17 Feb 2018 20:10:35 +0100
From: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
To: mingo@...nel.org, jpoimboe@...hat.com, keescook@...omium.org,
akpm@...ux-foundation.org, tglx@...utronix.de,
geert@...ux-m68k.org, gregkh@...uxfoundation.org,
thomas.lendacky@....com, rientjes@...gle.com, will.deacon@....com,
linux-kernel@...r.kernel.org
Subject: [PATCH] Support the nonstring variable attribute (gcc >= 8)
>From the GCC manual:
The nonstring variable attribute specifies that an object or member
declaration with type array of char or pointer to char is intended to
store character arrays that do not necessarily contain a terminating NUL
character. This is useful in detecting uses of such arrays or pointers
with functions that expect NUL-terminated strings, and to avoid warnings
when such an array or pointer is used as an argument to a bounded string
manipulation function such as strncpy.
https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html
Some reports are already coming to the LKML regarding these
warnings. When they are false positives, we can use __nonstring to let
gcc know a NUL character is not required; like in this case:
https://lkml.org/lkml/2018/1/16/135
Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
Cc: Ingo Molnar <mingo@...nel.org>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Kees Cook <keescook@...omium.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: Will Deacon <will.deacon@....com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: David Rientjes <rientjes@...gle.com>
---
Another option is using -Wno-stringop-truncation, but it remains to be
seen how useful the new warning will be. We can try to keep it for the
moment until the real bugs and false positives are dealt with and see if
it is worth it.
At least in the reported case at drivers/auxdisplay, using __nonstring
is enough and it can actually replace a comment that was there about the
non-stringness of the char arrays that gcc complained about.
See https://godbolt.org/g/dydPah to play with the warning in this case.
include/linux/compiler-gcc.h | 14 ++++++++++++++
include/linux/compiler_types.h | 4 ++++
2 files changed, 18 insertions(+)
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index 73bc63e0a1c4..6a9784c0c7f3 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -317,6 +317,20 @@
#define __designated_init __attribute__((designated_init))
#endif
+#if GCC_VERSION >= 80000
+/*
+ * The nonstring variable attribute specifies that an object or member
+ * declaration with type array of char or pointer to char is intended
+ * to store character arrays that do not necessarily contain a terminating
+ * NUL character. This is useful in detecting uses of such arrays or pointers
+ * with functions that expect NUL-terminated strings, and to avoid warnings
+ * when such an array or pointer is used as an argument to a bounded string
+ * manipulation function such as strncpy.
+ * https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html
+ */
+#define __nonstring __attribute__((nonstring))
+#endif
+
#endif /* gcc version >= 40000 specific checks */
#if !defined(__noclone)
diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index 6b79a9bba9a7..654dd3114052 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -271,4 +271,8 @@ struct ftrace_likely_data {
# define __native_word(t) (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long))
#endif
+#ifndef __nonstring
+# define __nonstring
+#endif
+
#endif /* __LINUX_COMPILER_TYPES_H */
--
2.14.1
Powered by blists - more mailing lists