From: "Christophe Leroy (CS GROUP)" <chleroy@kernel.org>
To: Kees Cook <kees@kernel.org>, Xie Yuanbin <xieyuanbin1@huawei.com>
Cc: maddy@linux.ibm.com, mpe@ellerman.id.au, npiggin@gmail.com,
andy@kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org,
lilinjie8@huawei.com, liaohua4@huawei.com
Subject: Re: [PATCH 2/2] powerpc/text-patching: Fix possible stringop-overread compilation error
Date: Fri, 6 Feb 2026 20:53:55 +0100 [thread overview]
Message-ID: <bca0abe3-5b8d-4493-a338-b41322e9e85d@kernel.org> (raw)
In-Reply-To: <202602061024.111ED487@keescook>
Le 06/02/2026 à 19:26, Kees Cook a écrit :
> On Thu, Feb 05, 2026 at 06:05:17PM +0800, Xie Yuanbin wrote:
>> For strnlen(), if the compiler detects that the maxlen argument exceeds
>> the valid memory size of the input string object, a compilation error may
>> occur.
>>
>> For lastest linux-next source, changing ppc_kallsyms_lookup_name() to
>> __always_inline, using default ppc64_defconfig, and setting
>> CONFIG_EXPERT=y, CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2=n,
>> CONFIG_CC_OPTIMIZE_FOR_SIZE=y. Then, when using gcc-15 for compilation,
>> the following error will be triggered:
>> ```log
>> CC arch/powerpc/kernel/optprobes.o
>> In file included from ./arch/powerpc/include/asm/kprobes.h:24,
>> from ./include/linux/kprobes.h:31,
>> from arch/powerpc/kernel/optprobes.c:8:
>> In function ‘ppc_kallsyms_lookup_name’,
>> inlined from ‘arch_prepare_optimized_kprobe’ at arch/powerpc/kernel/optprobes.c:209:21:
>> ./arch/powerpc/include/asm/text-patching.h:232:13: error: ‘strnlen’ specified bound 512 exceeds source size 19 [-Werror=stringop-overread]
>> 232 | if (strnlen(name, KSYM_NAME_LEN) >= KSYM_NAME_LEN)
>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> In function ‘ppc_kallsyms_lookup_name’,
>> inlined from ‘arch_prepare_optimized_kprobe’ at arch/powerpc/kernel/optprobes.c:210:22:
>> ./arch/powerpc/include/asm/text-patching.h:232:13: error: ‘strnlen’ specified bound 512 exceeds source size 13 [-Werror=stringop-overread]
>> 232 | if (strnlen(name, KSYM_NAME_LEN) >= KSYM_NAME_LEN)
>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> cc1: all warnings being treated as errors
>> ```
>>
>> Refer to the implementation of fortify's strnlen(). If the string length
>> is a compile-time constant, do not call the strnlen() function.
>>
>> Signed-off-by: Xie Yuanbin <xieyuanbin1@huawei.com>
>> ---
>> arch/powerpc/include/asm/text-patching.h | 7 ++++++-
>> 1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/powerpc/include/asm/text-patching.h b/arch/powerpc/include/asm/text-patching.h
>> index e7f14720f630..ce1b2131980a 100644
>> --- a/arch/powerpc/include/asm/text-patching.h
>> +++ b/arch/powerpc/include/asm/text-patching.h
>> @@ -228,8 +228,13 @@ static inline unsigned long ppc_kallsyms_lookup_name(const char *name)
>> /* check for dot variant */
>> char dot_name[1 + KSYM_NAME_LEN];
>> bool dot_appended = false;
>> + size_t n_len = __compiletime_strlen(name);
>> + const size_t n_size = __member_size(name);
>>
>> - if (strnlen(name, KSYM_NAME_LEN) >= KSYM_NAME_LEN)
>> + if (n_len == SIZE_MAX || KSYM_NAME_LEN < n_size)
>> + n_len = strnlen(name, KSYM_NAME_LEN);
>> +
>> + if (n_len >= KSYM_NAME_LEN)
>> return 0;
>
> Isn't it possible to do this and not need __compiletime_strlen at all?
>
> n_len = strnlen(name, min(__member_size(name), KSYM_NAME_LEN));
ppc_kallsyms_lookup_name() only has two callers and they call it with a
built-in string. I think we can do something a lot simpler, something
like (untested):
static inline unsigned long __ppc_kallsyms_lookup_name(const char *name)
{
unsigned long addr = kallsyms_lookup_name(name);
if (IS_ENABLED(CONFIG_PPC64_ELF_ABI_V2) && addr)
addr = ppc_function_entry((void *)addr);
return addr;
}
#ifdef CONFIG_PPC64_ELF_ABI_V1
#define ppc_kallsyms_lookup_name(x) __ppc_kallsyms_lookup_name("." ## x);
#else
#define ppc_kallsyms_lookup_name(x) __ppc_kallsyms_lookup_name(x)
#endif
Christophe
next prev parent reply other threads:[~2026-02-06 19:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-05 10:05 [PATCH 1/2] string: move __compiletime_strlen() to string.h Xie Yuanbin
2026-02-05 10:05 ` [PATCH 2/2] powerpc/text-patching: Fix possible stringop-overread compilation error Xie Yuanbin
2026-02-05 16:40 ` Andy Shevchenko
2026-02-06 11:14 ` Xie Yuanbin
2026-02-06 18:26 ` Kees Cook
2026-02-06 19:53 ` Christophe Leroy (CS GROUP) [this message]
2026-02-09 13:25 ` Xie Yuanbin
2026-02-09 13:41 ` Christophe Leroy (CS GROUP)
2026-02-09 14:11 ` Xie Yuanbin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bca0abe3-5b8d-4493-a338-b41322e9e85d@kernel.org \
--to=chleroy@kernel.org \
--cc=andy@kernel.org \
--cc=kees@kernel.org \
--cc=liaohua4@huawei.com \
--cc=lilinjie8@huawei.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.ibm.com \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=xieyuanbin1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox