Several new instances of -Wfortify-source after LLVM commit 0c9c9dd9a24f9 #1923

nathanchance · 2023-08-28T14:30:30Z

After llvm/llvm-project@0c9c9dd, I see several new instances of -Wfortify-source (LKFT reported one as well):

drivers/input/misc/ims-pcu.c:1802:2: warning: 'snprintf' will always be truncated; specified size is 10, but format string expands to at least 12 [-Wfortify-source]
drivers/input/misc/ims-pcu.c:1814:2: warning: 'snprintf' will always be truncated; specified size is 10, but format string expands to at least 12 [-Wfortify-source]
drivers/media/pci/cx18/cx18-mailbox.c:99:3: warning: 'snprintf' will always be truncated; specified size is 12, but format string expands to at least 14 [-Wfortify-source]
drivers/net/ethernet/freescale/enetc/enetc.c:2771:3: warning: 'snprintf' will always be truncated; specified size is 80, but format string expands to at least 110 [-Wfortify-source]
drivers/net/ethernet/mellanox/mlx5/core/esw/bridge.c:1853:4: warning: 'snprintf' will always be truncated; specified size is 80, but format string expands to at least 94 [-Wfortify-source]
drivers/net/ethernet/qlogic/qed/qed_main.c:1218:3: warning: 'snprintf' will always be truncated; specified size is 16, but format string expands to at least 18 [-Wfortify-source]
drivers/net/ethernet/sfc/tc.c:521:5: warning: 'snprintf' will always be truncated; specified size is 80, but format string expands to at least 107 [-Wfortify-source]
drivers/net/ethernet/sfc/tc.c:528:5: warning: 'snprintf' will always be truncated; specified size is 80, but format string expands to at least 106 [-Wfortify-source]
drivers/platform/surface/surface3_power.c:248:3: warning: 'snprintf' will always be truncated; specified size is 10, but format string expands to at least 12 [-Wfortify-source]
drivers/s390/block/dasd_eckd.c:1082:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 11 [-Wfortify-source]
drivers/s390/block/dasd_eckd.c:1087:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 10 [-Wfortify-source]
drivers/scsi/myrb.c:1906:10: warning: 'snprintf' will always be truncated; specified size is 32, but format string expands to at least 34 [-Wfortify-source]
drivers/scsi/myrs.c:1089:10: warning: 'snprintf' will always be truncated; specified size is 32, but format string expands to at least 34 [-Wfortify-source]
drivers/scsi/myrs.cdrivers/scsi/myrb.c:1906:10: warning: 'snprintf' will always be truncated; specified size is 32, but format string expands to at least 34 [-Wfortify-source]
drivers/video/fbdev/neofb.c:1959:3: warning: 'snprintf' will always be truncated; specified size is 16, but format string expands to at least 17 [-Wfortify-source]
drivers/video/fbdev/neofb.c:1963:3: warning: 'snprintf' will always be truncated; specified size is 16, but format string expands to at least 18 [-Wfortify-source]
drivers/video/fbdev/neofb.c:1967:3: warning: 'snprintf' will always be truncated; specified size is 16, but format string expands to at least 17 [-Wfortify-source]
drivers/video/fbdev/neofb.c:1971:3: warning: 'snprintf' will always be truncated; specified size is 16, but format string expands to at least 17 [-Wfortify-source]
drivers/video/fbdev/neofb.c:1978:3: warning: 'snprintf' will always be truncated; specified size is 16, but format string expands to at least 18 [-Wfortify-source]
drivers/video/fbdev/neofb.c:1985:3: warning: 'snprintf' will always be truncated; specified size is 16, but format string expands to at least 17 [-Wfortify-source]
drivers/video/fbdev/neofb.c:1992:3: warning: 'snprintf' will always be truncated; specified size is 16, but format string expands to at least 18 [-Wfortify-source]
drivers/video/fbdev/sh_mobile_lcdcfb.c:1578:2: warning: 'snprintf' will always be truncated; specified size is 16, but format string expands to at least 25 [-Wfortify-source]
sound/aoa/soundbus/i2sbus/core.c:170:6: warning: 'snprintf' will always be truncated; specified size is 6, but format string expands to at least 7 [-Wfortify-source]

Not too many but for at least the drivers/video/fbdev ones, the size is in a UAPI header (include/uapi/linux/fb.h), so I am not really sure how we will go about fixing these...

I have not checked to see if GCC warns about these same instances but -Wformat-truncation is disabled in mainline and placed in W=1 in -next but we don't get that same escape hatch because this is not a separate warning option.

The text was updated successfully, but these errors were encountered:

nathanchance · 2023-08-28T17:31:00Z

GCC appears to flag most of these...

Full GCC warning instances

drivers/input/misc/ims-pcu.c: In function 'ims_pcu_get_device_info':
drivers/input/misc/ims-pcu.c:1803:31: error: '%02d' directive output may be truncated writing between 2 and 3 bytes into a region of size between 1 and 4 [-Werror=format-truncation=]
 1803 |                  "%02d%02d%02d%02d.%c%c",
      |                               ^~~~
drivers/input/misc/ims-pcu.c:1803:18: note: directive argument in the range [0, 255]
 1803 |                  "%02d%02d%02d%02d.%c%c",
      |                  ^~~~~~~~~~~~~~~~~~~~~~~
drivers/input/misc/ims-pcu.c:1802:9: note: 'snprintf' output between 12 and 16 bytes into a destination of size 10
 1802 |         snprintf(pcu->fw_version, sizeof(pcu->fw_version),
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1803 |                  "%02d%02d%02d%02d.%c%c",
      |                  ~~~~~~~~~~~~~~~~~~~~~~~~
 1804 |                  pcu->cmd_buf[2], pcu->cmd_buf[3], pcu->cmd_buf[4], pcu->cmd_buf[5],
      |                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1805 |                  pcu->cmd_buf[6], pcu->cmd_buf[7]);
      |                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/input/misc/ims-pcu.c:1815:31: error: '%02d' directive output may be truncated writing between 2 and 3 bytes into a region of size between 1 and 4 [-Werror=format-truncation=]
 1815 |                  "%02d%02d%02d%02d.%c%c",
      |                               ^~~~
drivers/input/misc/ims-pcu.c:1815:18: note: directive argument in the range [0, 255]
 1815 |                  "%02d%02d%02d%02d.%c%c",
      |                  ^~~~~~~~~~~~~~~~~~~~~~~
drivers/input/misc/ims-pcu.c:1814:9: note: 'snprintf' output between 12 and 16 bytes into a destination of size 10
 1814 |         snprintf(pcu->bl_version, sizeof(pcu->bl_version),
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1815 |                  "%02d%02d%02d%02d.%c%c",
      |                  ~~~~~~~~~~~~~~~~~~~~~~~~
 1816 |                  pcu->cmd_buf[2], pcu->cmd_buf[3], pcu->cmd_buf[4], pcu->cmd_buf[5],
      |                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1817 |                  pcu->cmd_buf[6], pcu->cmd_buf[7]);
      |                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

