[00/10] Annotate arguments of memtostr/strtomem with __nonstring

Message ID	20250207005832.work.324-kees@kernel.org
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FB43BA50; Fri, 7 Feb 2025 01:00:23 +0000 (UTC) From: Kees Cook <kees@kernel.org> To: Andy Shevchenko <andy@kernel.org> Cc: Kees Cook <kees@kernel.org>, Sathya Prakash <sathya.prakash@broadcom.com>, Sreekanth Reddy <sreekanth.reddy@broadcom.com>, Suganath Prabu Subramani <suganath-prabu.subramani@broadcom.com>, Kashyap Desai <kashyap.desai@broadcom.com>, Sumit Saxena <sumit.saxena@broadcom.com>, "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>, "Martin K. Petersen" <martin.petersen@oracle.com>, Nilesh Javali <njavali@marvell.com>, Andrew Morton <akpm@linux-foundation.org>, "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, Dave Hansen <dave.hansen@linux.intel.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>, Alexey Dobriyan <adobriyan@gmail.com>, Sven Eckelmann <sven@narfation.org>, Tadeusz Struk <tadeusz.struk@linaro.org>, kernel test robot <lkp@intel.com>, Erick Archer <erick.archer@outlook.com>, Dmitry Antipov <dmantipov@yandex.ru>, Ryusuke Konishi <konishi.ryusuke@gmail.com>, Luc Van Oostenryck <luc.vanoostenryck@gmail.com>, linux-kernel@vger.kernel.org, MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org, mpi3mr-linuxdrv.pdl@broadcom.com, GR-QLogic-Storage-Upstream@marvell.com, linux-hardening@vger.kernel.org, x86@kernel.org, linux-coco@lists.linux.dev, linux-nilfs@vger.kernel.org Subject: [PATCH 00/10] Annotate arguments of memtostr/strtomem with __nonstring Date: Thu, 6 Feb 2025 17:00:09 -0800 Message-Id: <20250207005832.work.324-kees@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Annotate arguments of memtostr/strtomem with __nonstring \| expand [00/10] Annotate arguments of memtostr/strtomem with __nonstring [01/10] scsi: mptfusion: Mark device strings as nonstring [02/10] scsi: mpi3mr: Mark device strings as nonstring [03/10] scsi: mpt3sas: Mark device strings as nonstring [04/10] scsi: qla2xxx: Mark device strings as nonstring [05/10] string: kunit: Mark nonstring test strings as __nonstring [06/10] x86/tdx: Mark message.str as nonstring [07/10] uapi: stddef.h: Introduce __kernel_nonstring [08/10] nilfs2: Mark on-disk strings as nonstring [09/10] compiler.h: Introduce __must_be_noncstr() [10/10] string.h: Validate memtostr()/strtomem() arguments more carefully

Message ID

20250207005832.work.324-kees@kernel.org

Headers

From: Kees Cook <kees@kernel.org>
To: Andy Shevchenko <andy@kernel.org>
Cc: Kees Cook <kees@kernel.org>,
	Sathya Prakash <sathya.prakash@broadcom.com>,
	Sreekanth Reddy <sreekanth.reddy@broadcom.com>,
	Suganath Prabu Subramani <suganath-prabu.subramani@broadcom.com>,
	Kashyap Desai <kashyap.desai@broadcom.com>,
	Sumit Saxena <sumit.saxena@broadcom.com>,
	"James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>,
	"Martin K. Petersen" <martin.petersen@oracle.com>,
	Nilesh Javali <njavali@marvell.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Alexey Dobriyan <adobriyan@gmail.com>,
	Sven Eckelmann <sven@narfation.org>,
	Tadeusz Struk <tadeusz.struk@linaro.org>,
	kernel test robot <lkp@intel.com>,
	Erick Archer <erick.archer@outlook.com>,
	Dmitry Antipov <dmantipov@yandex.ru>,
	Ryusuke Konishi <konishi.ryusuke@gmail.com>,
	Luc Van Oostenryck <luc.vanoostenryck@gmail.com>,
	linux-kernel@vger.kernel.org,
	MPT-FusionLinux.pdl@broadcom.com,
	linux-scsi@vger.kernel.org,
	mpi3mr-linuxdrv.pdl@broadcom.com,
	GR-QLogic-Storage-Upstream@marvell.com,
	linux-hardening@vger.kernel.org,
	x86@kernel.org,
	linux-coco@lists.linux.dev,
	linux-nilfs@vger.kernel.org
Subject: [PATCH 00/10] Annotate arguments of memtostr/strtomem with
 __nonstring
Date: Thu,  6 Feb 2025 17:00:09 -0800
Message-Id: <20250207005832.work.324-kees@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Annotate arguments of memtostr/strtomem with __nonstring | expand

