From: Kees Cook <kees@kernel.org>
To: Xie Yuanbin <xieyuanbin1@huawei.com>
Cc: maddy@linux.ibm.com, mpe@ellerman.id.au, npiggin@gmail.com,
chleroy@kernel.org, andy@kernel.org,
linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org, lilinjie8@huawei.com,
liaohua4@huawei.com
Subject: Re: [PATCH 2/2] powerpc/text-patching: Fix possible stringop-overread compilation error
Date: Fri, 6 Feb 2026 10:26:47 -0800 [thread overview]
Message-ID: <202602061024.111ED487@keescook> (raw)
In-Reply-To: <20260205100517.292858-2-xieyuanbin1@huawei.com>
On Thu, Feb 05, 2026 at 06:05:17PM +0800, Xie Yuanbin wrote:
> For strnlen(), if the compiler detects that the maxlen argument exceeds
> the valid memory size of the input string object, a compilation error may
> occur.
>
> For lastest linux-next source, changing ppc_kallsyms_lookup_name() to
> __always_inline, using default ppc64_defconfig, and setting
> CONFIG_EXPERT=y, CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2=n,
> CONFIG_CC_OPTIMIZE_FOR_SIZE=y. Then, when using gcc-15 for compilation,
> the following error will be triggered:
> ```log
> CC arch/powerpc/kernel/optprobes.o
> In file included from ./arch/powerpc/include/asm/kprobes.h:24,
> from ./include/linux/kprobes.h:31,
> from arch/powerpc/kernel/optprobes.c:8:
> In function ‘ppc_kallsyms_lookup_name’,
> inlined from ‘arch_prepare_optimized_kprobe’ at arch/powerpc/kernel/optprobes.c:209:21:
> ./arch/powerpc/include/asm/text-patching.h:232:13: error: ‘strnlen’ specified bound 512 exceeds source size 19 [-Werror=stringop-overread]
> 232 | if (strnlen(name, KSYM_NAME_LEN) >= KSYM_NAME_LEN)
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In function ‘ppc_kallsyms_lookup_name’,
> inlined from ‘arch_prepare_optimized_kprobe’ at arch/powerpc/kernel/optprobes.c:210:22:
> ./arch/powerpc/include/asm/text-patching.h:232:13: error: ‘strnlen’ specified bound 512 exceeds source size 13 [-Werror=stringop-overread]
> 232 | if (strnlen(name, KSYM_NAME_LEN) >= KSYM_NAME_LEN)
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
> ```
>
> Refer to the implementation of fortify's strnlen(). If the string length
> is a compile-time constant, do not call the strnlen() function.
>
> Signed-off-by: Xie Yuanbin <xieyuanbin1@huawei.com>
> ---
> arch/powerpc/include/asm/text-patching.h | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/include/asm/text-patching.h b/arch/powerpc/include/asm/text-patching.h
> index e7f14720f630..ce1b2131980a 100644
> --- a/arch/powerpc/include/asm/text-patching.h
> +++ b/arch/powerpc/include/asm/text-patching.h
> @@ -228,8 +228,13 @@ static inline unsigned long ppc_kallsyms_lookup_name(const char *name)
> /* check for dot variant */
> char dot_name[1 + KSYM_NAME_LEN];
> bool dot_appended = false;
> + size_t n_len = __compiletime_strlen(name);
> + const size_t n_size = __member_size(name);
>
> - if (strnlen(name, KSYM_NAME_LEN) >= KSYM_NAME_LEN)
> + if (n_len == SIZE_MAX || KSYM_NAME_LEN < n_size)
> + n_len = strnlen(name, KSYM_NAME_LEN);
> +
> + if (n_len >= KSYM_NAME_LEN)
> return 0;
Isn't it possible to do this and not need __compiletime_strlen at all?
n_len = strnlen(name, min(__member_size(name), KSYM_NAME_LEN));
?
>
> if (name[0] != '.') {
> --
> 2.51.0
>
--
Kees Cook
next prev parent reply other threads:[~2026-02-06 18:26 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-05 10:05 [PATCH 1/2] string: move __compiletime_strlen() to string.h Xie Yuanbin
2026-02-05 10:05 ` [PATCH 2/2] powerpc/text-patching: Fix possible stringop-overread compilation error Xie Yuanbin
2026-02-05 16:40 ` Andy Shevchenko
2026-02-06 11:14 ` Xie Yuanbin
2026-02-06 18:26 ` Kees Cook [this message]
2026-02-06 19:53 ` Christophe Leroy (CS GROUP)
2026-02-09 13:25 ` Xie Yuanbin
2026-02-09 13:41 ` Christophe Leroy (CS GROUP)
2026-02-09 14:11 ` Xie Yuanbin
2026-04-30 7:28 ` Xie Yuanbin
2026-04-30 9:41 ` Christophe Leroy (CS GROUP)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202602061024.111ED487@keescook \
--to=kees@kernel.org \
--cc=andy@kernel.org \
--cc=chleroy@kernel.org \
--cc=liaohua4@huawei.com \
--cc=lilinjie8@huawei.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.ibm.com \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=xieyuanbin1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.