Re: [PATCH 6/9] fortify: Split reporting and avoid passing string pointer

[Andy Shevchenko]

On Thu, Apr 6, 2023 at 3:02 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> In preparation for KUnit testing and further improvements in fortify
> failure reporting, split out the report and encode the function and
> access failure (read or write overflow) into a single int argument. This
> mainly ends up saving some space in the data segment. For a defconfig
> with FORTIFY_SOURCE enabled:
>
> $ size gcc/vmlinux.before gcc/vmlinux.after
>    text           data     bss     dec              hex filename
> 26132309        9760658 2195460 38088427        2452eeb gcc/vmlinux.before
> 26132386        9748382 2195460 38076228        244ff44 gcc/vmlinux.after

...

> +       const char *name;
> +       const bool write = !!(reason & 0x1);

Perhaps define that as

FORTIFY_READ_WRITE  BIT(0)
FORTIFY_FUNC_SHIFT  1

const bool write = reason & FORTIFY_READ_WRITE; // and note no need for !! part

switch (reason >> FORTIFY_FUNC_SHIFT) {

> +       switch (reason >> 1) {
> +       case FORTIFY_FUNC_strncpy:
> +               name = "strncpy";
> +               break;
> +       case FORTIFY_FUNC_strnlen:
> +               name = "strnlen";
> +               break;
> +       case FORTIFY_FUNC_strlen:
> +               name = "strlen";
> +               break;
> +       case FORTIFY_FUNC_strlcpy:
> +               name = "strlcpy";
> +               break;
> +       case FORTIFY_FUNC_strscpy:
> +               name = "strscpy";
> +               break;
> +       case FORTIFY_FUNC_strlcat:
> +               name = "strlcat";
> +               break;
> +       case FORTIFY_FUNC_strcat:
> +               name = "strcat";
> +               break;
> +       case FORTIFY_FUNC_strncat:
> +               name = "strncat";
> +               break;
> +       case FORTIFY_FUNC_memset:
> +               name = "memset";
> +               break;
> +       case FORTIFY_FUNC_memcpy:
> +               name = "memcpy";
> +               break;
> +       case FORTIFY_FUNC_memmove:
> +               name = "memmove";
> +               break;
> +       case FORTIFY_FUNC_memscan:
> +               name = "memscan";
> +               break;
> +       case FORTIFY_FUNC_memcmp:
> +               name = "memcmp";
> +               break;
> +       case FORTIFY_FUNC_memchr:
> +               name = "memchr";
> +               break;
> +       case FORTIFY_FUNC_memchr_inv:
> +               name = "memchr_inv";
> +               break;
> +       case FORTIFY_FUNC_kmemdup:
> +               name = "kmemdup";
> +               break;
> +       case FORTIFY_FUNC_strcpy:
> +               name = "strcpy";
> +               break;
> +       default:
> +               name = "unknown";
> +       }

...

> +       WARN(1, "%s: detected buffer %s overflow\n", name, write ? "write" : "read");

Using str_read_write() ?

Dunno if it's already there or needs to be added. I have some patches
to move those str_*() to string_choices.h. We can also prepend yours
with those.

-- 
With Best Regards,
Andy Shevchenko