| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 May 2024 11:48:14 -0700 From: Kees Cook <keescook@...omium.org> To: Masahiro Yamada <masahiroy@...nel.org> Cc: linux-kbuild@...r.kernel.org, linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org, Andrey Ryabinin <ryabinin.a.a@...il.com>, Alexander Potapenko <glider@...gle.com>, Andrey Konovalov <andreyknvl@...il.com>, Dmitry Vyukov <dvyukov@...gle.com>, Vincenzo Frascino <vincenzo.frascino@....com>, Marco Elver <elver@...gle.com>, Josh Poimboeuf <jpoimboe@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Peter Oberparleiter <oberpar@...ux.ibm.com>, Roberto Sassu <roberto.sassu@...weicloud.com>, Johannes Berg <johannes@...solutions.net>, kasan-dev@...glegroups.com, linux-hardening@...r.kernel.org Subject: Re: [PATCH 0/3] kbuild: remove many tool coverage variables In the future can you CC the various maintainers of the affected tooling? :) On Mon, May 06, 2024 at 10:35:41PM +0900, Masahiro Yamada wrote: > > This patch set removes many instances of the following variables: > > - OBJECT_FILES_NON_STANDARD > - KASAN_SANITIZE > - UBSAN_SANITIZE > - KCSAN_SANITIZE > - KMSAN_SANITIZE > - GCOV_PROFILE > - KCOV_INSTRUMENT > > Such tools are intended only for kernel space objects, most of which > are listed in obj-y, lib-y, or obj-m. This is a reasonable assertion, and the changes really simplify things now and into the future. Thanks for finding such a clean solution! I note that it also immediately fixes the issue noticed and fixed here: https://lore.kernel.org/all/20240513122754.1282833-1-roberto.sassu@huaweicloud.com/ > The best guess is, objects in $(obj-y), $(lib-y), $(obj-m) can opt in > such tools. Otherwise, not. > > This works in most places. I am worried about the use of "guess" and "most", though. :) Before, we had some clear opt-out situations, and now it's more of a side-effect. I think this is okay, but I'd really like to know more about your testing. It seems like you did build testing comparing build flags, since you call out some of the explicit changes in patch 2, quoting: > - include arch/mips/vdso/vdso-image.o into UBSAN, GCOV, KCOV > - include arch/sparc/vdso/vdso-image-*.o into UBSAN > - include arch/sparc/vdso/vma.o into UBSAN > - include arch/x86/entry/vdso/extable.o into KASAN, KCSAN, UBSAN, GCOV, KCOV > - include arch/x86/entry/vdso/vdso-image-*.o into KASAN, KCSAN, UBSAN, GCOV, KCOV > - include arch/x86/entry/vdso/vdso32-setup.o into KASAN, KCSAN, UBSAN, GCOV, KCOV > - include arch/x86/entry/vdso/vma.o into GCOV, KCOV > - include arch/x86/um/vdso/vma.o into KASAN, GCOV, KCOV I would agree that these cases are all likely desirable. Did you find any cases where you found that instrumentation was _removed_ where not expected? -Kees -- Kees Cook
Powered by blists - more mailing lists