In file included from include/uapi/linux/neighbour.h:6,
                 from include/linux/netdevice.h:46,
                 from drivers/net/ethernet/freescale/enetc/enetc.h:6,
                 from drivers/net/ethernet/freescale/enetc/enetc.c:4:
In function 'enetc_setup_xdp_prog',
    inlined from 'enetc_setup_bpf' at drivers/net/ethernet/freescale/enetc/enetc.c:2791:10:
include/linux/netlink.h:115:13: error: ' TXQs for network stack (tot...' directive output truncated writing 31 bytes into a region of size between 0 and 14 [-Werror=format-truncation=]
  115 |         if (snprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN,               \
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  116 |                      "%s" fmt "%s", "", ##args, "") >=                         \
      |                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:130:9: note: in expansion of macro 'NL_SET_ERR_MSG_FMT'
  130 |         NL_SET_ERR_MSG_FMT((extack), KBUILD_MODNAME ": " fmt, ##args)
      |         ^~~~~~~~~~~~~~~~~~
drivers/net/ethernet/freescale/enetc/enetc.c:2771:17: note: in expansion of macro 'NL_SET_ERR_MSG_FMT_MOD'
 2771 |                 NL_SET_ERR_MSG_FMT_MOD(extack,
      |                 ^~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:115:13: note: directive argument in the range [0, 65535]
  115 |         if (snprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN,               \
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  116 |                      "%s" fmt "%s", "", ##args, "") >=                         \
      |                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:130:9: note: in expansion of macro 'NL_SET_ERR_MSG_FMT'
  130 |         NL_SET_ERR_MSG_FMT((extack), KBUILD_MODNAME ": " fmt, ##args)
      |         ^~~~~~~~~~~~~~~~~~
drivers/net/ethernet/freescale/enetc/enetc.c:2771:17: note: in expansion of macro 'NL_SET_ERR_MSG_FMT_MOD'
 2771 |                 NL_SET_ERR_MSG_FMT_MOD(extack,
      |                 ^~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:115:13: note: 'snprintf' output between 110 and 134 bytes into a destination of size 80
  115 |         if (snprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN,               \
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  116 |                      "%s" fmt "%s", "", ##args, "") >=                         \
      |                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:130:9: note: in expansion of macro 'NL_SET_ERR_MSG_FMT'
  130 |         NL_SET_ERR_MSG_FMT((extack), KBUILD_MODNAME ": " fmt, ##args)
      |         ^~~~~~~~~~~~~~~~~~
drivers/net/ethernet/freescale/enetc/enetc.c:2771:17: note: in expansion of macro 'NL_SET_ERR_MSG_FMT_MOD'
 2771 |                 NL_SET_ERR_MSG_FMT_MOD(extack,
      |                 ^~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

drivers/net/ethernet/qlogic/qed/qed_main.c: In function 'qed_slowpath_start':
drivers/net/ethernet/qlogic/qed/qed_main.c:1218:63: error: '%02x' directive output truncated writing 2 bytes into a region of size 1 [-Werror=format-truncation=]
 1218 |                 snprintf(name, NAME_SIZE, "slowpath-%02x:%02x.%02x",
      |                                                               ^~~~
In function 'qed_slowpath_wq_start',
    inlined from 'qed_slowpath_start' at drivers/net/ethernet/qlogic/qed/qed_main.c:1250:6:
drivers/net/ethernet/qlogic/qed/qed_main.c:1218:43: note: directive argument in the range [0, 255]
 1218 |                 snprintf(name, NAME_SIZE, "slowpath-%02x:%02x.%02x",
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/qlogic/qed/qed_main.c:1218:17: note: 'snprintf' output 18 bytes into a destination of size 16
 1218 |                 snprintf(name, NAME_SIZE, "slowpath-%02x:%02x.%02x",
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1219 |                          cdev->pdev->bus->number,
      |                          ~~~~~~~~~~~~~~~~~~~~~~~~
 1220 |                          PCI_SLOT(cdev->pdev->devfn), hwfn->abs_pf_id);
      |                          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

