lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180410224624.psyo7vsy4qjplh3j@gmail.com>
Date:   Tue, 10 Apr 2018 12:46:24 -1000
From:   Joey Pabalinas <joeypabalinas@...il.com>
To:     linux-sparse@...r.kernel.org
Cc:     Kees Cook <keescook@...omium.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Martin Uecker <Martin.Uecker@....uni-goettingen.de>,
        Al Viro <viro@...IV.linux.org.uk>,
        Christopher Li <sparse@...isli.org>,
        Joey Pabalinas <joeypabalinas@...il.com>,
        Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: [PATCH v4] sparse: add -Wpointer-arith flag to toggle sizeof(void)
 warnings

Recent changes to the min()/max() macros in include/linux/kernel.h
have added a lot of noise when compiling the kernel with Sparse checking
enabled. This mostly is due to the *huge* increase in the number of
sizeof(void) warnings, a larger number of which can safely be ignored.

Add the -Wpointer-arith flag to enable/disable these warnings (along
with the warning when applying sizeof to function types as well as
warning about pointer arithmetic on these types exactly like the
GCC -Wpointer-arith flag) on demand; the warning itself has been disabled
by default to reduce the large influx of noise which was inadvertently
added by commit 3c8ba0d61d04ced9f8 (kernel.h: Retain constant expression
output for max()/min()).

Update the manpage to document the new flag and add a validation case
for sizeof(void).

CC: Kees Cook <keescook@...omium.org>
CC: Linus Torvalds <torvalds@...ux-foundation.org>
CC: Martin Uecker <Martin.Uecker@....uni-goettingen.de>
CC: Al Viro <viro@...IV.linux.org.uk>
CC: Christopher Li <sparse@...isli.org>
CC: Joey Pabalinas <joeypabalinas@...il.com>
CC: Luc Van Oostenryck <luc.vanoostenryck@...il.com>
Signed-off-by: Joey Pabalinas <joeypabalinas@...il.com>
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@...il.com>

 5 files changed, 64 insertions(+), 2 deletions(-)

diff --git a/evaluate.c b/evaluate.c
index b96696d3a51396800a..8f07d08cf5b494f8f0 100644
--- a/evaluate.c
+++ b/evaluate.c
@@ -2169,7 +2169,8 @@ static struct symbol *evaluate_sizeof(struct expression *expr)
 	size = type->bit_size;
 
 	if (size < 0 && is_void_type(type)) {
-		warning(expr->pos, "expression using sizeof(void)");
+		if (Wpointer_arith)
+			warning(expr->pos, "expression using sizeof(void)");
 		size = bits_in_char;
 	}
 
@@ -2180,7 +2181,8 @@ static struct symbol *evaluate_sizeof(struct expression *expr)
 	}
 
 	if (is_function(type->ctype.base_type)) {
-		warning(expr->pos, "expression using sizeof on a function");
+		if (Wpointer_arith)
+			warning(expr->pos, "expression using sizeof on a function");
 		size = bits_in_char;
 	}
 
diff --git a/lib.c b/lib.c
index 645132a892107512a1..0caee38a996cd0fa4c 100644
--- a/lib.c
+++ b/lib.c
@@ -241,6 +241,7 @@ int Woverride_init = 1;
 int Woverride_init_all = 0;
 int Woverride_init_whole_range = 0;
 int Wparen_string = 0;
+int Wpointer_arith = 0;
 int Wptr_subtraction_blows = 0;
 int Wreturn_void = 0;
 int Wshadow = 0;
@@ -536,6 +537,7 @@ static const struct warning {
 	{ "return-void", &Wreturn_void },
 	{ "shadow", &Wshadow },
 	{ "sizeof-bool", &Wsizeof_bool },
+	{ "pointer-arith", &Wpointer_arith },
 	{ "sparse-error", &Wsparse_error },
 	{ "tautological-compare", &Wtautological_compare },
 	{ "transparent-union", &Wtransparent_union },
diff --git a/lib.h b/lib.h
index a9b70b07686801305c..98e20d3830d9059acb 100644
--- a/lib.h
+++ b/lib.h
@@ -134,6 +134,7 @@ extern int Woverride_init;
 extern int Woverride_init_all;
 extern int Woverride_init_whole_range;
 extern int Wparen_string;
+extern int Wpointer_arith;
 extern int Wptr_subtraction_blows;
 extern int Wreturn_void;
 extern int Wshadow;
diff --git a/sparse.1 b/sparse.1
index e183204de623efd022..3bd5f1cb11309e65b8 100644
--- a/sparse.1
+++ b/sparse.1
@@ -282,6 +282,19 @@ Standard C syntax does not permit a parenthesized string as an array
 initializer.  GCC allows this syntax as an extension.  With
 \fB\-Wparen\-string\fR, Sparse will warn about this syntax.
 
+Sparse does not issue these warnings by default.
+.
+.TP
+.B \-Wpointer\-arith
+Warn about anything that depends on the \fBsizeof\fR a void or function type.
+
+C99 does not allow the \fBsizeof\fR operator to be applied to function types
+or to incomplete types such as void. GCC allows \fBsizeof\fR to be applied to
+these types as an extension and assigns these types a size of \fI1\fR. With
+\fB\-pointer\-arith\fR, Sparse will warn about pointer arithmetic on void
+or function pointers, as well as expressions which directly apply the
+\fBsizeof\fR operator to void or function types.
+
 Sparse does not issue these warnings by default.
 .
 .TP
diff --git a/validation/sizeof-void.c b/validation/sizeof-void.c
new file mode 100644
index 000000000000000000..0fd917a21fb296a95d
--- /dev/null
+++ b/validation/sizeof-void.c
@@ -0,0 +1,44 @@
+#define is_constexpr(x) \
+	(sizeof(int) == sizeof(*(8 ? ((void *)((long)(x) * 0l)) : (int *)8)))
+
+static int test(void)
+{
+	unsigned int s = 0, i = 0;
+	void *ptr = &i;
+
+	// OK
+	s += sizeof i;
+	s += sizeof &i;
+	s += sizeof ptr;
+	s += sizeof &ptr;
+
+	// KO
+	s += sizeof(void);
+	s += sizeof *ptr;
+	s += is_constexpr(ptr++);
+	s += is_constexpr((i++, 1));
+	s += is_constexpr(sizeof *ptr);
+	s += is_constexpr(ptr + 1);
+	s += is_constexpr(&ptr + 1);
+	s += is_constexpr(*(((char *)&ptr) + 1));
+
+	return s;
+}
+
+/*
+ * check-name: sizeof(void) is valid
+ * check-description: sizeof(void) was rejected because void is an incomplete
+ * type
+ * check-command: sparse -Wpointer-arith $file
+ *
+ * check-error-start
+sizeof-void.c:16:14: warning: expression using sizeof(void)
+sizeof-void.c:17:14: warning: expression using sizeof(void)
+sizeof-void.c:18:14: warning: expression using sizeof(void)
+sizeof-void.c:19:14: warning: expression using sizeof(void)
+sizeof-void.c:20:14: warning: expression using sizeof(void)
+sizeof-void.c:21:14: warning: expression using sizeof(void)
+sizeof-void.c:22:14: warning: expression using sizeof(void)
+sizeof-void.c:23:14: warning: expression using sizeof(void)
+ * check-error-end
+ */
-- 
2.17.0.rc1.35.g90bbd502d54fe92035.dirty


Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