lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87mseyrv6j.fsf@prevas.dk>
Date: Fri, 07 Feb 2025 09:55:00 +0100
From: Rasmus Villemoes <ravi@...vas.dk>
To: Kees Cook <kees@...nel.org>
Cc: Suren Baghdasaryan <surenb@...gle.com>,  Kent Overstreet
 <kent.overstreet@...ux.dev>,  Andy Shevchenko <andy@...nel.org>,  Luc Van
 Oostenryck <luc.vanoostenryck@...il.com>,  Nathan Chancellor
 <nathan@...nel.org>,  Nick Desaulniers <ndesaulniers@...gle.com>,  Bill
 Wendling <morbo@...gle.com>,  Justin Stitt <justinstitt@...gle.com>,
  Philipp Reisner <philipp.reisner@...bit.com>,  Miguel Ojeda
 <ojeda@...nel.org>,  linux-kernel@...r.kernel.org,
  linux-hardening@...r.kernel.org,  llvm@...ts.linux.dev
Subject: Re: [PATCH 2/3] compiler.h: Introduce __must_be_char_array()

On Thu, Feb 06 2025, Kees Cook <kees@...nel.org> wrote:

> In preparation for adding stricter type checking to the str/mem*()
> helpers, provide a way to check that a variable is a character array
> via __must_be_char_array().
>
> Signed-off-by: Kees Cook <kees@...nel.org>
> ---
>  include/linux/compiler.h | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
> index 7af999a131cb..a577fe0b1f8a 100644
> --- a/include/linux/compiler.h
> +++ b/include/linux/compiler.h
> @@ -221,7 +221,13 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
>  #endif /* __CHECKER__ */
>  
>  /* &a[0] degrades to a pointer: a different type from an array */
> -#define __must_be_array(a)	__BUILD_BUG_ON_ZERO_MSG(__same_type((a), &(a)[0]), "must be array")
> +#define __is_array(a)		(!__same_type((a), &(a)[0]))
> +#define __must_be_array(a)	__BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
> +							"must be array")
> +
> +#define __is_char_array(a)	(__is_array(a) && sizeof((a)[0]) == 1)
> +#define __must_be_char_array(a)	__BUILD_BUG_ON_ZERO_MSG(!__is_char_array(a), \
> +							"must be byte array")
>

It's probably unlikely to ever encounter an array of _Bool or array of
structs-with-a-single-char-member in the wild, but it does seem a bit
odd to base the test on sizeof(). Why not add a

  __is_character_type(t) (__same_type(t, char) ||
                          __same_type(t, signed char) ||
                          __same_type(t, unsigned char) )

helper and write the test using __is_character_type((a)[0])?

Or if you really mean that it must be an array of char, not any of the
three "character types", simply replace the sizeof() by
__same_type(a[0], char)

Rasmus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