In file included from include/uapi/linux/neighbour.h:6,
                 from include/linux/netdevice.h:46,
                 from include/net/sch_generic.h:5,
                 from include/net/pkt_cls.h:7,
                 from drivers/net/ethernet/sfc/tc.c:12:
drivers/net/ethernet/sfc/tc.c: In function 'efx_tc_flower_record_encap_match':
include/linux/netlink.h:115:13: error: ' conflicts with existing pse...' directive output truncated writing 53 bytes into a region of size between 28 and 33 [-Werror=format-truncation=]
  115 |         if (snprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN,               \
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  116 |                      "%s" fmt "%s", "", ##args, "") >=                         \
      |                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:130:9: note: in expansion of macro 'NL_SET_ERR_MSG_FMT'
  130 |         NL_SET_ERR_MSG_FMT((extack), KBUILD_MODNAME ": " fmt, ##args)
      |         ^~~~~~~~~~~~~~~~~~
drivers/net/ethernet/sfc/tc.c:528:33: note: in expansion of macro 'NL_SET_ERR_MSG_FMT_MOD'
  528 |                                 NL_SET_ERR_MSG_FMT_MOD(extack,
      |                                 ^~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:115:13: note: directive argument in the range [0, 65535]
  115 |         if (snprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN,               \
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  116 |                      "%s" fmt "%s", "", ##args, "") >=                         \
      |                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:130:9: note: in expansion of macro 'NL_SET_ERR_MSG_FMT'
  130 |         NL_SET_ERR_MSG_FMT((extack), KBUILD_MODNAME ": " fmt, ##args)
      |         ^~~~~~~~~~~~~~~~~~
drivers/net/ethernet/sfc/tc.c:528:33: note: in expansion of macro 'NL_SET_ERR_MSG_FMT_MOD'
  528 |                                 NL_SET_ERR_MSG_FMT_MOD(extack,
      |                                 ^~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:115:13: note: 'snprintf' output between 102 and 112 bytes into a destination of size 80
  115 |         if (snprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN,               \
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  116 |                      "%s" fmt "%s", "", ##args, "") >=                         \
      |                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:130:9: note: in expansion of macro 'NL_SET_ERR_MSG_FMT'
  130 |         NL_SET_ERR_MSG_FMT((extack), KBUILD_MODNAME ": " fmt, ##args)
      |         ^~~~~~~~~~~~~~~~~~
drivers/net/ethernet/sfc/tc.c:528:33: note: in expansion of macro 'NL_SET_ERR_MSG_FMT_MOD'
  528 |                                 NL_SET_ERR_MSG_FMT_MOD(extack,
      |                                 ^~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:115:13: error: ' conflicts with existing pse...' directive output truncated writing 57 bytes into a region of size 39 [-Werror=format-truncation=]
  115 |         if (snprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN,               \
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  116 |                      "%s" fmt "%s", "", ##args, "") >=                         \
      |                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:130:9: note: in expansion of macro 'NL_SET_ERR_MSG_FMT'
  130 |         NL_SET_ERR_MSG_FMT((extack), KBUILD_MODNAME ": " fmt, ##args)
      |         ^~~~~~~~~~~~~~~~~~
drivers/net/ethernet/sfc/tc.c:521:33: note: in expansion of macro 'NL_SET_ERR_MSG_FMT_MOD'
  521 |                                 NL_SET_ERR_MSG_FMT_MOD(extack,
      |                                 ^~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:115:13: note: directive argument in the range [0, 255]
  115 |         if (snprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN,               \
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  116 |                      "%s" fmt "%s", "", ##args, "") >=                         \
      |                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:130:9: note: in expansion of macro 'NL_SET_ERR_MSG_FMT'
  130 |         NL_SET_ERR_MSG_FMT((extack), KBUILD_MODNAME ": " fmt, ##args)
      |         ^~~~~~~~~~~~~~~~~~
drivers/net/ethernet/sfc/tc.c:521:33: note: in expansion of macro 'NL_SET_ERR_MSG_FMT_MOD'
  521 |                                 NL_SET_ERR_MSG_FMT_MOD(extack,
      |                                 ^~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:115:13: note: 'snprintf' output 103 bytes into a destination of size 80
  115 |         if (snprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN,               \
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  116 |                      "%s" fmt "%s", "", ##args, "") >=                         \
      |                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/netlink.h:130:9: note: in expansion of macro 'NL_SET_ERR_MSG_FMT'
  130 |         NL_SET_ERR_MSG_FMT((extack), KBUILD_MODNAME ": " fmt, ##args)
      |         ^~~~~~~~~~~~~~~~~~
drivers/net/ethernet/sfc/tc.c:521:33: note: in expansion of macro 'NL_SET_ERR_MSG_FMT_MOD'
  521 |                                 NL_SET_ERR_MSG_FMT_MOD(extack,
      |                                 ^~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

drivers/s390/block/dasd_eckd.c: In function 'dasd_eckd_get_uid_string':
drivers/s390/block/dasd_eckd.c:1088:27: error: '%s' directive output may be truncated writing up to 3 bytes into a region of size 1 [-Werror=format-truncation=]
 1088 |                          "%s.%s.%04x.%02x",
      |                           ^~
 1089 |                          uid.vendor, uid.serial, uid.ssid,
      |                          ~~~~~~~~~~
drivers/s390/block/dasd_eckd.c:1088:26: note: directive argument in the range [0, 65535]
 1088 |                          "%s.%s.%04x.%02x",
      |                          ^~~~~~~~~~~~~~~~~
drivers/s390/block/dasd_eckd.c:1088:26: note: directive argument in the range [0, 255]
drivers/s390/block/dasd_eckd.c:1087:17: note: 'snprintf' output between 10 and 27 bytes into a destination of size 1
 1087 |                 snprintf(print_uid, sizeof(*print_uid),
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1088 |                          "%s.%s.%04x.%02x",
      |                          ~~~~~~~~~~~~~~~~~~
 1089 |                          uid.vendor, uid.serial, uid.ssid,
      |                          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1090 |                          uid.real_unit_addr);
      |                          ~~~~~~~~~~~~~~~~~~~
drivers/s390/block/dasd_eckd.c:1083:27: error: '%s' directive output may be truncated writing up to 3 bytes into a region of size 1 [-Werror=format-truncation=]
 1083 |                          "%s.%s.%04x.%02x.%s",
      |                           ^~
 1084 |                          uid.vendor, uid.serial, uid.ssid,
      |                          ~~~~~~~~~~
drivers/s390/block/dasd_eckd.c:1083:26: note: directive argument in the range [0, 65535]
 1083 |                          "%s.%s.%04x.%02x.%s",
      |                          ^~~~~~~~~~~~~~~~~~~~
drivers/s390/block/dasd_eckd.c:1083:26: note: directive argument in the range [0, 255]
drivers/s390/block/dasd_eckd.c:1082:17: note: 'snprintf' output between 11 and 60 bytes into a destination of size 1
 1082 |                 snprintf(print_uid, sizeof(*print_uid),
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1083 |                          "%s.%s.%04x.%02x.%s",
      |                          ~~~~~~~~~~~~~~~~~~~~~
 1084 |                          uid.vendor, uid.serial, uid.ssid,
      |                          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1085 |                          uid.real_unit_addr, uid.vduit);
      |                          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

drivers/scsi/myrb.c: In function 'rebuild_show':
drivers/scsi/myrb.c:1906:24: error: 'physical device - not rebuil...' directive output truncated writing 33 bytes into a region of size 32 [-Werror=format-truncation=]
 1906 |                 return snprintf(buf, 32, "physical device - not rebuilding\n");
      |                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/myrb.c:1906:24: note: 'snprintf' output 34 bytes into a destination of size 32
drivers/scsi/myrb.c: In function 'myrb_get_hba_config':
drivers/scsi/myrb.c:1051:29: error: '%02u' directive output may be truncated writing between 2 and 3 bytes into a region of size between 2 and 5 [-Werror=format-truncation=]
 1051 |                 "%u.%02u-%c-%02u",
      |                             ^~~~
drivers/scsi/myrb.c:1051:17: note: directive argument in the range [0, 255]
 1051 |                 "%u.%02u-%c-%02u",
      |                 ^~~~~~~~~~~~~~~~~
drivers/scsi/myrb.c:1050:9: note: 'snprintf' output between 10 and 14 bytes into a destination of size 12
 1050 |         snprintf(cb->fw_version, sizeof(cb->fw_version),
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1051 |                 "%u.%02u-%c-%02u",
      |                 ~~~~~~~~~~~~~~~~~~
 1052 |                 enquiry2->fw.major_version,
      |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1053 |                 enquiry2->fw.minor_version,
      |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1054 |                 enquiry2->fw.firmware_type,
      |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1055 |                 enquiry2->fw.turn_id);
      |                 ~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

