From 5146f56deeab2d44c41007f20137345809dcf6d7 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Fri, 25 Apr 2025 23:10:16 -0700 Subject: [PATCH 1/5] comedi: Adjust range_table_list allocation type In preparation for making the kmalloc family of allocators type aware, we need to make sure that the returned type from the allocation matches the type of the variable being assigned. (Before, the allocator would always return "void *", which can be implicitly cast to any pointer type.) The returned type is "struct comedi_lrange **", but the assigned type, while technically matching, is const qualified. Since there is no general way to remove const qualifiers, switch the returned type to match the assign type. No change in allocation size results. Link: https://patch.msgid.link/20250426061015.work.971-kees@kernel.org Signed-off-by: Kees Cook --- drivers/comedi/drivers/ni_670x.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/comedi/drivers/ni_670x.c b/drivers/comedi/drivers/ni_670x.c index c875d251c230..563a9c790f12 100644 --- a/drivers/comedi/drivers/ni_670x.c +++ b/drivers/comedi/drivers/ni_670x.c @@ -199,7 +199,7 @@ static int ni_670x_auto_attach(struct comedi_device *dev, const struct comedi_lrange **range_table_list; range_table_list = kmalloc_array(32, - sizeof(struct comedi_lrange *), + sizeof(*range_table_list), GFP_KERNEL); if (!range_table_list) return -ENOMEM; From 961c989c5fbbd9146d5cb134d3f663c20708b2be Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Fri, 25 Apr 2025 23:13:26 -0700 Subject: [PATCH 2/5] drm/plane: Remove const qualifier from plane->modifiers allocation type In preparation for making the kmalloc family of allocators type aware, we need to make sure that the returned type from the allocation matches the type of the variable being assigned. (Before, the allocator would always return "void *", which can be implicitly cast to any pointer type.) The assigned type is "uint64_t *", but the returned type, while matching, will be const qualified. As there is no general way to remove const qualifiers, adjust the allocation type to match the assignment. Link: https://patch.msgid.link/20250426061325.work.665-kees@kernel.org Signed-off-by: Kees Cook --- drivers/gpu/drm/drm_plane.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c index 38f82391bfda..f54ad04c9cd4 100644 --- a/drivers/gpu/drm/drm_plane.c +++ b/drivers/gpu/drm/drm_plane.c @@ -425,7 +425,7 @@ static int __drm_universal_plane_init(struct drm_device *dev, plane->modifier_count = format_modifier_count; plane->modifiers = kmalloc_array(format_modifier_count, - sizeof(format_modifiers[0]), + sizeof(*plane->modifiers), GFP_KERNEL); if (format_modifier_count && !plane->modifiers) { From fbcc2150aa40655451c28b1a8d750f8468f3b092 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Fri, 25 Apr 2025 23:15:27 -0700 Subject: [PATCH 3/5] media: iris: Cast iris_hfi_gen2_get_instance() allocation type In preparation for making the kmalloc family of allocators type aware, we need to make sure that the returned type from the allocation matches the type of the variable being assigned. (Before, the allocator would always return "void *", which can be implicitly cast to any pointer type.) The assigned type is "struct iris_inst *", but the returned type is "struct iris_inst_hfi_gen2 *". The allocation is intentionally larger as the first member of struct iris_inst_hfi_gen2 is struct iris_inst, so this is by design. Cast the allocation type to match the assignment. Link: https://patch.msgid.link/20250426061526.work.106-kees@kernel.org Signed-off-by: Kees Cook --- drivers/media/platform/qcom/iris/iris_hfi_gen2_command.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/platform/qcom/iris/iris_hfi_gen2_command.c b/drivers/media/platform/qcom/iris/iris_hfi_gen2_command.c index 4ce71a142508..a93da457544a 100644 --- a/drivers/media/platform/qcom/iris/iris_hfi_gen2_command.c +++ b/drivers/media/platform/qcom/iris/iris_hfi_gen2_command.c @@ -1195,5 +1195,5 @@ void iris_hfi_gen2_command_ops_init(struct iris_core *core) struct iris_inst *iris_hfi_gen2_get_instance(void) { - return kzalloc(sizeof(struct iris_inst_hfi_gen2), GFP_KERNEL); + return (struct iris_inst *)kzalloc(sizeof(struct iris_inst_hfi_gen2), GFP_KERNEL); } From 645b9ad2dc6b2d6d31e2944bd7f680f3f9d827ea Mon Sep 17 00:00:00 2001 From: Kriish Sharma Date: Tue, 18 Nov 2025 18:48:28 +0000 Subject: [PATCH 4/5] string: Add missing kernel-doc return descriptions While running kernel-doc validation on linux-next, warnings were emitted for functions in include/linux/string.h due to missing return value documentation: Warning: include/linux/string.h:375 No description found for return value of 'kbasename' Warning: include/linux/string.h:560 No description found for return value of 'strstarts' This patch adds the missing return value descriptions for both functions and clears the related kernel-doc warnings. Signed-off-by: Kriish Sharma Reviewed-by: Andy Shevchenko Link: https://patch.msgid.link/20251118184828.2621595-1-kriish.sharma2006@gmail.com Signed-off-by: Kees Cook --- include/linux/string.