From: Sami Tolvanen <samitolvanen@google.com>
To: Daniel Gomez <da.gomez@kernel.org>
Cc: "Dan Carpenter" <dan.carpenter@linaro.org>,
"Luck, Tony" <tony.luck@intel.com>,
"Chris Li" <sparse@chrisli.org>,
"Eric Biggers" <ebiggers@kernel.org>,
"Kees Cook" <kees@kernel.org>,
"Luis Chamberlain" <mcgrof@kernel.org>,
"Rusty Russell" <rusty@rustcorp.com.au>,
"Petr Pavlu" <petr.pavlu@suse.com>,
"linux-modules@vger.kernel.org" <linux-modules@vger.kernel.org>,
"Malcolm Priestley" <tvboxspy@gmail.com>,
"Mauro Carvalho Chehab" <mchehab@kernel.org>,
"Hans Verkuil" <hverkuil@kernel.org>,
"Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-media@vger.kernel.org" <linux-media@vger.kernel.org>,
"linux-hardening@vger.kernel.org"
<linux-hardening@vger.kernel.org>
Subject: Re: [PATCH 3/3] module: Add compile-time check for embedded NUL characters
Date: Thu, 11 Dec 2025 17:51:01 +0000 [thread overview]
Message-ID: <20251211175101.GA3405942@google.com> (raw)
In-Reply-To: <083ebd92-4b3f-47f8-bf0f-395a604b5f05@kernel.org>
On Fri, Dec 12, 2025 at 02:30:48AM +0900, Daniel Gomez wrote:
>
>
> On 12/12/2025 02.03, Sami Tolvanen wrote:
> > On Thu, Dec 11, 2025 at 12:28 AM Dan Carpenter <dan.carpenter@linaro.org> wrote:
> >>
> >> On Wed, Dec 10, 2025 at 02:29:45PM -0800, Luck, Tony wrote:
> >>>> diff --git a/expand.c b/expand.c
> >>>> index f14e7181..71221d35 100644
> >>>> --- a/expand.c
> >>>> +++ b/expand.c
> >>>> @@ -535,6 +535,8 @@ static int expand_compare(struct expression *expr)
> >>>> expr->taint = 0;
> >>>> return 0;
> >>>> }
> >>>> + if (left->flags & CEF_ICE && right->flags & CEF_ICE)
> >>>> + expr->flags |= CEF_SET_ICE;
> >>>> if (simplify_cmp_binop(expr, left->ctype))
> >>>> return 0;
> >>>> if (simplify_float_cmp(expr, left->ctype))
> >>
> >> I'm not an expert in the C standard, but this feels correct to me.
> >
> > It only fixes comparisons though, the problem still exists for other
> > expressions. For example, while `_Static_assert(__builtin_strlen("")
> > == 0);` works with this change,
> > `_Static_assert(!__builtin_strlen(""));` still fails. Perhaps there's
> > a better way to fix this than changing each expression expansion
> > function to handle this flag?
>
> Maybe the flag fix just needs to be applied to the evaluation? Other op
> structs do the same. But Dan's patch did not implement evaluate. E.g.:
>
> static struct symbol_op constant_p_op = {
> .evaluate = evaluate_to_int_const_expr,
> .expand = expand_constant_p
> };
Nice catch! This seems to fix the issue for me:
diff --git a/builtin.c b/builtin.c
index 9149c43d..7573abf8 100644
--- a/builtin.c
+++ b/builtin.c
@@ -616,6 +616,7 @@ static int expand_strlen(struct expression *expr, int cost)
}
static struct symbol_op strlen_op = {
+ .evaluate = evaluate_to_int_const_expr,
.expand = expand_strlen,
};
I wonder if there are any other __builtin_* functions that need this too?
Looks like __builtin_object_size doesn't have this either.
Sami
next prev parent reply other threads:[~2025-12-11 17:51 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-08 3:59 [PATCH 0/3] module: Add compile-time check for embedded NUL characters Kees Cook
2025-10-08 3:59 ` [PATCH 1/3] media: dvb-usb-v2: lmedm04: Fix firmware macro definitions Kees Cook
2025-10-08 6:24 ` Hans Verkuil
2025-10-08 3:59 ` [PATCH 2/3] media: radio: si470x: Fix DRIVER_AUTHOR macro definition Kees Cook
2025-10-08 6:24 ` Hans Verkuil
2025-10-08 3:59 ` [PATCH 3/3] module: Add compile-time check for embedded NUL characters Kees Cook
2025-10-08 9:55 ` Petr Pavlu
2025-12-08 21:05 ` Luck, Tony
2025-12-09 0:11 ` Eric Biggers
2025-12-09 8:18 ` Daniel Gomez
2025-12-09 16:20 ` Luck, Tony
2025-12-09 16:45 ` Luck, Tony
2025-12-09 18:29 ` Luck, Tony
2025-12-10 1:00 ` Sami Tolvanen
2025-12-10 22:29 ` Luck, Tony
2025-12-11 8:28 ` Dan Carpenter
2025-12-11 17:03 ` Sami Tolvanen
2025-12-11 17:30 ` Daniel Gomez
2025-12-11 17:51 ` Sami Tolvanen [this message]
2025-12-19 12:45 ` Dan Carpenter
2025-12-19 16:21 ` Luck, Tony
2026-01-08 8:49 ` Andy Shevchenko
2026-02-18 6:50 ` Dmitry Torokhov
2026-02-19 17:04 ` Chris Li
2025-10-08 6:27 ` [PATCH 0/3] " Hans Verkuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251211175101.GA3405942@google.com \
--to=samitolvanen@google.com \
--cc=da.gomez@kernel.org \
--cc=dan.carpenter@linaro.org \
--cc=ebiggers@kernel.org \
--cc=hverkuil@kernel.org \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mchehab@kernel.org \
--cc=petr.pavlu@suse.com \
--cc=rusty@rustcorp.com.au \
--cc=sparse@chrisli.org \
--cc=tony.luck@intel.com \
--cc=tvboxspy@gmail.com \
--cc=u.kleine-koenig@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.