drivers/scsi/myrs.c: In function 'rebuild_show':
drivers/scsi/myrs.c:1089:24: error: 'physical device - not rebuil...' directive output truncated writing 33 bytes into a region of size 32 [-Werror=format-truncation=]
 1089 |                 return snprintf(buf, 32, "physical device - not rebuilding\n");
      |                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/myrs.c:1089:24: note: 'snprintf' output 34 bytes into a destination of size 32
cc1: all warnings being treated as errors

drivers/video/fbdev/neofb.c: In function 'neo_alloc_fb_info':
drivers/video/fbdev/neofb.c:1968:50: error: 'snprintf' output truncated before the last format character [-Werror=format-truncation=]
 1968 |                                 "MagicGraph 128XD");
      |                                                  ^
drivers/video/fbdev/neofb.c:1967:17: note: 'snprintf' output 17 bytes into a destination of size 16
 1967 |                 snprintf(info->fix.id, sizeof(info->fix.id),
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1968 |                                 "MagicGraph 128XD");
      |                                 ~~~~~~~~~~~~~~~~~~~
drivers/video/fbdev/neofb.c:1986:50: error: 'snprintf' output truncated before the last format character [-Werror=format-truncation=]
 1986 |                                 "MagicGraph 256ZX");
      |                                                  ^
drivers/video/fbdev/neofb.c:1985:17: note: 'snprintf' output 17 bytes into a destination of size 16
 1985 |                 snprintf(info->fix.id, sizeof(info->fix.id),
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1986 |                                 "MagicGraph 256ZX");
      |                                 ~~~~~~~~~~~~~~~~~~~
drivers/video/fbdev/neofb.c:1993:50: error: 'MagicGraph 256XL+' directive output truncated writing 17 bytes into a region of size 16 [-Werror=format-truncation=]
 1993 |                                 "MagicGraph 256XL+");
      |                                  ~~~~~~~~~~~~~~~~^
drivers/video/fbdev/neofb.c:1992:17: note: 'snprintf' output 18 bytes into a destination of size 16
 1992 |                 snprintf(info->fix.id, sizeof(info->fix.id),
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1993 |                                 "MagicGraph 256XL+");
      |                                 ~~~~~~~~~~~~~~~~~~~~
drivers/video/fbdev/neofb.c:1972:50: error: 'snprintf' output truncated before the last format character [-Werror=format-truncation=]
 1972 |                                 "MagicGraph 256AV");
      |                                                  ^
drivers/video/fbdev/neofb.c:1971:17: note: 'snprintf' output 17 bytes into a destination of size 16
 1971 |                 snprintf(info->fix.id, sizeof(info->fix.id),
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1972 |                                 "MagicGraph 256AV");
      |                                 ~~~~~~~~~~~~~~~~~~~
drivers/video/fbdev/neofb.c:1979:50: error: 'MagicGraph 256AV+' directive output truncated writing 17 bytes into a region of size 16 [-Werror=format-truncation=]
 1979 |                                 "MagicGraph 256AV+");
      |                                  ~~~~~~~~~~~~~~~~^
drivers/video/fbdev/neofb.c:1978:17: note: 'snprintf' output 18 bytes into a destination of size 16
 1978 |                 snprintf(info->fix.id, sizeof(info->fix.id),
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1979 |                                 "MagicGraph 256AV+");
      |                                 ~~~~~~~~~~~~~~~~~~~~
drivers/video/fbdev/neofb.c:1960:50: error: 'snprintf' output truncated before the last format character [-Werror=format-truncation=]
 1960 |                                 "MagicGraph 128ZV");
      |                                                  ^
drivers/video/fbdev/neofb.c:1959:17: note: 'snprintf' output 17 bytes into a destination of size 16
 1959 |                 snprintf(info->fix.id, sizeof(info->fix.id),
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1960 |                                 "MagicGraph 128ZV");
      |                                 ~~~~~~~~~~~~~~~~~~~
drivers/video/fbdev/neofb.c:1964:50: error: 'MagicGraph 128ZV+' directive output truncated writing 17 bytes into a region of size 16 [-Werror=format-truncation=]
 1964 |                                 "MagicGraph 128ZV+");
      |                                  ~~~~~~~~~~~~~~~~^
drivers/video/fbdev/neofb.c:1963:17: note: 'snprintf' output 18 bytes into a destination of size 16
 1963 |                 snprintf(info->fix.id, sizeof(info->fix.id),
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1964 |                                 "MagicGraph 128ZV+");
      |                                 ~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

drivers/video/fbdev/sh_mobile_lcdcfb.c: In function 'sh_mobile_lcdc_overlay_fb_init':
drivers/video/fbdev/sh_mobile_lcdcfb.c:1579:35: error: 'SH Mobile LCDC Overlay ' directive output truncated writing 23 bytes into a region of size 16 [-Werror=format-truncation=]
 1579 |                  "SH Mobile LCDC Overlay %u", ovl->index);
      |                   ~~~~~~~~~~~~~~~~^~~~~~~
drivers/video/fbdev/sh_mobile_lcdcfb.c:1578:9: note: 'snprintf' output between 25 and 34 bytes into a destination of size 16
 1578 |         snprintf(info->fix.id, sizeof(info->fix.id),
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 1579 |                  "SH Mobile LCDC Overlay %u", ovl->index);
      |                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

It does not show any warning for

drivers/media/pci/cx18/cx18-mailbox.c
drivers/net/ethernet/mellanox/mlx5/core/esw/bridge.c
drivers/platform/surface/surface3_power.c
sound/aoa/soundbus/i2sbus/core.c

so it is possible that the clang warning needs further adjustment (it could be related to some of the kernel's special format specifiers?).

At the end of the day, these instances seem like they should be fixed but in my opinion, I think it is somewhat unfair that we have to do it because we see the warnings while GCC doesn't because it was implemented in -Wfortify-source and not -Wformat-truncation...

nickdesaulniers · 2023-08-28T21:32:44Z

so it is possible that the clang warning needs further adjustment (it could be related to some of the kernel's special format specifiers?).

FWIW, the documentation for some of these is under Documentation/core-api/printk-formats.rst.
Also FWIW, a few of these seem to be stemming from the use of NL_SET_ERR_MSG_FMT_MOD.

