Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp16246imm; Thu, 20 Sep 2018 13:17:39 -0700 (PDT) X-Google-Smtp-Source: ANB0VdaD7ctOtxMPUsJv3qc3zRYYBTukmQrMsLUMH0Qc0CWARcv3SBl5V5ZJlZZOPvfSs1oVphis X-Received: by 2002:a17:902:7c8c:: with SMTP id y12-v6mr41409790pll.283.1537474659481; Thu, 20 Sep 2018 13:17:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537474659; cv=none; d=google.com; s=arc-20160816; b=VWvi/LF7YKdJQ8aNcrwk/MwHmBw2nuLPPZd2AKlQKZTYZUVmWCj68jKOC7r+rho2/5 FsnuEZyVZze58NOj1U9xhK20JwSchIAaqNZdFMXxG7xYcYz42mikrrH8q3E/KIQLljfk L1f7bi7SunmYYk7C/E60ydZY3yu/aKxR/V7OVwoaWl13a2c7P6uT5fTUNXf6KPSrvFE4 xvdfUzUu90PWReb3RiYLDhwROJHqqJq09Ne1Iil4z1S3hfRetqGuHAbqLmAECZM5LtyL 4TiSYxniu5zMeVrtBV1rvNR25qCPppTUlle2/nPT5c6LYaaSrPOth5lvaj6q+dZ0/cws v0jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=YocOBZnb5FubGF2oF328ra0Xl0q6v8qLlmnhyCvaydE=; b=EpT0C04fYT3XPbSNGn92JSJ56mudYH6759P+XM9hskvEZRbWT+jgGcXd6BoFHY4/Or KT+MTyjP0UxqLuJoRrXwwKajUq4Bag1JRFhytlpwC5fL3qr/pLu/dO0di2nw7ia6piQl mdQUxRxo1nLYvX5sftxYpGfMkxyGyjeMoIaI8u6muyD5S44BA/30SdzQ2rFT6nf/kuxo 6R4PPHSXajUq6258TYbH8L/tDT5JiPvKtFCgpJmT6R0hEq3kx459yDl/oo2WuJmuz4zQ nZN1Z7EoO5w0lE2TRSAtfSbArJU2WqnzbI6sApqsEyOyR4HSVVbnk3fzqSWmxvQbNUTj QL4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=T1HKP7Mt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1-v6si24755001pfx.293.2018.09.20.13.17.17; Thu, 20 Sep 2018 13:17:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=T1HKP7Mt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388345AbeIUCAH (ORCPT + 99 others); Thu, 20 Sep 2018 22:00:07 -0400 Received: from mail-yb1-f194.google.com ([209.85.219.194]:33174 "EHLO mail-yb1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727232AbeIUCAG (ORCPT ); Thu, 20 Sep 2018 22:00:06 -0400 Received: by mail-yb1-f194.google.com with SMTP id y9-v6so4494531ybh.0 for ; Thu, 20 Sep 2018 13:14:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=YocOBZnb5FubGF2oF328ra0Xl0q6v8qLlmnhyCvaydE=; b=T1HKP7MtlJGRghrDPBWE4M5k0+mvCcZ5z/oqL1Cx0pE+ujAXmVl9+8FoQDMeJy2Bze vqUgBcn+Iy2JSY/E4BOE5H3dHg9Mjy/qfHE1J5AqthUXcFBnSal/K1qXHgECXsXAukrQ iC7FJY1WFa14Uc/bR0+ZhKER/WdQSKcDz5UOw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=YocOBZnb5FubGF2oF328ra0Xl0q6v8qLlmnhyCvaydE=; b=WDy8v8LItePpgJI6LkmLQcfH4ycn45GF+i66cplZvmtkSo4jxfZphLHlPjW+ZSLbbR XKVFanUQdQDfkcXaARJBQliDcSs3nQsAzpkJyVxkekK6savy+gp9oWYejzXWOrDBQQ0q AR57IlHn1HoE2la1vcx5jv5p6h8ZKCi66WPgXZMKr8tUrmdjhAJvEicEt/FaJOw0h5qN ieBrg8C/BPbDGoE5Xy9c+hf2yhxPZRUvZZ/VFjEXQDecLwnCEL5GwPK2GhTRMPw0O0Oz ESfDXKDZHAkiTq5EKXhJINdEyhKXuDoRJS2711+EVSrf2wClp6v9whNAz96QrdpeMBWr L4/g== X-Gm-Message-State: APzg51Bm1hJt4nD7w/uHM9dGOOenIdLBeBlsDJA8M2setvc0HQQSDJWi YUuMPTBd3EUM+tFQCoA9iTu85x6wxNs= X-Received: by 2002:a25:3c86:: with SMTP id j128-v6mr16016277yba.190.1537474494331; Thu, 20 Sep 2018 13:14:54 -0700 (PDT) Received: from mail-yw1-f50.google.com (mail-yw1-f50.google.com. [209.85.161.50]) by smtp.gmail.com with ESMTPSA id b185-v6sm3606821ywf.12.2018.09.20.13.14.