1. 08 Nov, 2018 1 commit
  2. 30 Sep, 2018 2 commits
    • Miguel Ojeda's avatar
      Compiler Attributes: add support for __nonstring (gcc >= 8) · 92676236
      Miguel Ojeda authored
      From the GCC manual:
      
        nonstring
      
          The nonstring variable attribute specifies that an object or member
          declaration with type array of char, signed char, or unsigned char,
          or pointer to such a type is intended to store character arrays that
          do not necessarily contain a terminating NUL. This is useful in detecting
          uses of such arrays or pointers with functions that expect NUL-terminated
          strings, and to avoid warnings when such an array or pointer is used as
          an argument to a bounded string manipulation function such as strncpy.
      
        https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html
      
      This attribute can be used for documentation purposes (i.e. replacing
      comments), but it is most helpful when the following warnings are enabled:
      
        -Wstringop-overflow
      
          Warn for calls to string manipulation functions such as memcpy and
          strcpy that are determined to overflow the destination buffer.
      
          [...]
      
        -Wstringop-truncation
      
          Warn for calls to bounded string manipulation functions such as
          strncat, strncpy, and stpncpy that may either truncate the copied
          string or leave the destination unchanged.
      
          [...]
      
          In situations where a character array is intended to store a sequence
          of bytes with no terminating NUL such an array may be annotated with
          attribute nonstring to avoid this warning. Such arrays, however,
          are not suitable arguments to functions that expect NUL-terminated
          strings. To help detect accidental misuses of such arrays GCC issues
          warnings unless it can prove that the use is safe.
      
        https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
      
      Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # on top of v4.19-rc5, clang 7
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Reviewed-by: Luc Van Oostenryck's avatarLuc Van Oostenryck <luc.vanoostenryck@gmail.com>
      Signed-off-by: Miguel Ojeda's avatarMiguel Ojeda <miguel.ojeda.sandonis@gmail.com>
      92676236
    • Miguel Ojeda's avatar
      Compiler Attributes: use feature checks instead of version checks · a3f8a30f
      Miguel Ojeda authored
      Instead of using version checks per-compiler to define (or not)
      each attribute, use __has_attribute to test for them, following
      the cleanup started with commit 815f0ddb
      ("include/linux/compiler*.h: make compiler-*.h mutually exclusive"),
      which is supported on gcc >= 5, clang >= 2.9 and icc >= 17.
      In the meantime, to support 4.6 <= gcc < 5, we implement
      __has_attribute by hand.
      
      All the attributes that can be unconditionally defined and directly
      map to compiler attribute(s) (even if optional) have been moved
      to a new file include/linux/compiler_attributes.h
      
      In an effort to make the file as regular as possible, comments
      stating the purpose of attributes have been removed. Instead,
      links to the compiler docs have been added (i.e. to gcc and,
      if available, to clang as well). In addition, they have been sorted.
      
      Finally, if an attribute is optional (i.e. if it is guarded
      by __has_attribute), the reason has been stated for future reference.
      
      Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # on top of v4.19-rc5, clang 7
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Reviewed-by: Luc Van Oostenryck's avatarLuc Van Oostenryck <luc.vanoostenryck@gmail.com>
      Signed-off-by: Miguel Ojeda's avatarMiguel Ojeda <miguel.ojeda.sandonis@gmail.com>
      a3f8a30f