Let's look at one case at a time, starting with sound/aoa/soundbus/i2sbus/core.c.

if (snprintf(node_name, sizeof(node_name), "%pOFn", np) != 5)

so we have %pOFn which is a kernel specific format flag documented in Documentation/core-api/printk-formats.rst as device node name. Because that's specific to the kernel, the compiler has no idea that %pOFn is one format flag. Instead, the compiler sees %p as the format flag, followed by 3 chars OFn then the NUL-terminator. So to the unaware compiler, the destination has size 6B, and the %p flag would expand to something like 0x5572ba31b180 which is much larger than 6B. In fact this test case:

// clang -c -Wfortify-source tmp.c
char node_name [1];

void foo (void *n) {
    __builtin_snprintf(node_name, sizeof(node_name), "%p", n);
}

produces:

tmp.c:6:5: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 4 [-Wfortify-source]
    6 |     __builtin_snprintf(node_name, sizeof(node_name), "%p", n);
      |     ^
1 warning generated.

so clang thinks that %p is "at least 4" which is true but somewhat misleading (for the implied -m64 where sizeof(void*) == 8 not 4); clang could tell us "but format string expands to 8" rather than "well maybe something larger than 4, idk you figure it out, LOL." Also, I don't think the warning accounts for the trailing NUL-byte (try char node_name[5];).

So then it thinks that %pOFn is 8 + 3 == 11B, which is larger than char node_name [6].

Now I'm curious why GCC doesn't warn for this; is that intentional, or a bug? Looking through some GCC commits, it doesn't seem intentional.

Finally FWIW, commit be58f71 ("fortify: Add compile-time FORTIFY_SOURCE tests") seems to have added $(call cc-disable-warning,fortify-source) in lib/Makefile.

nickdesaulniers · 2023-08-28T21:45:06Z

Now I'm curious why GCC doesn't warn for this; is that intentional, or a bug? Looking through some GCC commits, it doesn't seem intentional.

Filed https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111219 against GCC.

nickdesaulniers · 2023-08-28T21:52:44Z

drivers/scsi/myrb.c:1906:10: warning: 'snprintf' will always be truncated; specified size is 32, but format string expands to at least 34 [-Wfortify-source]

in function rebuild_show which looks unused to me. Why does -Wno-unused-function not appear in any kbuild files... 🧐

EDIT: nevermind, is used:

1153 | static DEVICE_ATTR_RW(rebuild);

nickdesaulniers · 2023-08-28T21:59:20Z

Now I'm curious why GCC doesn't warn for this; is that intentional, or a bug? Looking through some GCC commits, it doesn't seem intentional.

Filed https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111219 against GCC.

Andrew pointed out %p omission is intentional: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78512.

clang-18 has improved its support for detecting operations that will truncate values at runtime via -Wfortify-source. Fixes the warning: drivers/scsi/myrb.c:1906:10: warning: 'snprintf' will always be truncated; specified size is 32, but format string expands to at least 34 [-Wfortify-source] In particular, the string literal "physical device - not rebuilding\n" is indeed 34B by my count. When we have a string literal that does not contain any format flags, rather than use snprintf (sometimes with a size that's too small), let's use sprintf. This is pattern is cleaned up throughout the file. Reported-by: Nathan Chancellor <[email protected]> Closes: ClangBuiltLinux#1923 Signed-off-by: Nick Desaulniers <[email protected]>

clang-18 has improved its support for detecting operations that will truncate values at runtime via -Wfortify-source. Fixes the warning: drivers/scsi/myrs.c:1089:10: warning: 'snprintf' will always be truncated; specified size is 32, but format string expands to at least 34 [-Wfortify-source] In particular, the string literal "physical device - not rebuilding\n" is indeed 34B by my count. When we have a string literal that does not contain any format flags, rather than use snprintf (sometimes with a size that's too small), let's use sprintf. This is pattern is cleaned up throughout the file. Reported-by: Nathan Chancellor <[email protected]> Closes: ClangBuiltLinux#1923 Signed-off-by: Nick Desaulniers <[email protected]>

nickdesaulniers · 2023-08-28T22:33:39Z

Not too many but for at least the drivers/video/fbdev ones, the size is in a UAPI header (include/uapi/linux/fb.h), so I am not really sure how we will go about fixing these...

commit 0e90454 ("neofb: avoid overwriting fb_info fields")
also alluded to the truncation, back in 2008 😎

Maybe a question for:

Helge Deller [email protected] (maintainer:FRAMEBUFFER LAYER)
[email protected] (open list:FRAMEBUFFER LAYER)
[email protected] (open list:FRAMEBUFFER LAYER)

nickdesaulniers · 2023-08-28T22:35:52Z

drivers/s390/block/dasd_eckd.c:1082:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 11 [-Wfortify-source]
drivers/s390/block/dasd_eckd.c:1087:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 10 [-Wfortify-source]

These 2 are very clearly bugs in the source.

nathanchance · 2023-08-28T22:41:19Z


drivers/s390/block/dasd_eckd.c:1082:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 11 [-Wfortify-source]

drivers/s390/block/dasd_eckd.c:1087:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 10 [-Wfortify-source]

These 2 are very clearly bugs in the source.

I saw a fix for these fly by earlier today: https://lore.kernel.org/[email protected]/

Haven't tested it though.

nickdesaulniers · 2023-08-28T22:56:45Z

So for the non-%p cases, we can probably fix those in the kernel sources.
llvm/llvm-project#64871 (comment) is the upstream report that we may need to match this behavior in GCC, or split off a flag from -Wfortify-source in order to disable this checking. We might want to check with @kees too about if the fortify implementation has issues with these custom format strings, too (or not).

nickdesaulniers · 2023-08-29T16:49:14Z

Not too many but for at least the drivers/video/fbdev ones, the size is in a UAPI header (include/uapi/linux/fb.h), so I am not really sure how we will go about fixing these...

commit 0e90454 ("neofb: avoid overwriting fb_info fields") also alluded to the truncation, back in 2008 😎

Maybe a question for:

Helge Deller [email protected] (maintainer:FRAMEBUFFER LAYER)
[email protected] (open list:FRAMEBUFFER LAYER)
[email protected] (open list:FRAMEBUFFER LAYER)

Reported upstream: https://lore.kernel.org/llvm/CAKwvOdn0xoVWjQ6ufM_rojtKb0f1i1hW-J_xYGfKDNFdHwaeHQ@mail.gmail.com/

hazohelet · 2023-08-29T21:14:46Z

It does not show any warning for

drivers/media/pci/cx18/cx18-mailbox.c

drivers/net/ethernet/mellanox/mlx5/core/esw/bridge.c

drivers/platform/surface/surface3_power.c

sound/aoa/soundbus/i2sbus/core.c

FYI, I submitted https://reviews.llvm.org/D159138 to address the false positive in drivers/media/pci/cx18/cx18-mailbox.c

