From: Kees Cook <kees@kernel.org>
To: Jakub Kicinski <kuba@kernel.org>
Cc: "Jason A . Donenfeld" <Jason@zx2c4.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
wireguard@lists.zx2c4.com, netdev@vger.kernel.org,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Jack Wang <jinpu.wang@cloud.ionos.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH] wireguard: noise: Add __nonstring annotations for unterminated strings
Date: Tue, 11 Mar 2025 15:30:07 -0700 [thread overview]
Message-ID: <202503111520.CF7527A@keescook> (raw)
In-Reply-To: <20250311111927.06120773@kernel.org>
On Tue, Mar 11, 2025 at 11:19:27AM +0100, Jakub Kicinski wrote:
> On Mon, 10 Mar 2025 15:22:50 -0700 Kees Cook wrote:
> > When a character array without a terminating NUL character has a static
> > initializer, GCC 15's -Wunterminated-string-initialization will only
> > warn if the array lacks the "nonstring" attribute[1]. Mark the arrays
> > with __nonstring to and correctly identify the char array as "not a C
> > string" and thereby eliminate the warning.
>
> Hi! Would marking all of u8 as non-string not be an option? How many
> of such warnings do we have in the tree? Feel free to point me to a
> previous conversation.
*thread merge*
On Mon, Mar 10, 2025 at 06:38:01PM -0400, James Bottomley wrote[1]:
> This looks a bit suboptimal ... is there anywhere in the kernel u8[] is
> actually used for real strings? In which case it would seem the better
> place to put the annotation is in the typedef for u8 arrays.
So both of you asked basically same question, and I think the simple answer
is "no we can't mark u8 as nonstring". The use of u8 has become
synonymous with "char" for a long while now, and it's gotten even more
common after we made char unsigned by default.
The number of warning sources is pretty small. I think I have identified
and proposed fixes most of them already[2]. ACPICA needs an upstream
change, which I've submitted[3]. And ACPI needed multidimensional
nonstring annotation support, which had the last needed bit added to GCC
today[4], and I've proposed support for it in the kernel[5]. With 4 and 5
ready, I can send the final patch, which is basically just this (and
actually accounts for the vast majority of warnings emitted):
-static const char table_sigs[][ACPI_NAMESEG_SIZE] __initconst = {
+static const char table_sigs[][ACPI_NAMESEG_SIZE] __nonstring_array __initconst = {
-Kees
[1] https://lore.kernel.org/lkml/98ca3727d65a418e403b03f6b17341dbcb192764.camel@HansenPartnership.com/
[2] https://lore.kernel.org/lkml/?q=f%3AKees+%22-Wunterminated-string-initialization%22
[3] https://github.com/acpica/acpica/pull/1006
[4] https://github.com/gcc-mirror/gcc/commit/afb46540d3921e96c4cd7ba8fa2c8b0901759455
[5] https://lore.kernel.org/lkml/20250310214244.work.194-kees@kernel.org/
--
Kees Cook
prev parent reply other threads:[~2025-03-11 22:30 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-10 22:22 [PATCH] wireguard: noise: Add __nonstring annotations for unterminated strings Kees Cook
2025-03-11 10:19 ` Jakub Kicinski
2025-03-11 22:30 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202503111520.CF7527A@keescook \
--to=kees@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=Jason@zx2c4.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jinpu.wang@cloud.ionos.com \
--cc=kuba@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.