From: Kees Cook <kees@kernel.org>
To: Suren Baghdasaryan <surenb@google.com>
Cc: Kees Cook <kees@kernel.org>, kernel test robot <lkp@intel.com>,
Kent Overstreet <kent.overstreet@linux.dev>,
nathan@kernel.org, Andy Shevchenko <andy@kernel.org>,
linux-hardening@vger.kernel.org,
Luc Van Oostenryck <luc.vanoostenryck@gmail.com>,
Nick Desaulniers <ndesaulniers@google.com>,
Bill Wendling <morbo@google.com>,
Justin Stitt <justinstitt@google.com>,
Philipp Reisner <philipp.reisner@linbit.com>,
Miguel Ojeda <ojeda@kernel.org>,
linux-kernel@vger.kernel.org, llvm@lists.linux.dev
Subject: [PATCH 3/3] string.h: Use ARRAY_SIZE() for memtostr*()/strtomem*()
Date: Thu, 6 Feb 2025 10:11:30 -0800 [thread overview]
Message-ID: <20250206181133.3450635-3-kees@kernel.org> (raw)
In-Reply-To: <20250206175216.work.225-kees@kernel.org>
The destination argument of memtostr*() and strtomem*() must be a
fixed-size char array at compile time, so there is no need to use
__builtin_object_size() (which is useful for when an argument is
either a pointer or unknown). Instead use ARRAY_SIZE(), which has the
benefit of working around a bug in Clang (fixed[1] in 15+) that got
__builtin_object_size() wrong sometimes.
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202501310832.kiAeOt2z-lkp@intel.com/
Suggested-by: Kent Overstreet <kent.overstreet@linux.dev>
Link: https://github.com/llvm/llvm-project/commit/d8e0a6d5e9dd2311641f9a8a5d2bf90829951ddc [1]
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: nathan@kernel.org
Cc: Andy Shevchenko <andy@kernel.org>
Cc: linux-hardening@vger.kernel.org
---
include/linux/string.h | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/include/linux/string.h b/include/linux/string.h
index 493ac4862c77..01ac26be274d 100644
--- a/include/linux/string.h
+++ b/include/linux/string.h
@@ -411,7 +411,8 @@ void memcpy_and_pad(void *dest, size_t dest_len, const void *src, size_t count,
* must be discoverable by the compiler.
*/
#define strtomem_pad(dest, src, pad) do { \
- const size_t _dest_len = __builtin_object_size(dest, 1); \
+ const size_t _dest_len = __must_be_char_array(dest) + \
+ ARRAY_SIZE(dest); \
const size_t _src_len = __builtin_object_size(src, 1); \
\
BUILD_BUG_ON(!__builtin_constant_p(_dest_len) || \
@@ -434,7 +435,8 @@ void memcpy_and_pad(void *dest, size_t dest_len, const void *src, size_t count,
* must be discoverable by the compiler.
*/
#define strtomem(dest, src) do { \
- const size_t _dest_len = __builtin_object_size(dest, 1); \
+ const size_t _dest_len = __must_be_char_array(dest) + \
+ ARRAY_SIZE(dest); \
const size_t _src_len = __builtin_object_size(src, 1); \
\
BUILD_BUG_ON(!__builtin_constant_p(_dest_len) || \
@@ -453,7 +455,8 @@ void memcpy_and_pad(void *dest, size_t dest_len, const void *src, size_t count,
* Note that sizes of @dest and @src must be known at compile-time.
*/
#define memtostr(dest, src) do { \
- const size_t _dest_len = __builtin_object_size(dest, 1); \
+ const size_t _dest_len = __must_be_char_array(dest) + \
+ ARRAY_SIZE(dest); \
const size_t _src_len = __builtin_object_size(src, 1); \
const size_t _src_chars = strnlen(src, _src_len); \
const size_t _copy_len = min(_dest_len - 1, _src_chars); \
@@ -478,7 +481,8 @@ void memcpy_and_pad(void *dest, size_t dest_len, const void *src, size_t count,
* Note that sizes of @dest and @src must be known at compile-time.
*/
#define memtostr_pad(dest, src) do { \
- const size_t _dest_len = __builtin_object_size(dest, 1); \
+ const size_t _dest_len = __must_be_char_array(dest) + \
+ ARRAY_SIZE(dest); \
const size_t _src_len = __builtin_object_size(src, 1); \
const size_t _src_chars = strnlen(src, _src_len); \
const size_t _copy_len = min(_dest_len - 1, _src_chars); \
--
2.34.1
next prev parent reply other threads:[~2025-02-06 18:11 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-06 18:11 [PATCH 0/3] string.h: Use ARRAY_SIZE() for memtostr*()/strtomem*() Kees Cook
2025-02-06 18:11 ` [PATCH 1/3] compiler.h: Move C string helpers into C-only kernel section Kees Cook
2025-02-06 20:07 ` Miguel Ojeda
2025-02-06 21:28 ` Kees Cook
2025-02-06 18:11 ` [PATCH 2/3] compiler.h: Introduce __must_be_char_array() Kees Cook
2025-02-06 19:56 ` David Laight
2025-02-06 21:34 ` Kees Cook
2025-02-06 20:50 ` Kent Overstreet
2025-02-06 21:26 ` Kees Cook
2025-02-07 8:55 ` Rasmus Villemoes
2025-02-07 13:13 ` David Laight
2025-02-07 13:58 ` Kent Overstreet
2025-02-06 18:11 ` Kees Cook [this message]
2025-02-06 18:41 ` [PATCH 0/3] string.h: Use ARRAY_SIZE() for memtostr*()/strtomem*() Andy Shevchenko
2025-02-06 18:44 ` Miguel Ojeda
2025-02-06 18:45 ` Andy Shevchenko
2025-02-06 18:52 ` Kees Cook
2025-02-06 19:12 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250206181133.3450635-3-kees@kernel.org \
--to=kees@kernel.org \
--cc=andy@kernel.org \
--cc=justinstitt@google.com \
--cc=kent.overstreet@linux.dev \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=llvm@lists.linux.dev \
--cc=luc.vanoostenryck@gmail.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=ojeda@kernel.org \
--cc=philipp.reisner@linbit.com \
--cc=surenb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.