* Helge Deller <[email protected]>: > On 8/29/23 18:45, Nick Desaulniers wrote: > > A recent change in clang made it better about spotting snprintf that > > will result in truncation. Nathan reported the following instances: > > > > drivers/video/fbdev/neofb.c:1959:3: warning: 'snprintf' will always be > > truncated; specified size is 16, but format string expands to at least > > 17 [-Wfortify-source] FYI, I've added the patch below to the fbdev for-next git tree. Helge From: Helge Deller <[email protected]> Subject: [PATCH] fbdev: neofb: Shorten Neomagic product name in info struct Avoid those compiler warnings: neofb.c:1959:3: warning: 'snprintf' will always be truncated; specified size is 16, but format string expands to at least 17 [-Wfortify-source] Signed-off-by: Helge Deller <[email protected]> Reported-by: Nathan Chancellor <[email protected]> Reported-by: Nick Desaulniers <[email protected]> Link: https://lore.kernel.org/all/CAKwvOdn0xoVWjQ6ufM_rojtKb0f1i1hW-J_xYGfKDNFdHwaeHQ@mail.gmail.com/ Link: ClangBuiltLinux#1923

nickdesaulniers · 2023-08-31T21:51:04Z

Not too many but for at least the drivers/video/fbdev ones, the size is in a UAPI header (include/uapi/linux/fb.h), so I am not really sure how we will go about fixing these...

commit 0e90454 ("neofb: avoid overwriting fb_info fields") also alluded to the truncation, back in 2008 😎
Maybe a question for:

Helge Deller [email protected] (maintainer:FRAMEBUFFER LAYER)
[email protected] (open list:FRAMEBUFFER LAYER)
[email protected] (open list:FRAMEBUFFER LAYER)

Reported upstream: https://lore.kernel.org/llvm/CAKwvOdn0xoVWjQ6ufM_rojtKb0f1i1hW-J_xYGfKDNFdHwaeHQ@mail.gmail.com/

Helge is working on a patch in:
https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit/?h=for-next&id=d98e0096dc040c6ea60dc842439be7372ee0b15b

Though I had some feedback:
https://lore.kernel.org/llvm/CAKwvOdkXmEe46cG9Hn837215ghWA7UNKtg7ZQM8CpQcEQnoWfg@mail.gmail.com/

nickdesaulniers · 2023-08-31T21:53:27Z

Until we have a way of disabling %p related issues (or clang ignores them like gcc), I think we should disable -Wfortify-source when using clang-18+ (or hide it behind W=2).

* Nick Desaulniers <[email protected]>: > On Thu, Aug 31, 2023 at 2:23 PM Helge Deller <[email protected]> wrote: > > > > * Helge Deller <[email protected]>: > > > On 8/29/23 18:45, Nick Desaulniers wrote: > > > > A recent change in clang made it better about spotting snprintf that > > > > will result in truncation. Nathan reported the following instances: > > > > > > > > drivers/video/fbdev/neofb.c:1959:3: warning: 'snprintf' will always be > > > > truncated; specified size is 16, but format string expands to at least > > > > 17 [-Wfortify-source] > > > > FYI, I've added the patch below to the fbdev for-next git tree. > > [...] > > This indeed makes the warning go away, but that's more so due to the > use of strscpy now rather than snprintf. That alone is a good change > but we still have definite truncation. See below: > [...] Nick, thanks for your review and findings! Now every string should be max. 15 chars (which fits with the trailing NUL into the char[16] array). Helge Subject: [PATCH] fbdev: neofb: Shorten Neomagic product name in info struct Avoid those compiler warnings: neofb.c:1959:3: warning: 'snprintf' will always be truncated; specified size is 16, but format string expands to at least 17 [-Wfortify-source] Signed-off-by: Helge Deller <[email protected]> Reported-by: Nathan Chancellor <[email protected]> Reported-by: Nick Desaulniers <[email protected]> Link: https://lore.kernel.org/all/CAKwvOdn0xoVWjQ6ufM_rojtKb0f1i1hW-J_xYGfKDNFdHwaeHQ@mail.gmail.com/ Link: ClangBuiltLinux#1923

Avoid those compiler warnings: neofb.c:1959:3: warning: 'snprintf' will always be truncated; specified size is 16, but format string expands to at least 17 [-Wfortify-source] Signed-off-by: Helge Deller <[email protected]> Reported-by: Nathan Chancellor <[email protected]> Reported-by: Nick Desaulniers <[email protected]> Reviewed-by: Nick Desaulniers <[email protected]> Link: https://lore.kernel.org/all/CAKwvOdn0xoVWjQ6ufM_rojtKb0f1i1hW-J_xYGfKDNFdHwaeHQ@mail.gmail.com/ Link: ClangBuiltLinux#1923

commit f7cf224 upstream. Building dasd_eckd.o with latest clang reveals this bug: CC drivers/s390/block/dasd_eckd.o drivers/s390/block/dasd_eckd.c:1082:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 11 [-Wfortify-source] 1082 | snprintf(print_uid, sizeof(*print_uid), | ^ drivers/s390/block/dasd_eckd.c:1087:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 10 [-Wfortify-source] 1087 | snprintf(print_uid, sizeof(*print_uid), | ^ Fix this by moving and using the existing UID_STRLEN for the arrays that are being written to. Also rename UID_STRLEN to DASD_UID_STRLEN to clarify its scope. Fixes: 2359696 ("s390/dasd: split up dasd_eckd_read_conf") Reviewed-by: Peter Oberparleiter <[email protected]> Signed-off-by: Heiko Carstens <[email protected]> Tested-by: Nick Desaulniers <[email protected]> # build Reported-by: Nathan Chancellor <[email protected]> Closes: ClangBuiltLinux#1923 Reviewed-by: Nick Desaulniers <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jens Axboe <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>

… alternative form The wrong handling of %x specifier with alternative form causes a false positive in linux kernel (ClangBuiltLinux/linux#1923 (comment)) The kernel code: https://github.com/torvalds/linux/blob/651a00bc56403161351090a9d7ddbd7095975324/drivers/media/pci/cx18/cx18-mailbox.c#L99 This patch fixes this handling, and also adds some standard wordings as comments to clarify the reason. Reviewed By: nickdesaulniers Differential Revision: https://reviews.llvm.org/D159138

nickdesaulniers · 2023-09-12T16:12:21Z

@hazohelet has fixed the false-positive related to %#o, %#x, and %#X (drivers/media/pci/cx18/cx18-mailbox.c) and has a patch related to %n in llvm/llvm-project#65969. Richard asked that this be split out into it's own flag so we can disable it (-Wno-fortify-source-percent-p or -Wno-fortify-source-gcc-compat or some such).

nathanchance · 2023-09-13T20:39:22Z

If we don't have any instances of -Wformat-overflow, perhaps then we don't yet need to disable format-overflow-non-kprintf? (referring to your kernel diff above)

Maybe not but won't instances of -Wformat-overflow-non-kprintf be potential false positives for the same reason?

nickdesaulniers · 2023-09-13T20:44:47Z

Yes though -Wformat-overflow is pretty rare.

nathanchance · 2023-09-13T21:40:58Z

I'll send whatever diff you are willing to sign off on :) we can either turn off both now or we can turn off truncation now and overflow when it matters, I don't personally have much of a preference.

