From: Kees Cook <kees@kernel.org>
To: Luis Chamberlain <mcgrof@kernel.org>
Cc: "Kees Cook" <kees@kernel.org>,
"Malcolm Priestley" <tvboxspy@gmail.com>,
"Mauro Carvalho Chehab" <mchehab@kernel.org>,
"Hans Verkuil" <hverkuil@kernel.org>,
"Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>,
"Rusty Russell" <rusty@rustcorp.com.au>,
"Petr Pavlu" <petr.pavlu@suse.com>,
"Daniel Gomez" <da.gomez@kernel.org>,
"Sami Tolvanen" <samitolvanen@google.com>,
linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
linux-modules@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH 0/3] module: Add compile-time check for embedded NUL characters
Date: Tue, 7 Oct 2025 20:59:32 -0700 [thread overview]
Message-ID: <20251008033844.work.801-kees@kernel.org> (raw)
Hi,
A long time ago we had an issue with embedded NUL bytes in MODULE_INFO
strings[1]. While this stands out pretty strongly when you look at the
code, and we can't do anything about a binary module that just plain lies,
we never actually implemented the trivial compile-time check needed to
detect it.
Add this check (and fix 2 instances of needless trailing semicolons that
this change exposed).
Note that these patches were produced as part of another LLM exercise.
This time I wanted to try "what happens if I ask an LLM to go read
a specific LWN article and write a patch based on a discussion?" It
pretty effortlessly chose and implemented a suggested solution, tested
the change, and fixed new build warnings in the process.
Since this was a relatively short session, here's an overview of the
prompts involved as I guided it through a clean change and tried to see
how it would reason about static_assert vs _Static_assert. (It wanted
to use what was most common, not what was the current style -- we may
want to update the comment above the static_assert macro to suggest
using _Static_assert directly these days...)
I want to fix a weakness in the module info strings. Read about it
here: https://lwn.net/Articles/82305/
Since it's only "info" that we need to check, can you reduce the checks
to just that instead of all the other stuff?
I think the change to the comment is redundent, and that should be
in a commit log instead. Let's just keep the change to the static assert.
Is "static_assert" the idiomatic way to use a static assert in this
code base? I've seen _Static_assert used sometimes.
What's the difference between the two?
Does Linux use C11 by default now?
Then let's not use the wrapper any more.
Do an "allmodconfig all -s" build to verify this works for all modules
in the kernel.
Thanks!
-Kees
[1] https://lwn.net/Articles/82305/
Kees Cook (3):
media: dvb-usb-v2: lmedm04: Fix firmware macro definitions
media: radio: si470x: Fix DRIVER_AUTHOR macro definition
module: Add compile-time check for embedded NUL characters
include/linux/moduleparam.h | 3 +++
drivers/media/radio/si470x/radio-si470x-i2c.c | 2 +-
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 ++++++------
3 files changed, 10 insertions(+), 7 deletions(-)
--
2.34.1
next reply other threads:[~2025-10-08 3:59 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-08 3:59 Kees Cook [this message]
2025-10-08 3:59 ` [PATCH 1/3] media: dvb-usb-v2: lmedm04: Fix firmware macro definitions Kees Cook
2025-10-08 6:24 ` Hans Verkuil
2025-10-08 3:59 ` [PATCH 2/3] media: radio: si470x: Fix DRIVER_AUTHOR macro definition Kees Cook
2025-10-08 6:24 ` Hans Verkuil
2025-10-08 3:59 ` [PATCH 3/3] module: Add compile-time check for embedded NUL characters Kees Cook
2025-10-08 9:55 ` Petr Pavlu
2025-12-08 21:05 ` Luck, Tony
2025-12-09 0:11 ` Eric Biggers
2025-12-09 8:18 ` Daniel Gomez
2025-12-09 16:20 ` Luck, Tony
2025-12-09 16:45 ` Luck, Tony
2025-12-09 18:29 ` Luck, Tony
2025-12-10 1:00 ` Sami Tolvanen
2025-12-10 22:29 ` Luck, Tony
2025-12-11 8:28 ` Dan Carpenter
2025-12-11 17:03 ` Sami Tolvanen
2025-12-11 17:30 ` Daniel Gomez
2025-12-11 17:51 ` Sami Tolvanen
2025-12-19 12:45 ` Dan Carpenter
2025-12-19 16:21 ` Luck, Tony
2026-01-08 8:49 ` Andy Shevchenko
2026-02-18 6:50 ` Dmitry Torokhov
2026-02-19 17:04 ` Chris Li
2025-10-08 6:27 ` [PATCH 0/3] " Hans Verkuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251008033844.work.801-kees@kernel.org \
--to=kees@kernel.org \
--cc=da.gomez@kernel.org \
--cc=hverkuil@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mchehab@kernel.org \
--cc=petr.pavlu@suse.com \
--cc=rusty@rustcorp.com.au \
--cc=samitolvanen@google.com \
--cc=tvboxspy@gmail.com \
--cc=u.kleine-koenig@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.