lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20260204132643.1302967-1-arnd@kernel.org>
Date: Wed,  4 Feb 2026 14:26:23 +0100
From: Arnd Bergmann <arnd@...nel.org>
To: Kees Cook <kees@...nel.org>,
	Petr Mladek <pmladek@...e.com>,
	Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc: Arnd Bergmann <arnd@...db.de>,
	kernel test robot <lkp@...el.com>,
	Alexei Starovoitov <alexei.starovoitov@...il.com>,
	Andy Shevchenko <andy@...nel.org>,
	Alexei Starovoitov <ast@...nel.org>,
	Bartosz Golaszewski <brgl@...nel.org>,
	linux-kernel@...r.kernel.org,
	linux-hardening@...r.kernel.org,
	bpf@...r.kernel.org
Subject: [PATCH] vsnprintf: drop __printf() attributes on binary printing functions

From: Arnd Bergmann <arnd@...db.de>

The printf() format attributes are applied inconsistently for the binary
printf helpers, which causes warnings for the bpf_trace code using
them from functions that pass down format strings:

    kernel/trace/bpf_trace.c: In function '____bpf_trace_printk':
    kernel/trace/bpf_trace.c:377:9: error: function '____bpf_trace_printk' might be a candidate for 'gnu_printf' format attribute [-Werror=suggest-attribute=format]
      377 |         ret = bstr_printf(data.buf, MAX_BPRINTF_BUF, fmt, data.bin_args);
          |         ^~~

This can be addressed either by annotating all five callers in bpf code,
or by removing the annotations on the callees that were added by Andy
Shevchenko last year.

As Alexei Starovoitov points out, there are no callers in C code that
would benefit from the __printf attributes, the only users are in BPF
code or in the do_trace_printk() helper that already checks the arguments.

Drop all three of these annotations, reverting the earlierl commits that
added these, in order to get a clean build with -Wsuggest-attribute=format.

Fixes: 6b2c1e30ad68 ("seq_file: Mark binary printing functions with __printf() attribute")
Fixes: 7bf819aa992f ("vsnprintf: Mark binary printing functions with __printf() attribute")
Link: https://lore.kernel.org/all/CAADnVQK3eZp3yp35OUx8j1UBsQFhgsn5-4VReqAJ=68PaaKYmg@mail.gmail.com/
Closes: https://lore.kernel.org/oe-kbuild-all/202512061640.9hKTnB8p-lkp@intel.com/
Reported-by: kernel test robot <lkp@...el.com>
Suggested-by: Alexei Starovoitov <alexei.starovoitov@...il.com>
Acked-by: Alexei Starovoitov <alexei.starovoitov@...il.com>
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
For reference, three additional patches are required before we can drop
the Makefile.warn line that currently hides these warnings:

https://lore.kernel.org/lkml/20260203162546.2254900-1-arnd@kernel.org/
https://lore.kernel.org/lkml/20260203163440.2674340-1-arnd@kernel.org/
https://lore.kernel.org/lkml/20260203164545.3174910-1-arnd@kernel.org/

Tested using randconfig builds on arm/arm64/x86
---
 include/linux/seq_file.h | 1 -
 include/linux/string.h   | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h
index d6ebf0596510..2fb266ea69fa 100644
--- a/include/linux/seq_file.h
+++ b/include/linux/seq_file.h
@@ -181,7 +181,6 @@ int seq_open_private(struct file *, const struct seq_operations *, int);
 int seq_release_private(struct inode *, struct file *);
 
 #ifdef CONFIG_BINARY_PRINTF
-__printf(2, 0)
 void seq_bprintf(struct seq_file *m, const char *f, const u32 *binary);
 #endif
 
diff --git a/include/linux/string.h b/include/linux/string.h
index 1b564c36d721..b850bd91b3d8 100644
--- a/include/linux/string.h
+++ b/include/linux/string.h
@@ -336,8 +336,8 @@ int __sysfs_match_string(const char * const *array, size_t n, const char *s);
 #define sysfs_match_string(_a, _s) __sysfs_match_string(_a, ARRAY_SIZE(_a), _s)
 
 #ifdef CONFIG_BINARY_PRINTF
-__printf(3, 0) int vbin_printf(u32 *bin_buf, size_t size, const char *fmt, va_list args);
-__printf(3, 0) int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf);
+int vbin_printf(u32 *bin_buf, size_t size, const char *fmt, va_list args);
+int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf);
 #endif
 
 extern ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos,
-- 
2.39.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