Message

Kees Cook Feb. 7, 2025, 1 a.m. UTC

Hi,

The memtostr*() and strtomem*() helpers are designed to move between C
strings (NUL-terminated) and byte arrays (that may just be zero padded and
may not be NUL-terminated). The "nonstring" attribute is used to annotated
these kinds of byte arrays, and we can validate the annotation on the
arguments of the helpers. Add the the infrastructure to do this, and
then update all the places where these annotations are currently missing.

-Kees

Kees Cook (10):
  scsi: mptfusion: Mark device strings as nonstring
  scsi: mpi3mr: Mark device strings as nonstring
  scsi: mpt3sas: Mark device strings as nonstring
  scsi: qla2xxx: Mark device strings as nonstring
  string: kunit: Mark nonstring test strings as __nonstring
  x86/tdx: Mark message.str as nonstring
  uapi: stddef.h: Introduce __kernel_nonstring
  nilfs2: Mark on-disk strings as nonstring
  compiler.h: Introduce __must_be_noncstr()
  string.h: Validate memtostr*()/strtomem*() arguments more carefully

 arch/x86/coco/tdx/tdx.c                  |  2 +-
 drivers/message/fusion/mptsas.c          |  8 ++++----
 drivers/scsi/mpi3mr/mpi3mr_transport.c   |  8 ++++----
 drivers/scsi/mpt3sas/mpi/mpi2_cnfg.h     |  2 +-
 drivers/scsi/mpt3sas/mpt3sas_transport.c |  8 ++++----
 drivers/scsi/qla2xxx/qla_mr.h            |  4 ++--
 include/linux/compiler.h                 | 18 +++++++++++++++++-
 include/linux/string.h                   | 16 ++++++++++++----
 include/uapi/linux/nilfs2_ondisk.h       |  3 ++-
 include/uapi/linux/stddef.h              |  6 ++++++
 lib/string_kunit.c                       |  4 ++--
 11 files changed, 55 insertions(+), 24 deletions(-)

Comments

Andy Shevchenko Feb. 7, 2025, 12:09 p.m. UTC | #1

On Fri, Feb 7, 2025 at 4:37 AM Kees Cook <kees@kernel.org> wrote:
> On Thu, Feb 06, 2025 at 05:12:11PM -0800, Dave Hansen wrote:
> > On 2/6/25 17:00, Kees Cook wrote:

...

> > So, the patch itself makes sense. But it does end up looking kinda
> > funky. We call it a "str"ing and then annotate it as not a string.
>
> Yeah, this is true all over the place. It's a string, just not a
> NUL-terminated string: *sob*

Maybe call it respectively, e.g., __nontermstr ?

Kees Cook Feb. 8, 2025, 9:16 p.m. UTC | #2

On Fri, Feb 07, 2025 at 02:09:12PM +0200, Andy Shevchenko wrote:
> On Fri, Feb 7, 2025 at 4:37 AM Kees Cook <kees@kernel.org> wrote:
> > On Thu, Feb 06, 2025 at 05:12:11PM -0800, Dave Hansen wrote:
> > > On 2/6/25 17:00, Kees Cook wrote:
> 
> ...
> 
> > > So, the patch itself makes sense. But it does end up looking kinda
> > > funky. We call it a "str"ing and then annotate it as not a string.
> >
> > Yeah, this is true all over the place. It's a string, just not a
> > NUL-terminated string: *sob*
> 
> Maybe call it respectively, e.g., __nontermstr ?

I don't want to change its name from the GCC attribute. I think that's
just asking more more confusion.