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/linux/string.h b/include/linux/string.h index fdd3442c6bcb..434b152df66a 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -371,6 +371,10 @@ static inline void memzero_explicit(void *s, size_t count) * kbasename - return the last part of a pathname. * * @path: path to extract the filename from. + * + * Returns: + * Pointer to the filename portion inside @path. If no '/' exists, + * returns @path unchanged. */ static inline const char *kbasename(const char *path) { @@ -556,6 +560,9 @@ static __always_inline size_t str_has_prefix(const char *str, const char *prefix * strstarts - does @str start with @prefix? * @str: string to examine * @prefix: prefix to look for. + * + * Returns: + * True if @str begins with @prefix. False in all other cases. */ static inline bool strstarts(const char *str, const char *prefix) { From 7454048db27d685a155aaf4ea03bb9ad0d086bb9 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Fri, 21 Nov 2025 10:43:48 -0800 Subject: [PATCH 5/5] kbuild: Enable GCC diagnostic context for value-tracking warnings Enable GCC 16's coming "-fdiagnostics-show-context=N" option[1] to provide enhanced diagnostic information for value-tracking warnings, which displays the control flow chain leading to the diagnostic. This covers our existing use of -Wrestrict and -Wstringop-overread, and gets us closer to enabling -Warray-bounds, -Wstringop-overflow, and -Wstringop-truncation, so we can track the rationale for the warning, letting us more quickly identify actual issues vs what have looked in the past like false positives. Fixes based on this work have already been landing, e.g.: 4a6f18f28627 ("net/mlx4_core: Avoid impossible mlx4_db_alloc() order value") 8a39f1c870e9 ("ovl: Check for NULL d_inode() in ovl_dentry_upper()") e5f7e4e0a445 ("drm/amdgpu/atom: Work around vbios NULL offset false positive") The context depth ("=N") provides the immediate decision path that led to the problematic code location, showing conditional checks and branch decisions that caused the warning. This will help us understand why GCC's value-tracking analysis triggered the warning and makes it easier to determine whether warnings are legitimate issues or false positives. For example, an array bounds warning will now show the conditional statements (like "if (i >= 4)") that established the out-of-bounds access range, directly connecting the control flow to the warning location. This is particularly valuable when GCC's interprocedural analysis can generate warnings that are difficult to understand without seeing the inferred control flow. While my testing has shown that "=1" reports enough for finding the origin of most bounds issues, I have used "=2" here just to be conservative. Build time measurements with this option off, =1, and =2 are all with noise of each other, so there seems to be no harm in "turning it up". If we need to, we can make this value configurable in the future. Link: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=6faa3cfe60ff9769d1bebfffdd2c7325217d7389 [1] Reviewed-by: Miguel Ojeda Reviewed-by: Nathan Chancellor Link: https://patch.msgid.link/20251121184342.it.626-kees@kernel.org Signed-off-by: Kees Cook --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index d14824792227..d97452441cd0 100644 --- a/Makefile +++ b/Makefile @@ -940,6 +940,9 @@ KBUILD_CFLAGS += $(call cc-option,-fzero-init-padding-bits=all) # for the randomize_kstack_offset feature. Disable it for all compilers. KBUILD_CFLAGS += $(call cc-option, -fno-stack-clash-protection) +# Get details on warnings generated due to GCC value tracking. +KBUILD_CFLAGS += $(call cc-option, -fdiagnostics-show-context=2) + # Clear used registers at func exit (to reduce data lifetime and ROP gadgets). ifdef CONFIG_ZERO_CALL_USED_REGS KBUILD_CFLAGS += -fzero-call-used-regs=used-gpr