From: Jani Nikula <jani.nikula@linux.intel.com>
To: Damian Tometzki <damian@riscv-rocks.de>, Kees Cook <kees@kernel.org>
Cc: Zhenyu Wang <zhenyuw@linux.intel.com>,
Zhi Wang <zhi.wang.linux@gmail.com>,
Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
Rodrigo Vivi <rodrigo.vivi@intel.com>,
Tvrtko Ursulin <tursulin@ursulin.net>,
David Airlie <airlied@gmail.com>, Simona Vetter <simona@ffwll.ch>,
intel-gvt-dev@lists.freedesktop.org,
intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] drm/i915/gvt: Add __nonstring annotations for unterminated strings
Date: Mon, 24 Mar 2025 14:54:36 +0200 [thread overview]
Message-ID: <87r02ma8s3.fsf@intel.com> (raw)
In-Reply-To: <01070195c306db7f-9f28efdd-9456-4db3-b6c6-343298bd571b-000000@eu-central-1.amazonses.com>
On Sun, 23 Mar 2025, Damian Tometzki <damian@riscv-rocks.de> wrote:
> On Mon, 10. Mar 15:23, Kees Cook wrote:
>> When a character array without a terminating NUL character has a static
>> initializer, GCC 15's -Wunterminated-string-initialization will only
>> warn if the array lacks the "nonstring" attribute[1]. Mark the arrays
>> with __nonstring to and correctly identify the char array as "not a C
>> string" and thereby eliminate the warning.
>>
>> Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117178 [1]
>> Cc: Zhenyu Wang <zhenyuw@linux.intel.com>
>> Cc: Zhi Wang <zhi.wang.linux@gmail.com>
>> Cc: Jani Nikula <jani.nikula@linux.intel.com>
>> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
>> Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
>> Cc: Tvrtko Ursulin <tursulin@ursulin.net>
>> Cc: David Airlie <airlied@gmail.com>
>> Cc: Simona Vetter <simona@ffwll.ch>
>> Cc: intel-gvt-dev@lists.freedesktop.org
>> Cc: intel-gfx@lists.freedesktop.org
>> Cc: dri-devel@lists.freedesktop.org
>> Signed-off-by: Kees Cook <kees@kernel.org>
>> ---
>> drivers/gpu/drm/i915/gvt/opregion.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/i915/gvt/opregion.c b/drivers/gpu/drm/i915/gvt/opregion.c
>> index 509f9ccae3a9..f701638d3145 100644
>> --- a/drivers/gpu/drm/i915/gvt/opregion.c
>> +++ b/drivers/gpu/drm/i915/gvt/opregion.c
>> @@ -43,7 +43,7 @@
>> #define DEVICE_TYPE_EFP4 0x10
>>
>> struct opregion_header {
>> - u8 signature[16];
>> + u8 signature[16] __nonstring;
Why would this annotation be needed? It's not treated as a string
anywhere, and it's u8 not char.
>> u32 size;
>> u32 opregion_ver;
>> u8 bios_ver[32];
>> @@ -222,7 +222,7 @@ int intel_vgpu_init_opregion(struct intel_vgpu *vgpu)
>> u8 *buf;
>> struct opregion_header *header;
>> struct vbt v;
>> - const char opregion_signature[16] = OPREGION_SIGNATURE;
>> + const char opregion_signature[16] __nonstring = OPREGION_SIGNATURE;
>>
>> gvt_dbg_core("init vgpu%d opregion\n", vgpu->id);
>> vgpu_opregion(vgpu)->va = (void *)__get_free_pages(GFP_KERNEL |
>> --
>> 2.34.1
>>
> Hello together,
>
> it doesnt resolve the build issue with gcc15 gcc (GCC) 15.0.1 20250228
>
> CC [M] drivers/gpu/drm/i915/gvt/scheduler.o
> /home/damian/kernel/linux/drivers/gpu/drm/i915/gvt/opregion.c: In function ‘intel_vgpu_init_opregion’:
> /home/damian/kernel/linux/drivers/gpu/drm/i915/gvt/opregion.c:35:28: error: initializer-string for array of ‘char’ is too long [-Werror=unterminated-string-initialization]
> 35 | #define OPREGION_SIGNATURE "IntelGraphicsMem"
> | ^~~~~~~~~~~~~~~~~~
> /home/damian/kernel/linux/drivers/gpu/drm/i915/gvt/opregion.c:225:57: note: in expansion of macro ‘OPREGION_SIGNATURE’
> 225 | const char opregion_signature[16] __nonstring = OPREGION_SIGNATURE;
> | ^~~~~~~~~~~~~~~~~~
> CC [M] drivers/gpu/drm/i915/gvt/trace_points.o
> cc1: all warnings being treated as errors
> make[7]: *** [/home/damian/kernel/linux/scripts/Makefile.build:207: drivers/gpu/drm/i915/gvt/opregion.o] Error 1
> make[7]: *** Waiting for unfinished jobs....
