From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5591C652 for ; Wed, 31 Aug 2022 06:05:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 517AEC433C1; Wed, 31 Aug 2022 06:05:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1661925914; bh=SGYtE+p3Dtu7fXMJkMnYtZQdjKI8+lz4apBzmE24BwU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Leas9ssnKXdkrL04JMj7MN3/F8Ky+L1na54faAV9IGDg7hCXKUJZGk3Vb+tBt2dKN LGrhWBJ97gERfM/oo4YvDmIiUM7KGaC+m02IHuXg5TVtgSYRIQu8z8ql+E9FRX75ZV A+J5D+7S942nrwBEKrpqkjb4/cnFp/9VMJ+KSIwo= Date: Wed, 31 Aug 2022 08:05:28 +0200 From: Greg KH To: Nick Desaulniers Cc: Kees Cook , Nathan Chancellor , Tom Rix , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Jiri Kosina , Benjamin Tissoires , linux-input@vger.kernel.org, Masahiro Yamada Subject: Re: [PATCH 3/3] HID: avoid runtime call to strlen Message-ID: References: <20220830205309.312864-1-ndesaulniers@google.com> <20220830205309.312864-4-ndesaulniers@google.com> Precedence: bulk X-Mailing-List: llvm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220830205309.312864-4-ndesaulniers@google.com> On Tue, Aug 30, 2022 at 01:53:09PM -0700, Nick Desaulniers wrote: > While looking into a CONFIG_FORTIFY=y related bug, I noticed that > hid_allocate calls strlen() on a local C string variable. This variable > can only have literal string values. There is no benefit to having > FORTIFY have this be a checked strlen call, because these are literal > values. By calling strlen() explicitly in the branches of a switch, the > compiler can evaluate strlen("literal value") at compile time, rather > than at runtime. > > Signed-off-by: Nick Desaulniers > --- > drivers/hid/hid-input.c | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c > index 48c1c02c69f4..9ad3cc88c26b 100644 > --- a/drivers/hid/hid-input.c > +++ b/drivers/hid/hid-input.c > @@ -1922,12 +1922,15 @@ static struct hid_input *hidinput_allocate(struct hid_device *hid, > switch (application) { > case HID_GD_KEYBOARD: > suffix = "Keyboard"; > + suffix_len = strlen(suffix); > break; > case HID_GD_KEYPAD: > suffix = "Keypad"; > + suffix_len = strlen(suffix); > break; > case HID_GD_MOUSE: > suffix = "Mouse"; > + suffix_len = strlen(suffix); This seems ripe for someone to come along and go "look at this cleanup patch where I move all of this duplicated code to below it in one line!" As this is a compiler bug, why not fix the compiler? Or at least put a comment in here saying why this looks so odd to prevent it from being changed in the future. thanks, greg k-h