From: Kees Cook <keescook@chromium.org>
To: Guenter Roeck <linux@roeck-us.net>
Cc: Hardware Monitoring <linux-hwmon@vger.kernel.org>,
Jean Delvare <jdelvare@suse.com>, Ingo Molnar <mingo@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH] hwmon: (lm90) Fix error return value from detect function
Date: Tue, 9 Aug 2022 15:24:04 -0700 [thread overview]
Message-ID: <202208091519.254D27B08E@keescook> (raw)
In-Reply-To: <20220808101504.1933123-1-linux@roeck-us.net>
On Mon, Aug 08, 2022 at 03:15:04AM -0700, Guenter Roeck wrote:
> lm90_detect_nuvoton() is supposed to return NULL if it can not detect
> a chip, or a pointer to the chip name if it does. Under some circumstances
> it returns an error pointer instead. Some versions of gcc interpret an
> ERR_PTR as region of size 0 and generate an error message.
>
> In function ‘__fortify_strlen’,
> inlined from ‘strlcpy’ at ./include/linux/fortify-string.h:159:10,
> inlined from ‘lm90_detect’ at drivers/hwmon/lm90.c:2550:2:
> ./include/linux/fortify-string.h:50:33: error:
> ‘__builtin_strlen’ reading 1 or more bytes from a region of size 0
> 50 | #define __underlying_strlen __builtin_strlen
> | ^
> ./include/linux/fortify-string.h:141:24: note:
> in expansion of macro ‘__underlying_strlen’
> 141 | return __underlying_strlen(p);
> | ^~~~~~~~~~~~~~~~~~~
>
> Returning NULL instead of ERR_PTR() fixes the problem.
>
> Fixes: c7cebce984a2 ("hwmon: (lm90) Rework detect function")
> Reported-by: Ingo Molnar <mingo@kernel.org>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Signed-off-by: Guenter Roeck <linux@roeck-us.net>
> ---
> It is interesting that some versions of gcc interpret an ERR_PTR this way.
> It did find a real bug, though the error message is quite confusing.
> Would it be possible to enhance the fortify functions to detect a constant
> ERR_PTR at compile time ? I think that might be quite useful.
Yeah, that should be possible. I suspect something like this might work:
BUILD_BUG_ON(__builtin_constant_p(src) && IS_ERR_VALUE(src));
BUILD_BUG_ON(__builtin_constant_p(dst) && IS_ERR_VALUE(dst));
Though I'm not sure how it'd play with GCC value range checker.
--
Kees Cook
next prev parent reply other threads:[~2022-08-09 22:24 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-08 10:15 [PATCH] hwmon: (lm90) Fix error return value from detect function Guenter Roeck
2022-08-08 10:57 ` Ingo Molnar
2022-08-09 22:24 ` Kees Cook [this message]
2022-08-09 22:39 ` Kees Cook
2022-08-10 13:20 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202208091519.254D27B08E@keescook \
--to=keescook@chromium.org \
--cc=jdelvare@suse.com \
--cc=linux-hwmon@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=mingo@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.