lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180801175433.GA25298@gmail.com>
Date:   Wed, 1 Aug 2018 19:54:33 +0200
From:   Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
To:     Ingo Molnar <mingo@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>
Cc:     Ingo Molnar <mingo@...nel.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Kees Cook <keescook@...omium.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Geert Uytterhoeven <geert@...ux-m68k.org>,
        Will Deacon <will.deacon@....com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        David Rientjes <rientjes@...gle.com>,
        Martin Sebor <msebor@...il.com>, Arnd Bergmann <arnd@...db.de>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: [PATCH v2 1/2] Support the nonstring variable attribute (gcc >= 8)

>From the GCC manual:

The nonstring variable attribute specifies that an object or member
declaration with type array of char or pointer to char is intended to
store character arrays that do not necessarily contain a terminating NUL
character. This is useful in detecting uses of such arrays or pointers
with functions that expect NUL-terminated strings, and to avoid warnings
when such an array or pointer is used as an argument to a bounded string
manipulation function such as strncpy.

  https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html

Some reports are already coming to the LKML regarding these
warnings. When they are false positives, like this one

  https://lkml.org/lkml/2018/1/16/135

we can use __nonstring to let gcc know a NUL character is not required.

Cc: Ingo Molnar <mingo@...nel.org>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Kees Cook <keescook@...omium.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: Will Deacon <will.deacon@....com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: David Rientjes <rientjes@...gle.com>
Cc: Martin Sebor <msebor@...il.com>
Cc: Arnd Bergmann <arnd@...db.de>
Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
---
Re-sending this since a few months have passed, Martin has improved
GCC's feature and warnings are appearing in Geert's build bot.
Added an example in the second patch as requested by David.

 include/linux/compiler-gcc.h   | 14 ++++++++++++++
 include/linux/compiler_types.h |  4 ++++
 2 files changed, 18 insertions(+)

diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index 573f5a7d42d4..fab4e904f1fe 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -343,6 +343,20 @@
 #define __designated_init __attribute__((designated_init))
 #endif
 
+#if GCC_VERSION >= 80000
+/*
+ * The nonstring variable attribute specifies that an object or member
+ * declaration with type array of char or pointer to char is intended
+ * to store character arrays that do not necessarily contain a terminating
+ * NUL character. This is useful in detecting uses of such arrays or pointers
+ * with functions that expect NUL-terminated strings, and to avoid warnings
+ * when such an array or pointer is used as an argument to a bounded string
+ * manipulation function such as strncpy.
+ * https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html
+ */
+#define __nonstring __attribute__((nonstring))
+#endif
+
 #endif	/* gcc version >= 40000 specific checks */
 
 #if !defined(__noclone)
diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index a8ba6b04152c..9c07be36e86a 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -289,4 +289,8 @@ struct ftrace_likely_data {
 #define __diag_error(compiler, version, option, comment) \
 	__diag_ ## compiler(version, error, option)
 
+#ifndef __nonstring
+# define __nonstring
+#endif
+
 #endif /* __LINUX_COMPILER_TYPES_H */
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