From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 143FE3FEB1B
	for <linux-kernel@vger.kernel.org>; Tue, 31 Mar 2026 14:55:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.47
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1774968946; cv=none; b=An8twReDjBthGLK8OvDoWxvj61KqUksPfCpf5UfIG8UJ6FkSZxWoeYPo90bNYLvYEiSiT5xwgwe2JgIYg2CS+dp0QczyKjcOZ13TiuIUJDqnESxFTjYi+bXT9+gXyFB2ZD8eCW/Tp2eBR7jZoU7tWD1sQawIDfNZ4mB5dhfkj+k=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1774968946; c=relaxed/simple;
	bh=bUkLek+dHDn/UBKanQCUz/l1OEBhgtZsGy6Gp1DMqxk=;
	h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type; b=PmDznc4mg8ESRHlQPhW/k7p0P49c4V9EGWg9fM1zwsMMd1lV2dF2fDgAgjEfwJX746K1OFeuUJFDFtINq/oQDO4leM1QyCJhyqF6SO33T0q4TMnjqZbLnczMhuS24obisW92s1UbwulEdCP5O0D8sSwv1gKfosrlcJDqDwV8S3k=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=RqRTeQ6w; arc=none smtp.client-ip=209.85.221.47
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RqRTeQ6w"
Received: by mail-wr1-f47.google.com with SMTP id ffacd0b85a97d-43d03db7f87so1152717f8f.3
        for <linux-kernel@vger.kernel.org>; Tue, 31 Mar 2026 07:55:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1774968943; x=1775573743; darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date:from:to:cc:subject:date
         :message-id:reply-to;
        bh=pqHHDUqIclluzk0swGJGqBm0kNqls0rOfMS16PbzCSc=;
        b=RqRTeQ6w+2NW40J51B2iiJkTHZiiI0gLtNtordbxSnEWgyo9ptYZ2fd5JQHc3f0gD2
         RpNdMb4Sk4m92T8HoN6dp3mKnkVyk5K6aas2FB+l75ssEHuPh248XXQBX28tV1zxysOY
         jn3OPK2qFrh3b7FFSRnJHsFv78MSew9EoiX8RWUOe4Ofu1PnleDiyTUcX+Hz3yDwDT9t
         npnXwWRnxSOssbYn/ndr/xhmlG7p2RSyHI/84PlEG6JRAfvODzok0m7uvB7WWuIxB+zq
         GsuPaPl1lUJ/pKXHKVi3VNTRMSu8AiyO+EUGzfvhIwM8g5p3DMC+nahJHaOoyQ0eLle0
         ygxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774968943; x=1775573743;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=pqHHDUqIclluzk0swGJGqBm0kNqls0rOfMS16PbzCSc=;
        b=NRNrzreR3gkKHnqc4ekoa5qykezLWRa54j4REgXxBxdwUFqY7xasFY2/fxPpu+NJ/G
         pb7XdcpD+KY9CjnS8IqfHZOhz2A9G8xx/lY/s5f9IUQuj6YxsLLxkVn48THwggVgfjtb
         3s2YTW9SHG0tf2w8mQhqnK5m58B2B1jgsbqcfnPh10V3mUcpE5zEJsvDDwQMXeBJGoxM
         Szc4/8NLafACWkSYTo2Dd2mlmV2aQmD4NrN5KE0ZZqOnPgCJ4ywGCrXGt+FWMW5w+7xB
         cFCfbGf1SFrk2XFOTNLuH5lbYD/XQaGDPQd9UQrhEyW41PiKm9vYJmPPLSRm4l/jgzo1
         apdw==
X-Forwarded-Encrypted: i=1; AJvYcCVS1sClCrSuUgE56u/po7mYklxlk0r23MVOCdPUNUB6ZzT6fXv4xPUhBoqie2BNNA+9DQehJN2tqJfTxFU=@vger.kernel.org
X-Gm-Message-State: AOJu0YwmVdP9yxTz5HhOFVClQlTNVBEDBexC5sC6Is049VMBmDCgSrpw
	mgGY92SJjJuPtAi0VMCJMnDoWdlht0n7svGMKkpD5GBwmSCFnxQSPf6fEwjV7D4F
X-Gm-Gg: ATEYQzxtLvgxjB93iBN0uRd70X839IagGAvsVNTZpOPoXayI6yK/x1tkQL3PwnsQlg0
	FM0WZhzPVZejsntWCEvEJzbmaKVU2DhPm0iZFUPzsEJBGkzWiNtR+A8QLlptC1NsnssDRWcZeDb
	+kazhjeexBVjTp0nSGJJOt0drqlZqnYmhZb+Djs35ewgQyrvwHrWp8E8gxIzy17cqzNLL7bphMu
	Fgf9WIIN+7Wpnd8Ua4ZR8acD+dXts/GZ8RxOQF/Magz2n0VB2NMS3Ucjf1YZbG9wxQELTYD+LUU
	4fV5kVMnazsJVEJKhsPt8BgYp20xXQy6Y4cdn+jBToAVFqyGfgxXldxddaUHj3RpXts96dS6wQX
	1BOgJaClO1zrchHD/ikbtTp91Tt9/aGIJ+1GaaH7azlotufaaauFr/WRHEHqlItZOruWDZO4YmH
	Q2LbHXauZ9WkioiQWVM0qXNrRHuLilV32sremnqU0/kgdJX7NigI9zAxtk8LYR98u9sS3MbzE=
X-Received: by 2002:a5d:5d88:0:b0:43a:4de:fdc2 with SMTP id ffacd0b85a97d-43b9e9e89a4mr28439291f8f.13.1774968943148;
        Tue, 31 Mar 2026 07:55:43 -0700 (PDT)
Received: from pumpkin (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43cf21e2628sm30874665f8f.6.2026.03.31.07.55.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 31 Mar 2026 07:55:42 -0700 (PDT)
Date: Tue, 31 Mar 2026 15:55:41 +0100
From: David Laight <david.laight.linux@gmail.com>
To: Kees Cook <kees@kernel.org>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH next 2/3] fortify: Optimise strnlen()
Message-ID: <20260331155541.0451cb29@pumpkin>
In-Reply-To: <20260331111428.0b0575dd@pumpkin>
References: <20260330132003.3379-1-david.laight.linux@gmail.com>
	<20260330132003.3379-3-david.laight.linux@gmail.com>
	<202603302335.0AEEF9154@keescook>
	<20260331111428.0b0575dd@pumpkin>
X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 31 Mar 2026 11:14:28 +0100
David Laight <david.laight.linux@gmail.com> wrote:

