fortify: strlen: Avoid shadowing previous locals

The __compiletime_strlen() macro expansion will shadow p_size and p_len
local variables. No callers currently use any of the shadowed names
for their "p" variable, so there are no code generation problems.

Add "__" prefixes to variable definitions __compiletime_strlen() to
avoid new W=2 warnings:

./include/linux/fortify-string.h: In function 'strnlen':
./include/linux/fortify-string.h:17:9: warning: declaration of 'p_size' shadows a previous local [-Wshadow]
   17 |  size_t p_size = __builtin_object_size(p, 1); \
      |         ^~~~~~
./include/linux/fortify-string.h:77:17: note: in expansion of macro '__compiletime_strlen'
   77 |  size_t p_len = __compiletime_strlen(p);
      |                 ^~~~~~~~~~~~~~~~~~~~
./include/linux/fortify-string.h:76:9: note: shadowed declaration is here
   76 |  size_t p_size = __builtin_object_size(p, 1);
      |         ^~~~~~

Signed-off-by: Qian Cai <quic_qiancai@quicinc.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20211025210528.261643-1-quic_qiancai@quicinc.com

diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
index fdb0a74..a6cd681 100644 (file)
--- a/include/linux/fortify-string.h
+++ b/include/linux/fortify-string.h
@@ -10,18 +10,18 @@ void __read_overflow(void) __compiletime_error("detected read beyond size of obj
 void __read_overflow2(void) __compiletime_error("detected read beyond size of object (2nd parameter)");
 void __write_overflow(void) __compiletime_error("detected write beyond size of object (1st parameter)");
 
-#define __compiletime_strlen(p)                                \
-({                                                     \
-       unsigned char *__p = (unsigned char *)(p);      \
-       size_t ret = (size_t)-1;                        \
-       size_t p_size = __builtin_object_size(p, 1);    \
-       if (p_size != (size_t)-1) {                     \
-               size_t p_len = p_size - 1;              \
-               if (__builtin_constant_p(__p[p_len]) && \
-                   __p[p_len] == '\0')                 \
-                       ret = __builtin_strlen(__p);    \
-       }                                               \
-       ret;                                            \
+#define __compiletime_strlen(p)                                        \
+({                                                             \
+       unsigned char *__p = (unsigned char *)(p);              \
+       size_t __ret = (size_t)-1;                              \
+       size_t __p_size = __builtin_object_size(p, 1);          \
+       if (__p_size != (size_t)-1) {                           \
+               size_t __p_len = __p_size - 1;                  \
+               if (__builtin_constant_p(__p[__p_len]) &&       \
+                   __p[__p_len] == '\0')                       \
+                       __ret = __builtin_strlen(__p);          \
+       }                                                       \
+       __ret;                                                  \
 })
 
 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)