> CC [M] drivers/gpu/drm/i915/gvt/vgpu.o
> make[6]: *** [/home/damian/kernel/linux/scripts/Makefile.build:465: drivers/gpu/drm/i915] Error 2
> make[5]: *** [/home/damian/kernel/linux/s
What about this?
IMO it's anyway good practice to use sizeof(dest) rather than
sizeof(src) for memcpy.
diff --git a/drivers/gpu/drm/i915/gvt/opregion.c b/drivers/gpu/drm/i915/gvt/opregion.c
index 509f9ccae3a9..dbad4d853d3a 100644
--- a/drivers/gpu/drm/i915/gvt/opregion.c
+++ b/drivers/gpu/drm/i915/gvt/opregion.c
@@ -222,7 +222,6 @@ int intel_vgpu_init_opregion(struct intel_vgpu *vgpu)
u8 *buf;
struct opregion_header *header;
struct vbt v;
- const char opregion_signature[16] = OPREGION_SIGNATURE;
gvt_dbg_core("init vgpu%d opregion\n", vgpu->id);
vgpu_opregion(vgpu)->va = (void *)__get_free_pages(GFP_KERNEL |
@@ -236,8 +235,10 @@ int intel_vgpu_init_opregion(struct intel_vgpu *vgpu)
/* emulated opregion with VBT mailbox only */
buf = (u8 *)vgpu_opregion(vgpu)->va;
header = (struct opregion_header *)buf;
- memcpy(header->signature, opregion_signature,
- sizeof(opregion_signature));
+
+ static_assert(sizeof(header->signature) == sizeof(OPREGION_SIGNATURE) - 1);
+ memcpy(header->signature, OPREGION_SIGNATURE, sizeof(header->signature));
+
header->size = 0x8;
header->opregion_ver = 0x02000000;
header->mboxes = MBOX_VBT;
--
Jani Nikula, Intel
next prev parent reply other threads:[~2025-03-24 12:54 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-10 22:23 [PATCH] drm/i915/gvt: Add __nonstring annotations for unterminated strings Kees Cook
2025-03-10 23:31 ` ✓ i915.CI.BAT: success for " Patchwork
2025-03-23 12:42 ` [PATCH] " Damian Tometzki
2025-03-24 12:54 ` Jani Nikula [this message]
2025-03-24 21:19 ` Nicolas Chauvet
2025-03-25 19:22 ` Damian Tometzki
2025-03-25 19:25 ` Kees Cook
2025-03-31 14:51 ` Thorsten Leemhuis
2025-04-01 8:46 ` Jani Nikula
2025-04-01 9:28 ` Thorsten Leemhuis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r02ma8s3.fsf@intel.com \
--to=jani.nikula@linux.intel.com \
--cc=airlied@gmail.com \
--cc=damian@riscv-rocks.de \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=intel-gvt-dev@lists.freedesktop.org \
--cc=joonas.lahtinen@linux.intel.com \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rodrigo.vivi@intel.com \
--cc=simona@ffwll.ch \
--cc=tursulin@ursulin.net \
--cc=zhenyuw@linux.intel.com \
--cc=zhi.wang.linux@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.