tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'hardening-v6.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull hardening fixes from Kees Cook:
"Address a KUnit stack initialization regression that got tickled on
m68k, and solve a Clang(v14 and earlier) bug found by 0day:

- Fix stackinit KUnit regression on m68k

- Use ARRAY_SIZE() for memtostr*()/strtomem*()"

* tag 'hardening-v6.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
string.h: Use ARRAY_SIZE() for memtostr*()/strtomem*()
compiler.h: Introduce __must_be_byte_array()
compiler.h: Move C string helpers into C-only kernel section
stackinit: Fix comment for test_small_end
stackinit: Keep selftest union size small on m68k

Linus Torvalds 9946eaf5 f4a45f14

+31 -19
+19 -13
include/linux/compiler.h
··· 191 191 __v; \ 192 192 }) 193 193 194 + #ifdef __CHECKER__ 195 + #define __BUILD_BUG_ON_ZERO_MSG(e, msg) (0) 196 + #else /* __CHECKER__ */ 197 + #define __BUILD_BUG_ON_ZERO_MSG(e, msg) ((int)sizeof(struct {_Static_assert(!(e), msg);})) 198 + #endif /* __CHECKER__ */ 199 + 200 + /* &a[0] degrades to a pointer: a different type from an array */ 201 + #define __is_array(a) (!__same_type((a), &(a)[0])) 202 + #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \ 203 + "must be array") 204 + 205 + #define __is_byte_array(a) (__is_array(a) && sizeof((a)[0]) == 1) 206 + #define __must_be_byte_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_byte_array(a), \ 207 + "must be byte array") 208 + 209 + /* Require C Strings (i.e. NUL-terminated) lack the "nonstring" attribute. */ 210 + #define __must_be_cstr(p) \ 211 + __BUILD_BUG_ON_ZERO_MSG(__annotated(p, nonstring), "must be cstr (NUL-terminated)") 212 + 194 213 #endif /* __KERNEL__ */ 195 214 196 215 /** ··· 249 230 .popsection; 250 231 251 232 #define __ADDRESSABLE_ASM_STR(sym) __stringify(__ADDRESSABLE_ASM(sym)) 252 - 253 - #ifdef __CHECKER__ 254 - #define __BUILD_BUG_ON_ZERO_MSG(e, msg) (0) 255 - #else /* __CHECKER__ */ 256 - #define __BUILD_BUG_ON_ZERO_MSG(e, msg) ((int)sizeof(struct {_Static_assert(!(e), msg);})) 257 - #endif /* __CHECKER__ */ 258 - 259 - /* &a[0] degrades to a pointer: a different type from an array */ 260 - #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(__same_type((a), &(a)[0]), "must be array") 261 - 262 - /* Require C Strings (i.e. NUL-terminated) lack the "nonstring" attribute. */ 263 - #define __must_be_cstr(p) \ 264 - __BUILD_BUG_ON_ZERO_MSG(__annotated(p, nonstring), "must be cstr (NUL-terminated)") 265 233 266 234 /* 267 235 * This returns a constant expression while determining if an argument is
+8 -4
include/linux/string.h
··· 414 414 * must be discoverable by the compiler. 415 415 */ 416 416 #define strtomem_pad(dest, src, pad) do { \ 417 - const size_t _dest_len = __builtin_object_size(dest, 1); \ 417 + const size_t _dest_len = __must_be_byte_array(dest) + \ 418 + ARRAY_SIZE(dest); \ 418 419 const size_t _src_len = __builtin_object_size(src, 1); \ 419 420 \ 420 421 BUILD_BUG_ON(!__builtin_constant_p(_dest_len) || \ ··· 438 437 * must be discoverable by the compiler. 439 438 */ 440 439 #define strtomem(dest, src) do { \ 441 - const size_t _dest_len = __builtin_object_size(dest, 1); \ 440 + const size_t _dest_len = __must_be_byte_array(dest) + \ 441 + ARRAY_SIZE(dest); \ 442 442 const size_t _src_len = __builtin_object_size(src, 1); \ 443 443 \ 444 444 BUILD_BUG_ON(!__builtin_constant_p(_dest_len) || \ ··· 458 456 * Note that sizes of @dest and @src must be known at compile-time. 459 457 */ 460 458 #define memtostr(dest, src) do { \ 461 - const size_t _dest_len = __builtin_object_size(dest, 1); \ 459 + const size_t _dest_len = __must_be_byte_array(dest) + \ 460 + ARRAY_SIZE(dest); \ 462 461 const size_t _src_len = __builtin_object_size(src, 1); \ 463 462 const size_t _src_chars = strnlen(src, _src_len); \ 464 463 const size_t _copy_len = min(_dest_len - 1, _src_chars); \ ··· 484 481 * Note that sizes of @dest and @src must be known at compile-time. 485 482 */ 486 483 #define memtostr_pad(dest, src) do { \ 487 - const size_t _dest_len = __builtin_object_size(dest, 1); \ 484 + const size_t _dest_len = __must_be_byte_array(dest) + \ 485 + ARRAY_SIZE(dest); \ 488 486 const size_t _src_len = __builtin_object_size(src, 1); \ 489 487 const size_t _src_chars = strnlen(src, _src_len); \ 490 488 const size_t _copy_len = min(_dest_len - 1, _src_chars); \
+4 -2
lib/stackinit_kunit.c
··· 75 75 */ 76 76 #ifdef CONFIG_M68K 77 77 #define FILL_SIZE_STRING 8 78 + #define FILL_SIZE_ARRAY 2 78 79 #else 79 80 #define FILL_SIZE_STRING 16 81 + #define FILL_SIZE_ARRAY 8 80 82 #endif 81 83 82 84 #define INIT_CLONE_SCALAR /**/ ··· 347 345 short three; 348 346 unsigned long four; 349 347 struct big_struct { 350 - unsigned long array[8]; 348 + unsigned long array[FILL_SIZE_ARRAY]; 351 349 } big; 352 350 }; 353 351 354 - /* Mismatched sizes, with one and two being small */ 352 + /* Mismatched sizes, with three and four being small */ 355 353 union test_small_end { 356 354 short one; 357 355 unsigned long two;