From: Sami Tolvanen <samitolvanen@google.com>
To: Daniel Gomez <da.gomez@kernel.org>
Cc: "Dan Carpenter" <dan.carpenter@linaro.org>,
"Luck, Tony" <tony.luck@intel.com>,
"Chris Li" <sparse@chrisli.org>,
"Eric Biggers" <ebiggers@kernel.org>,
"Kees Cook" <kees@kernel.org>,
"Luis Chamberlain" <mcgrof@kernel.org>,
"Rusty Russell" <rusty@rustcorp.com.au>,
"Petr Pavlu" <petr.pavlu@suse.com>,
"linux-modules@vger.kernel.org" <linux-modules@vger.kernel.org>,
"Malcolm Priestley" <tvboxspy@gmail.com>,
"Mauro Carvalho Chehab" <mchehab@kernel.org>,
"Hans Verkuil" <hverkuil@kernel.org>,
"Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-media@vger.kernel.org" <linux-media@vger.kernel.org>,
"linux-hardening@vger.kernel.org"
<linux-hardening@vger.kernel.org>
Subject: Re: [PATCH 3/3] module: Add compile-time check for embedded NUL characters
Date: Thu, 11 Dec 2025 17:51:01 +0000 [thread overview]
Message-ID: <20251211175101.GA3405942@google.com> (raw)
In-Reply-To: <083ebd92-4b3f-47f8-bf0f-395a604b5f05@kernel.org>
On Fri, Dec 12, 2025 at 02:30:48AM +0900, Daniel Gomez wrote:
>
>
> On 12/12/2025 02.03, Sami Tolvanen wrote:
> > On Thu, Dec 11, 2025 at 12:28 AM Dan Carpenter <dan.carpenter@linaro.org> wrote:
> >>
> >> On Wed, Dec 10, 2025 at 02:29:45PM -0800, Luck, Tony wrote:
> >>>> diff --git a/expand.c b/expand.c
> >>>> index f14e7181..71221d35 100644
> >>>> --- a/expand.c
> >>>> +++ b/expand.c
> >>>> @@ -535,6 +535,8 @@ static int expand_compare(struct expression *expr)
> >>>> expr->taint = 0;
> >>>> return 0;
> >>>> }
> >>>> + if (left->flags & CEF_ICE && right->flags & CEF_ICE)
> >>>> + expr->flags |= CEF_SET_ICE;
> >>>> if (simplify_cmp_binop(expr, left->ctype))
> >>>> return 0;
> >>>> if (simplify_float_cmp(expr, left->ctype))
> >>
> >> I'm not an expert in the C standard, but this feels correct to me.
> >
> > It only fixes comparisons though, the problem still exists for other
> > expressions. For example, while `_Static_assert(__builtin_strlen("")
> > == 0);` works with this change,
> > `_Static_assert(!__builtin_strlen(""));` still fails. Perhaps there's
> > a better way to fix this than changing each expression expansion
> > function to handle this flag?
>
> Maybe the flag fix just needs to be applied to the evaluation? Other op
> structs do the same. But Dan's patch did not implement evaluate. E.g.:
>
> static struct symbol_op constant_p_op = {
> .evaluate = evaluate_to_int_const_expr,
> .expand = expand_constant_p
> };
Nice catch! This seems to fix the issue for me:
diff --git a/builtin.c b/builtin.c
index 9149c43d..7573abf8 100644
--- a/builtin.c
+++ b/builtin.c
@@ -616,6 +616,7 @@ static int expand_strlen(struct expression *expr, int cost)
}
static struct symbol_op strlen_op = {
+ .evaluate = evaluate_to_int_const_expr,
.expand = expand_strlen,
};
I wonder if there are any other __builtin_* functions that need this too?
Looks like __builtin_object_size doesn't have this either.
Sami
next prev parent reply other threads:[~2025-12-11 17:51 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-08 3:59 [PATCH 0/3] module: Add compile-time check for embedded NUL characters Kees Cook
2025-10-08 3:59 ` [PATCH 1/3] media: dvb-usb-v2: lmedm04: Fix firmware macro definitions Kees Cook
2025-10-08 6:24 ` Hans Verkuil
2025-10-08 3:59 ` [PATCH 2/3] media: radio: si470x: Fix DRIVER_AUTHOR macro definition Kees Cook
2025-10-08 6:24 ` Hans Verkuil
2025-10-08 3:59 ` [PATCH 3/3] module: Add compile-time check for embedded NUL characters Kees Cook
2025-10-08 9:55 ` Petr Pavlu
2025-12-08 21:05 ` Luck, Tony
2025-12-09 0:11 ` Eric Biggers
2025-12-09 8:18 ` Daniel Gomez
2025-12-09 16:20 ` Luck, Tony
2025-12-09 16:45 ` Luck, Tony
2025-12-09 18:29 ` Luck, Tony
2025-12-10 1:00 ` Sami Tolvanen
2025-12-10 22:29 ` Luck, Tony
2025-12-11 8:28 ` Dan Carpenter
2025-12-11 17:03 ` Sami Tolvanen
2025-12-11 17:30 ` Daniel Gomez
2025-12-11 17:51 ` Sami Tolvanen [this message]
2025-10-08 6:27 ` [PATCH 0/3] " Hans Verkuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251211175101.GA3405942@google.com \
--to=samitolvanen@google.com \
--cc=da.gomez@kernel.org \
--cc=dan.carpenter@linaro.org \
--cc=ebiggers@kernel.org \
--cc=hverkuil@kernel.org \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mchehab@kernel.org \
--cc=petr.pavlu@suse.com \
--cc=rusty@rustcorp.com.au \
--cc=sparse@chrisli.org \
--cc=tony.luck@intel.com \
--cc=tvboxspy@gmail.com \
--cc=u.kleine-koenig@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).