| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jun 2018 17:46:33 +0200
From: Johan Hovold <johan@...nel.org>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: Johan Hovold <johan@...nel.org>,
Viresh Kumar <viresh.kumar@...aro.org>,
Bernd Petrovitsch <bernd@...rovitsch.priv.at>,
"Du, Changbin" <changbin.du@...el.com>, gregkh@...uxfoundation.org,
alex.elder@...aro.org, kbuild test robot <lkp@...el.com>,
linux-arch@...r.kernel.org, michal.lkml@...kovi.net,
linux-kernel@...r.kernel.org, arnd@...db.de,
yamada.masahiro@...ionext.com, lgirdwood@...il.com,
broonie@...nel.org, rdunlap@...radead.org, x86@...nel.org,
linux@...linux.org.uk, linux-sparse@...r.kernel.org,
mingo@...hat.com, kbuild-all@...org, akpm@...ux-foundation.org,
changbin.du@...il.com, tglx@...utronix.de,
linux-kbuild@...r.kernel.org, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v5 2/4] kernel hacking: new config NO_AUTO_INLINE to
disable compiler auto-inline optimizations
On Fri, Jun 08, 2018 at 04:03:55PM -0400, Steven Rostedt wrote:
> On Thu, 7 Jun 2018 11:18:16 +0200
> Johan Hovold <johan@...nel.org> wrote:
>
>
> > If you want to work around the warning and think you can do it in some
> > non-contrived way, then go for it.
> >
> > Clearing the request buffer, checking for termination using strnlen, and
> > then using memcpy might not be too bad.
> >
> > But after all, it is a false positive, so leaving things as they stand
> > is fine too.
>
> Not sure how contrived you think this is, but it solves the warning
> without adding extra work in the normal case.
>
> -- Steve
>
> diff --git a/drivers/staging/greybus/fw-management.c b/drivers/staging/greybus/fw-management.c
> index 71aec14f8181..4fb9f1dff47d 100644
> --- a/drivers/staging/greybus/fw-management.c
> +++ b/drivers/staging/greybus/fw-management.c
> @@ -150,15 +150,18 @@ static int fw_mgmt_load_and_validate_operation(struct fw_mgmt *fw_mgmt,
> }
>
> request.load_method = load_method;
> - strncpy(request.firmware_tag, tag, GB_FIRMWARE_TAG_MAX_SIZE);
> + strncpy(request.firmware_tag, tag, GB_FIRMWARE_TAG_MAX_SIZE - 1);
>
> /*
> * The firmware-tag should be NULL terminated, otherwise throw error and
> * fail.
> */
> - if (request.firmware_tag[GB_FIRMWARE_TAG_MAX_SIZE - 1] != '\0') {
> - dev_err(fw_mgmt->parent, "load-and-validate: firmware-tag is not NULL terminated\n");
> - return -EINVAL;
> + if (request.firmware_tag[GB_FIRMWARE_TAG_MAX_SIZE - 2] != '\0') {
> + if (tag[GB_FIRMWARE_TAG_MAX_SIZE - 1] != '\0') {
> + dev_err(fw_mgmt->parent, "load-and-validate: firmware-tag is not NULL terminated\n");
> + return -EINVAL;
> + }
> + request.firmware_tag[GB_FIRMWARE_TAG_MAX_SIZE - 1] = '\0';
> }
Well, I think it's quite far from obvious what is going on above, and
not least why things are being done this way (which a comment may help
with).
And just NUL-terminating the (automatic) buffer before returning wasn't
enough? Then it may be better to do away with strncpy completely.
But should we really be working around gcc this way? If the
implementation of this new warning isn't smart enough yet, should it not
just be disabled instead?
Thanks,
Johan
Powered by blists - more mailing lists