We were wasting a byte due to an off-by-one bug. s[c]nprintf()
doesn't write more than $2 bytes including the null byte, so trying to
pass 'size-1' there is wasting one byte.
Acked-by: Marco Elver <elver@google.com>
Cc: Kees Cook <kees@kernel.org>
Cc: Christopher Bazley <chris.bazley.wg14@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Jann Horn <jannh@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Marco Elver <elver@google.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Message-ID: <515445ae064d4b8599899bf0d8b480dadd2ff843.1752182685.git.alx@kernel.org>
---
mm/kfence/kfence_test.c | 4 ++--
mm/kmsan/kmsan_test.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/mm/kfence/kfence_test.c b/mm/kfence/kfence_test.c
index 00034e37bc9f..1ad81e6b27ea 100644
--- a/mm/kfence/kfence_test.c
+++ b/mm/kfence/kfence_test.c
@@ -110,7 +110,7 @@ static bool report_matches(const struct expect_report *r)
/* Title */
cur = expect[0];
- end = &expect[0][sizeof(expect[0]) - 1];
+ end = ENDOF(expect[0]);
switch (r->type) {
case KFENCE_ERROR_OOB:
cur += scnprintf(cur, end - cur, "BUG: KFENCE: out-of-bounds %s",
@@ -140,7 +140,7 @@ static bool report_matches(const struct expect_report *r)
/* Access information */
cur = expect[1];
- end = &expect[1][sizeof(expect[1]) - 1];
+ end = ENDOF(expect[1]);
switch (r->type) {
case KFENCE_ERROR_OOB:
diff --git a/mm/kmsan/kmsan_test.c b/mm/kmsan/kmsan_test.c
index c6c5b2bbede0..758405d8b7a7 100644
--- a/mm/kmsan/kmsan_test.c
+++ b/mm/kmsan/kmsan_test.c
@@ -105,7 +105,7 @@ static bool report_matches(const struct expect_report *r)
/* Title */
cur = expected_header;
- end = &expected_header[sizeof(expected_header) - 1];
+ end = ENDOF(expected_header);
cur += scnprintf(cur, end - cur, "BUG: KMSAN: %s", r->error_type);
--
2.51.0Hi Alejandro,
kernel test robot noticed the following build warnings:
[auto build test WARNING on akpm-mm/mm-everything]
[also build test WARNING on kees/for-next/pstore kees/for-next/kspp linus/master linux/master v6.18-rc5 next-20251111]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Alejandro-Colomar/array_size-h-Add-ARRAY_END/20251110-075203
base: https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/r/87445e701574058b142e036c3b8a0f505086ab64.1758806023.git.alx%40kernel.org
patch subject: [PATCH v1 2/3] mm: Fix benign off-by-one bugs
config: arm64-randconfig-002-20251111 (https://download.01.org/0day-ci/archive/20251111/202511111838.DEnuGlic-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 11.5.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251111/202511111838.DEnuGlic-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511111838.DEnuGlic-lkp@intel.com/
All warnings (new ones prefixed by >>):
mm/kfence/kfence_test.c: In function 'report_matches':
mm/kfence/kfence_test.c:113:15: error: implicit declaration of function 'ENDOF' [-Werror=implicit-function-declaration]
113 | end = ENDOF(expect[0]);
| ^~~~~
>> mm/kfence/kfence_test.c:113:13: warning: assignment to 'const char *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
113 | end = ENDOF(expect[0]);
| ^
mm/kfence/kfence_test.c:143:13: warning: assignment to 'const char *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
143 | end = ENDOF(expect[1]);
| ^
cc1: some warnings being treated as errors
vim +113 mm/kfence/kfence_test.c
94
95 /* Check observed report matches information in @r. */
96 static bool report_matches(const struct expect_report *r)
97 {
98 unsigned long addr = (unsigned long)r->addr;
99 bool ret = false;
100 unsigned long flags;
101 typeof(observed.lines) expect;
102 const char *end;
103 char *cur;
104
105 /* Doubled-checked locking. */
106 if (!report_available())
107 return false;
108
109 /* Generate expected report contents. */
110
111 /* Title */
112 cur = expect[0];
> 113 end = ENDOF(expect[0]);
114 switch (r->type) {
115 case KFENCE_ERROR_OOB:
