With CONFIG_FORTIFY=y and CONFIG_UBSAN_LOCAL_BOUNDS=y enabled, we observe a runtime panic while running Android's Compatibility Test Suite's (CTS) android.hardware.input.cts.tests. This is stemming from a strlen() call in hidinput_allocate(). __builtin_object_size(str, 0 or 1) has interesting behavior for C strings when str is runtime dependent, and all possible values are known at compile time; it evaluates to the maximum of those sizes. This causes UBSAN_LOCAL_BOUNDS to insert faults for the smaller values, which we trip at runtime. Patch 1 adds a KCONFIG version check for __builtin_dynamic_object_size, and uses that in __compiletime_strlen rather than __builtin_object_size. Patch 2 and 3 are cosmetic cleanups, they're not as important to me as patch 1 is. Nick Desaulniers (3): fortify: use __builtin_dynamic_object_size in __compiletime_strlen fortify: cosmetic cleanups to __compiletime_strlen HID: avoid runtime call to strlen drivers/hid/hid-input.c | 13 ++++++++++++- include/linux/fortify-string.h | 15 ++++++++++----- init/Kconfig | 3 +++ 3 files changed, 25 insertions(+), 6 deletions(-) -- 2.37.2.672.g94769d06f0-goog