I'll wait to send the change until the LLVM PR lands and we are pretty confident it won't get reverted, just to make sure we don't have dead code in the kernel.

commit f7cf224 upstream. Building dasd_eckd.o with latest clang reveals this bug: CC drivers/s390/block/dasd_eckd.o drivers/s390/block/dasd_eckd.c:1082:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 11 [-Wfortify-source] 1082 | snprintf(print_uid, sizeof(*print_uid), | ^ drivers/s390/block/dasd_eckd.c:1087:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 10 [-Wfortify-source] 1087 | snprintf(print_uid, sizeof(*print_uid), | ^ Fix this by moving and using the existing UID_STRLEN for the arrays that are being written to. Also rename UID_STRLEN to DASD_UID_STRLEN to clarify its scope. Fixes: 2359696 ("s390/dasd: split up dasd_eckd_read_conf") Reviewed-by: Peter Oberparleiter <[email protected]> Signed-off-by: Heiko Carstens <[email protected]> Tested-by: Nick Desaulniers <[email protected]> # build Reported-by: Nathan Chancellor <[email protected]> Closes: ClangBuiltLinux/linux#1923 Reviewed-by: Nick Desaulniers <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jens Axboe <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>

… alternative form The wrong handling of %x specifier with alternative form causes a false positive in linux kernel (ClangBuiltLinux/linux#1923 (comment)) The kernel code: https://github.com/torvalds/linux/blob/651a00bc56403161351090a9d7ddbd7095975324/drivers/media/pci/cx18/cx18-mailbox.c#L99 This patch fixes this handling, and also adds some standard wordings as comments to clarify the reason. Reviewed By: nickdesaulniers Differential Revision: https://reviews.llvm.org/D159138

nickdesaulniers · 2023-09-25T20:56:50Z

I suspect clang-18 is now fixed (but haven't yet confirmed the logs)

commit f7cf22424665043787a96a66a048ff6b2cfd473c upstream. Building dasd_eckd.o with latest clang reveals this bug: CC drivers/s390/block/dasd_eckd.o drivers/s390/block/dasd_eckd.c:1082:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 11 [-Wfortify-source] 1082 | snprintf(print_uid, sizeof(*print_uid), | ^ drivers/s390/block/dasd_eckd.c:1087:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 10 [-Wfortify-source] 1087 | snprintf(print_uid, sizeof(*print_uid), | ^ Fix this by moving and using the existing UID_STRLEN for the arrays that are being written to. Also rename UID_STRLEN to DASD_UID_STRLEN to clarify its scope. Fixes: 23596961b437 ("s390/dasd: split up dasd_eckd_read_conf") Reviewed-by: Peter Oberparleiter <[email protected]> Signed-off-by: Heiko Carstens <[email protected]> Tested-by: Nick Desaulniers <[email protected]> # build Reported-by: Nathan Chancellor <[email protected]> Closes: ClangBuiltLinux/linux#1923 Reviewed-by: Nick Desaulniers <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jens Axboe <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>

nickdesaulniers · 2023-09-29T16:24:08Z

Even with llvm/llvm-project@56c3b8e, we still have numerous instances of -Wfortify-source due to actual kernel bugs in drivers that need structural reworking, so we will likely need #1923 (comment) (untested).

@nathanchance next week can you test + send #1923 (comment) ?

nathanchance · 2023-09-29T18:24:52Z

Yes, I'll add it to my TODO but if we are still seeing warnings even with that LLVM change merged, something has gone wrong with that change. We shouldn't be seeing these instances due to -Wno-format-truncation.

nathanchance · 2023-10-02T19:32:55Z

It looks like CI has picked up llvm/llvm-project@56c3b8e, as mainline clang-18 is now green: https://github.com/ClangBuiltLinux/continuous-integration2/actions/runs/6380048759

Recently, clang added support for -Wformat-overflow and -Wformat-truncation. When building the kernel, it was discovered that clang's implementation of these warnings handles the '%p' specifier, which differs from GCC's implementation. This results in false positive warnings due to the kernel's various '%p' extensions. Fortunately, the clang developers placed this warning difference into a separate flag, allowing the kernel to turn off the warning for '%p' unconditionally. This is not currently an issue for a normal build, as -Wformat-overflow and -Wformat-truncation are unconditionally disabled, which includes this sub-warning. However, ever since commit 6d4ab2e ("extrawarn: enable format and stringop overflow warnings in W=1"), these warnings are in W=1 and the goal is to enable them in the normal build once they are all eliminated. Disable the warnings for W=1 to avoid false positives. This block should move with -Wformat-overflow and -Wformat-truncation when they are enabled for a normal build. Link: ClangBuiltLinux#1923 Link: llvm/llvm-project#64871 Link: llvm/llvm-project#65969 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111219 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78512 Signed-off-by: Nathan Chancellor <[email protected]>

nathanchance · 2023-10-02T20:11:32Z

Diff properly submitted: https://lore.kernel.org/20231002-disable-wformat-truncation-overflow-non-kprintf-v1-1-35179205c8d9@kernel.org/

BugLink: https://bugs.launchpad.net/bugs/2035588 commit f7cf224 upstream. Building dasd_eckd.o with latest clang reveals this bug: CC drivers/s390/block/dasd_eckd.o drivers/s390/block/dasd_eckd.c:1082:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 11 [-Wfortify-source] 1082 | snprintf(print_uid, sizeof(*print_uid), | ^ drivers/s390/block/dasd_eckd.c:1087:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 10 [-Wfortify-source] 1087 | snprintf(print_uid, sizeof(*print_uid), | ^ Fix this by moving and using the existing UID_STRLEN for the arrays that are being written to. Also rename UID_STRLEN to DASD_UID_STRLEN to clarify its scope. Fixes: 2359696 ("s390/dasd: split up dasd_eckd_read_conf") Reviewed-by: Peter Oberparleiter <[email protected]> Signed-off-by: Heiko Carstens <[email protected]> Tested-by: Nick Desaulniers <[email protected]> # build Reported-by: Nathan Chancellor <[email protected]> Closes: ClangBuiltLinux#1923 Reviewed-by: Nick Desaulniers <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jens Axboe <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Andrea Righi <[email protected]>