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Sep 2018 13:14:54 -0700 (PDT) Received: by mail-yw1-f50.google.com with SMTP id z143-v6so4292092ywa.7 for ; Thu, 20 Sep 2018 13:14:53 -0700 (PDT) X-Received: by 2002:a81:4418:: with SMTP id r24-v6mr18926266ywa.407.1537474121494; Thu, 20 Sep 2018 13:08:41 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f04:0:0:0:0:0 with HTTP; Thu, 20 Sep 2018 13:08:40 -0700 (PDT) In-Reply-To: <20180920172301.21868-13-miguel.ojeda.sandonis@gmail.com> References: <20180920172301.21868-1-miguel.ojeda.sandonis@gmail.com> <20180920172301.21868-13-miguel.ojeda.sandonis@gmail.com> From: Kees Cook Date: Thu, 20 Sep 2018 13:08:40 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v5 12/15] Compiler Attributes: add support for __nonstring (gcc >= 8) To: Miguel Ojeda Cc: Greg Kroah-Hartman , LKML , Andreas Dilger , Masahiro Yamada , Michal Marek , Steven Rostedt , Mauro Carvalho Chehab , Olof Johansson , Konstantin Ryabitsev , "David S . Miller" , Andrey Ryabinin , Thomas Gleixner , Ingo Molnar , Paul Lawrence , Sandipan Das , Andrey Konovalov , David Woodhouse , Will Deacon , Philippe Ombredanne , Paul Burton , David Rientjes , Willy Tarreau , Martin Sebor , Christopher Li , Jonathan Corbet , "Theodore Ts'o" , Geert Uytterhoeven , Rasmus Villemoes , Joe Perches , Arnd Bergmann , Dominique Martinet , Stefan Agner , Luc Van Oostenryck , Nick Desaulniers , Andrew Morton , Linus Torvalds , "open list:DOCUMENTATION" , Ext4 Developers List , Sparse Mailing-list , linux-kbuild Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 20, 2018 at 10:22 AM, Miguel Ojeda wrote: > From the GCC manual: > > nonstring > > The nonstring variable attribute specifies that an object or member > declaration with type array of char, signed char, or unsigned char, > or pointer to such a type is intended to store character arrays that > do not necessarily contain a terminating NUL. This is useful in detecting > uses of such arrays or pointers with functions that expect NUL-terminated > strings, and to avoid warnings when such an array or pointer is used as > an argument to a bounded string manipulation function such as strncpy. > > https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html > > This attribute can be used for documentation purposes (i.e. replacing > comments), but it is most helpful when the following warnings are enabled: > > -Wstringop-overflow > > Warn for calls to string manipulation functions such as memcpy and > strcpy that are determined to overflow the destination buffer. > > [...] > > -Wstringop-truncation > > Warn for calls to bounded string manipulation functions such as > strncat, strncpy, and stpncpy that may either truncate the copied > string or leave the destination unchanged. > > [...] > > In situations where a character array is intended to store a sequence > of bytes with no terminating NUL such an array may be annotated with > attribute nonstring to avoid this warning. Such arrays, however, > are not suitable arguments to functions that expect NUL-terminated > strings. To help detect accidental misuses of such arrays GCC issues > warnings unless it can prove that the use is safe. > > https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html > > Signed-off-by: Miguel Ojeda Reviewed-by: Kees Cook -Kees -- Kees Cook Pixel Security