> On Mon, 30 Mar 2026 23:36:07 -0700
> Kees Cook <kees@kernel.org> wrote:
> 
> > On Mon, Mar 30, 2026 at 02:20:02PM +0100, david.laight.linux@gmail.com wrote:  
> > > From: David Laight <david.laight.linux@gmail.com>
> > > 
> > > If the string is constant there is no need to call __real_strlen()
> > > even when maxlen is a variable - just return the smaller value.
> > > 
> > > If the size of the string variable is unknown fortify_panic() can't be
> > > called, change the condition so that the compiler can optimise it away.
> > > 
> > > Change __compiletime_strlen(p) to return a 'non-constant' value
> > > for non-constant strings (the same as __builtin_strlen()).
> > > Simplify since it is only necessary to check that the size is constant
> > > and that the last character is '\0'.
> > > Explain why it is different from __builtin_strlen().
> > > Update the kunit tests to match.    
> > 
> > See also
> > commit d07c0acb4f41 ("fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL")
> > 
> > -Kees
...
> That really means you can only use __builtin_strlen().
> Which means you'll get a compile-time error from:
> 	char foo[3] = "foo";
> 	__builtin_strlen(foo);
> rather the 'not a constant' when checking strscpy(tgt, foo, 3);
> At a guess that never happens except in the tests.

I wrote this change a while ago, I tried using __builtin_strlen()
but got a compile error in the tests.

However I've just built an x86-64 allmodconfig kernel on top of
my patches with:
#define __compiletime_strlen(p) __builtin_strlen()
so something must have changed since then (probably related to the
__nonstring changes).

So the actual fix for the above is to use __builtin_strlen().
IIRC it also detects a few more strings being constant.

	David