| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260204214832.238f159b@pumpkin>
Date: Wed, 4 Feb 2026 21:48:32 +0000
From: David Laight <david.laight.linux@...il.com>
To: Arnd Bergmann <arnd@...nel.org>
Cc: Steven Rostedt <rostedt@...dmis.org>, Masami Hiramatsu
<mhiramat@...nel.org>, Anna Schumaker <anna.schumaker@...cle.com>, Jeff
Layton <jlayton@...nel.org>, Chuck Lever <chuck.lever@...cle.com>, Simon
Horman <horms@...nel.org>, Arnd Bergmann <arnd@...db.de>, Mathieu Desnoyers
<mathieu.desnoyers@...icios.com>, Andrew Morton
<akpm@...ux-foundation.org>, Andy Shevchenko
<andriy.shevchenko@...ux.intel.com>, Yury Norov <ynorov@...dia.com>, Randy
Dunlap <rdunlap@...radead.org>, linux-kernel@...r.kernel.org,
linux-trace-kernel@...r.kernel.org
Subject: Re: [PATCH] [v2] tracing: move __printf() attribute on
__ftrace_vbprintk()
On Tue, 3 Feb 2026 17:45:29 +0100
Arnd Bergmann <arnd@...nel.org> wrote:
> From: Arnd Bergmann <arnd@...db.de>
>
> The sunrpc change to use trace_printk() for debugging caused
> a new warning for every instance of dprintk() in some configurations,
> when -Wformat-security is enabled:
>
> fs/nfs/getroot.c: In function 'nfs_get_root':
> fs/nfs/getroot.c:90:17: error: format not a string literal and no format arguments [-Werror=format-security]
> 90 | nfs_errorf(fc, "NFS: Couldn't getattr on root");
>
> I've been slowly chipping away at those warnings over time with the
> intention of enabling them by default in the future. While I could not
> figure out why this only happens for this one instance, I see that the
> __trace_bprintk() function is always called with a local variable as
> the format string, rather than a literal.
>
> Move the __printf(2,3) annotation on this function from the declaration
> to the caller. As this is can only be validated for literals, the
^ definition ?
David
> attribute on the declaration causes the warnings every time, but
> removing it entirely introduces a new warning on the __ftrace_vbprintk()
> definition.
>
> The format strings still get checked because the underlying literal keeps
> getting passed into __trace_printk() in the "else" branch, which is not
> taken but still evaluated for compile-time warnings.
>
> Fixes: ec7d8e68ef0e ("sunrpc: add a Kconfig option to redirect dfprintk() output to trace buffer")
> Acked-by: Jeff Layton <jlayton@...nel.org>
> Acked-by: Steven Rostedt (Google) <rostedt@...dmis.org>
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
> v2: included fix for regression reported by kernel test robot <lkp@...el.com>
> ---
> include/linux/trace_printk.h | 1 -
> kernel/trace/trace_printk.c | 1 +
> 2 files changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/linux/trace_printk.h b/include/linux/trace_printk.h
> index bb5874097f24..2670ec7f4262 100644
> --- a/include/linux/trace_printk.h
> +++ b/include/linux/trace_printk.h
> @@ -107,7 +107,6 @@ do { \
> __trace_printk(_THIS_IP_, fmt, ##args); \
> } while (0)
>
> -extern __printf(2, 3)
> int __trace_bprintk(unsigned long ip, const char *fmt, ...);
>
> extern __printf(2, 3)
> diff --git a/kernel/trace/trace_printk.c b/kernel/trace/trace_printk.c
> index 29f6e95439b6..48c085fcae7a 100644
> --- a/kernel/trace/trace_printk.c
> +++ b/kernel/trace/trace_printk.c
> @@ -197,6 +197,7 @@ struct notifier_block module_trace_bprintk_format_nb = {
> .notifier_call = module_trace_bprintk_format_notify,
> };
>
> +__printf(2, 3)
> int __trace_bprintk(unsigned long ip, const char *fmt, ...)
> {
> int ret;
Powered by blists - more mailing lists