116 cur += scnprintf(cur, end - cur, "BUG: KFENCE: out-of-bounds %s",
117 get_access_type(r));
118 break;
119 case KFENCE_ERROR_UAF:
120 cur += scnprintf(cur, end - cur, "BUG: KFENCE: use-after-free %s",
121 get_access_type(r));
122 break;
123 case KFENCE_ERROR_CORRUPTION:
124 cur += scnprintf(cur, end - cur, "BUG: KFENCE: memory corruption");
125 break;
126 case KFENCE_ERROR_INVALID:
127 cur += scnprintf(cur, end - cur, "BUG: KFENCE: invalid %s",
128 get_access_type(r));
129 break;
130 case KFENCE_ERROR_INVALID_FREE:
131 cur += scnprintf(cur, end - cur, "BUG: KFENCE: invalid free");
132 break;
133 }
134
135 scnprintf(cur, end - cur, " in %pS", r->fn);
136 /* The exact offset won't match, remove it; also strip module name. */
137 cur = strchr(expect[0], '+');
138 if (cur)
139 *cur = '\0';
140
141 /* Access information */
142 cur = expect[1];
143 end = ENDOF(expect[1]);
144
145 switch (r->type) {
146 case KFENCE_ERROR_OOB:
147 cur += scnprintf(cur, end - cur, "Out-of-bounds %s at", get_access_type(r));
148 addr = arch_kfence_test_address(addr);
149 break;
150 case KFENCE_ERROR_UAF:
151 cur += scnprintf(cur, end - cur, "Use-after-free %s at", get_access_type(r));
152 addr = arch_kfence_test_address(addr);
153 break;
154 case KFENCE_ERROR_CORRUPTION:
155 cur += scnprintf(cur, end - cur, "Corrupted memory at");
156 break;
157 case KFENCE_ERROR_INVALID:
158 cur += scnprintf(cur, end - cur, "Invalid %s at", get_access_type(r));
159 addr = arch_kfence_test_address(addr);
160 break;
161 case KFENCE_ERROR_INVALID_FREE:
162 cur += scnprintf(cur, end - cur, "Invalid free of");
163 break;
164 }
165
166 cur += scnprintf(cur, end - cur, " 0x%p", (void *)addr);
167
168 spin_lock_irqsave(&observed.lock, flags);
169 if (!report_available())
170 goto out; /* A new report is being captured. */
171
172 /* Finally match expected output to what we actually observed. */
173 ret = strstr(observed.lines[0], expect[0]) && strstr(observed.lines[1], expect[1]);
174 out:
175 spin_unlock_irqrestore(&observed.lock, flags);
176 return ret;
177 }
178
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Hi Alejandro,
kernel test robot noticed the following build errors:
[auto build test ERROR on akpm-mm/mm-everything]
[also build test ERROR on kees/for-next/pstore kees/for-next/kspp linus/master linux/master v6.18-rc5 next-20251110]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Alejandro-Colomar/array_size-h-Add-ARRAY_END/20251110-075203
base: https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/r/87445e701574058b142e036c3b8a0f505086ab64.1758806023.git.alx%40kernel.org
patch subject: [PATCH v1 2/3] mm: Fix benign off-by-one bugs
config: i386-allmodconfig (https://download.01.org/0day-ci/archive/20251111/202511110204.IxlIobdQ-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251111/202511110204.IxlIobdQ-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511110204.IxlIobdQ-lkp@intel.com/
All errors (new ones prefixed by >>):
mm/kfence/kfence_test.c: In function 'report_matches':
>> mm/kfence/kfence_test.c:113:15: error: implicit declaration of function 'ENDOF' [-Wimplicit-function-declaration]
113 | end = ENDOF(expect[0]);
| ^~~~~
>> mm/kfence/kfence_test.c:113:13: error: assignment to 'const char *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
113 | end = ENDOF(expect[0]);
| ^
mm/kfence/kfence_test.c:143:13: error: assignment to 'const char *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
143 | end = ENDOF(expect[1]);
| ^
vim +/ENDOF +113 mm/kfence/kfence_test.c
94
95 /* Check observed report matches information in @r. */
96 static bool report_matches(const struct expect_report *r)
97 {
98 unsigned long addr = (unsigned long)r->addr;
99 bool ret = false;
100 unsigned long flags;
101 typeof(observed.lines) expect;
102 const char *end;
103 char *cur;
104
105 /* Doubled-checked locking. */
106 if (!report_available())