BugLink: https://bugs.launchpad.net/bugs/2042884 commit f7cf22424665043787a96a66a048ff6b2cfd473c upstream. Building dasd_eckd.o with latest clang reveals this bug: CC drivers/s390/block/dasd_eckd.o drivers/s390/block/dasd_eckd.c:1082:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 11 [-Wfortify-source] 1082 | snprintf(print_uid, sizeof(*print_uid), | ^ drivers/s390/block/dasd_eckd.c:1087:3: warning: 'snprintf' will always be truncated; specified size is 1, but format string expands to at least 10 [-Wfortify-source] 1087 | snprintf(print_uid, sizeof(*print_uid), | ^ Fix this by moving and using the existing UID_STRLEN for the arrays that are being written to. Also rename UID_STRLEN to DASD_UID_STRLEN to clarify its scope. Fixes: 2359696 ("s390/dasd: split up dasd_eckd_read_conf") Reviewed-by: Peter Oberparleiter <[email protected]> Signed-off-by: Heiko Carstens <[email protected]> Tested-by: Nick Desaulniers <[email protected]> # build Reported-by: Nathan Chancellor <[email protected]> Closes: ClangBuiltLinux/linux#1923 Reviewed-by: Nick Desaulniers <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jens Axboe <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Kamal Mostafa <[email protected]> Signed-off-by: Stefan Bader <[email protected]>

nathanchance · 2024-12-12T21:27:11Z

This should be all squared away as of commit 908dd508276d ("kbuild: enable -Wformat-truncation on clang") in 6.10.

nathanchance added [BUG] Untriaged Something isn't working -Wfortify-source labels Aug 28, 2023

nickdesaulniers mentioned this issue Aug 28, 2023

Implement -Wformat-overflow and -Wformat-truncation llvm/llvm-project#64871

Open

nathanchance mentioned this issue Aug 28, 2023

Add support for LoongArch ClangBuiltLinux/continuous-integration2#622

Merged

samitolvanen closed this as completed in samitolvanen/linux@f7cf224 Sep 11, 2023

nickdesaulniers reopened this Sep 11, 2023

kdrag0n closed this as completed Sep 14, 2023

nathanchance reopened this Sep 14, 2023

nathanchance added [BUG] llvm (main) A bug in an unreleased version of LLVM (this label is appropriate for regressions) and removed [BUG] Untriaged Something isn't working labels Sep 15, 2023

nickdesaulniers added the [PATCH] Accepted A submitted patch has been accepted upstream label Sep 22, 2023

nickdesaulniers added [PATCH] Exists There is a patch that fixes this issue and removed [PATCH] Accepted A submitted patch has been accepted upstream labels Sep 29, 2023

nickdesaulniers assigned nathanchance Sep 29, 2023

nathanchance added [PATCH] Submitted A patch has been submitted for review [FIXED][LLVM] main This bug was only present and fixed in an unreleased version of LLVM and removed [PATCH] Exists There is a patch that fixes this issue labels Oct 3, 2023

nathanchance closed this as completed Dec 12, 2024

nathanchance added [FIXED][LINUX] 6.10 This bug was fixed in Linux 6.10 and removed [PATCH] Submitted A patch has been submitted for review labels Dec 12, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Several new instances of -Wfortify-source after LLVM commit 0c9c9dd9a24f9 #1923

Several new instances of -Wfortify-source after LLVM commit 0c9c9dd9a24f9 #1923

nathanchance commented Aug 28, 2023

nathanchance commented Aug 28, 2023

nickdesaulniers commented Aug 28, 2023

nickdesaulniers commented Aug 28, 2023

nickdesaulniers commented Aug 28, 2023 •

edited

Loading

nickdesaulniers commented Aug 28, 2023

nickdesaulniers commented Aug 28, 2023

nickdesaulniers commented Aug 28, 2023

nathanchance commented Aug 28, 2023

nickdesaulniers commented Aug 28, 2023

nickdesaulniers commented Aug 29, 2023

hazohelet commented Aug 29, 2023

nickdesaulniers commented Aug 31, 2023

nickdesaulniers commented Aug 31, 2023

nickdesaulniers commented Sep 12, 2023

nathanchance commented Sep 13, 2023

nickdesaulniers commented Sep 13, 2023

nathanchance commented Sep 13, 2023

nickdesaulniers commented Sep 25, 2023

nickdesaulniers commented Sep 29, 2023 •

edited

Loading

nathanchance commented Sep 29, 2023

nathanchance commented Oct 2, 2023

nathanchance commented Oct 2, 2023

nathanchance commented Dec 12, 2024

Several new instances of -Wfortify-source after LLVM commit 0c9c9dd9a24f9 #1923

Several new instances of -Wfortify-source after LLVM commit 0c9c9dd9a24f9 #1923

Comments

nathanchance commented Aug 28, 2023

nathanchance commented Aug 28, 2023

nickdesaulniers commented Aug 28, 2023

nickdesaulniers commented Aug 28, 2023

nickdesaulniers commented Aug 28, 2023 • edited Loading

nickdesaulniers commented Aug 28, 2023

nickdesaulniers commented Aug 28, 2023

nickdesaulniers commented Aug 28, 2023

nathanchance commented Aug 28, 2023

nickdesaulniers commented Aug 28, 2023

nickdesaulniers commented Aug 29, 2023

hazohelet commented Aug 29, 2023

nickdesaulniers commented Aug 31, 2023

nickdesaulniers commented Aug 31, 2023

nickdesaulniers commented Sep 12, 2023

nathanchance commented Sep 13, 2023

nickdesaulniers commented Sep 13, 2023

nathanchance commented Sep 13, 2023

nickdesaulniers commented Sep 25, 2023

nickdesaulniers commented Sep 29, 2023 • edited Loading

nathanchance commented Sep 29, 2023

nathanchance commented Oct 2, 2023

nathanchance commented Oct 2, 2023

nathanchance commented Dec 12, 2024

nickdesaulniers commented Aug 28, 2023 •

edited

Loading

nickdesaulniers commented Sep 29, 2023 •

edited

Loading