107 return false;
108
109 /* Generate expected report contents. */
110
111 /* Title */
112 cur = expect[0];
> 113 end = ENDOF(expect[0]);
114 switch (r->type) {
115 case KFENCE_ERROR_OOB:
116 cur += scnprintf(cur, end - cur, "BUG: KFENCE: out-of-bounds %s",
117 get_access_type(r));
118 break;
119 case KFENCE_ERROR_UAF:
120 cur += scnprintf(cur, end - cur, "BUG: KFENCE: use-after-free %s",
121 get_access_type(r));
122 break;
123 case KFENCE_ERROR_CORRUPTION:
124 cur += scnprintf(cur, end - cur, "BUG: KFENCE: memory corruption");
125 break;
126 case KFENCE_ERROR_INVALID:
127 cur += scnprintf(cur, end - cur, "BUG: KFENCE: invalid %s",
128 get_access_type(r));
129 break;
130 case KFENCE_ERROR_INVALID_FREE:
131 cur += scnprintf(cur, end - cur, "BUG: KFENCE: invalid free");
132 break;
133 }
134
135 scnprintf(cur, end - cur, " in %pS", r->fn);
136 /* The exact offset won't match, remove it; also strip module name. */
137 cur = strchr(expect[0], '+');
138 if (cur)
139 *cur = '\0';
140
141 /* Access information */
142 cur = expect[1];
143 end = ENDOF(expect[1]);
144
145 switch (r->type) {
146 case KFENCE_ERROR_OOB:
147 cur += scnprintf(cur, end - cur, "Out-of-bounds %s at", get_access_type(r));
148 addr = arch_kfence_test_address(addr);
149 break;
150 case KFENCE_ERROR_UAF:
151 cur += scnprintf(cur, end - cur, "Use-after-free %s at", get_access_type(r));
152 addr = arch_kfence_test_address(addr);
153 break;
154 case KFENCE_ERROR_CORRUPTION:
155 cur += scnprintf(cur, end - cur, "Corrupted memory at");
156 break;
157 case KFENCE_ERROR_INVALID:
158 cur += scnprintf(cur, end - cur, "Invalid %s at", get_access_type(r));
159 addr = arch_kfence_test_address(addr);
160 break;
161 case KFENCE_ERROR_INVALID_FREE:
162 cur += scnprintf(cur, end - cur, "Invalid free of");
163 break;
164 }
165
166 cur += scnprintf(cur, end - cur, " 0x%p", (void *)addr);
167
168 spin_lock_irqsave(&observed.lock, flags);
169 if (!report_available())
170 goto out; /* A new report is being captured. */
171
172 /* Finally match expected output to what we actually observed. */
173 ret = strstr(observed.lines[0], expect[0]) && strstr(observed.lines[1], expect[1]);
174 out:
175 spin_unlock_irqrestore(&observed.lock, flags);
176 return ret;
177 }
178
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Hi Alejandro,
kernel test robot noticed the following build errors:
[auto build test ERROR on akpm-mm/mm-everything]
[also build test ERROR on kees/for-next/pstore kees/for-next/kspp linus/master linux/master v6.18-rc5 next-20251110]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Alejandro-Colomar/array_size-h-Add-ARRAY_END/20251110-075203
base: https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/r/87445e701574058b142e036c3b8a0f505086ab64.1758806023.git.alx%40kernel.org
patch subject: [PATCH v1 2/3] mm: Fix benign off-by-one bugs
config: loongarch-randconfig-001-20251110 (https://download.01.org/0day-ci/archive/20251111/202511110100.9uPtQqN1-lkp@intel.com/config)
compiler: clang version 22.0.0git (https://github.com/llvm/llvm-project 996639d6ebb86ff15a8c99b67f1c2e2117636ae7)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251111/202511110100.9uPtQqN1-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511110100.9uPtQqN1-lkp@intel.com/
All errors (new ones prefixed by >>):
>> mm/kfence/kfence_test.c:113:8: error: call to undeclared function 'ENDOF'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
113 | end = ENDOF(expect[0]);
| ^
>> mm/kfence/kfence_test.c:113:6: error: incompatible integer to pointer conversion assigning to 'const char *' from 'int' [-Wint-conversion]
113 | end = ENDOF(expect[0]);
| ^ ~~~~~~~~~~~~~~~~
mm/kfence/kfence_test.c:143:6: error: incompatible integer to pointer conversion assigning to 'const char *' from 'int' [-Wint-conversion]
143 | end = ENDOF(expect[1]);
| ^ ~~~~~~~~~~~~~~~~
3 errors generated.
vim +/ENDOF +113 mm/kfence/kfence_test.c
94
95 /* Check observed report matches information in @r. */
96 static bool report_matches(const struct expect_report *r)
97 {
98 unsigned long addr = (unsigned long)r->addr;
99 bool ret = false;
100 unsigned long flags;
101 typeof(observed.lines) expect;
102 const char *end;
103 char *cur;
104
105 /* Doubled-checked locking. */
106 if (!report_available())
107 return false;
108
109 /* Generate expected report contents. */
110
111 /* Title */
112 cur = expect[0];
> 113 end = ENDOF(expect[0]);
114 switch (r->type) {
115 case KFENCE_ERROR_OOB:
116 cur += scnprintf(cur, end - cur, "BUG: KFENCE: out-of-bounds %s",
117 get_access_type(r));
118 break;
119 case KFENCE_ERROR_UAF:
120 cur += scnprintf(cur, end - cur, "BUG: KFENCE: use-after-free %s",
121 get_access_type(r));
122 break;
123 case KFENCE_ERROR_CORRUPTION:
124 cur += scnprintf(cur, end - cur, "BUG: KFENCE: memory corruption");
125 break;
126 case KFENCE_ERROR_INVALID:
127 cur += scnprintf(cur, end - cur, "BUG: KFENCE: invalid %s",
128 get_access_type(r));
129 break;
130 case KFENCE_ERROR_INVALID_FREE:
131 cur += scnprintf(cur, end - cur, "BUG: KFENCE: invalid free");
132 break;
133 }
134
135 scnprintf(cur, end - cur, " in %pS", r->fn);
136 /* The exact offset won't match, remove it; also strip module name. */
137 cur = strchr(expect[0], '+');
138 if (cur)
139 *cur = '\0';
140
141 /* Access information */
142 cur = expect[1];
143 end = ENDOF(expect[1]);
144
145 switch (r->type) {
146 case KFENCE_ERROR_OOB:
147 cur += scnprintf(cur, end - cur, "Out-of-bounds %s at", get_access_type(r));
148 addr = arch_kfence_test_address(addr);
149 break;
150 case KFENCE_ERROR_UAF:
151 cur += scnprintf(cur, end - cur, "Use-after-free %s at", get_access_type(r));
152 addr = arch_kfence_test_address(addr);
153 break;
154 case KFENCE_ERROR_CORRUPTION:
155 cur += scnprintf(cur, end - cur, "Corrupted memory at");
156 break;
157 case KFENCE_ERROR_INVALID:
158 cur += scnprintf(cur, end - cur, "Invalid %s at", get_access_type(r));
159 addr = arch_kfence_test_address(addr);
160 break;
161 case KFENCE_ERROR_INVALID_FREE:
162 cur += scnprintf(cur, end - cur, "Invalid free of");
163 break;
164 }
165
166 cur += scnprintf(cur, end - cur, " 0x%p", (void *)addr);
167
168 spin_lock_irqsave(&observed.lock, flags);
169 if (!report_available())
170 goto out; /* A new report is being captured. */
171
172 /* Finally match expected output to what we actually observed. */
173 ret = strstr(observed.lines[0], expect[0]) && strstr(observed.lines[1], expect[1]);
174 out:
175 spin_unlock_irqrestore(&observed.lock, flags);
176 return ret;
177 }
178
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Hi, On Tue, Nov 11, 2025 at 01:47:19AM +0800, kernel test robot wrote: > kernel test robot noticed the following build errors: [...] > >> mm/kfence/kfence_test.c:113:8: error: call to undeclared function 'ENDOF'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] > 113 | end = ENDOF(expect[0]); > | ^ > >> mm/kfence/kfence_test.c:113:6: error: incompatible integer to pointer conversion assigning to 'const char *' from 'int' [-Wint-conversion] > 113 | end = ENDOF(expect[0]); > | ^ ~~~~~~~~~~~~~~~~ > mm/kfence/kfence_test.c:143:6: error: incompatible integer to pointer conversion assigning to 'const char *' from 'int' [-Wint-conversion] > 143 | end = ENDOF(expect[1]); > | ^ ~~~~~~~~~~~~~~~~ > 3 errors generated. I'm pretty sure I tested this some months ago. I'll test again... Have a lovely night! Alex -- <https://www.alejandro-colomar.es> Use port 80 (that is, <...:80/>).
© 2016 - 2026 Red Hat, Inc.