lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 6 May 2019 18:36:45 +0300
From:   Andrey Ryabinin <aryabinin@...tuozzo.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Alexander Potapenko <glider@...gle.com>,
        Andrey Konovalov <andreyknvl@...gle.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 4.9 09/62] kasan: turn on
 -fsanitize-address-use-after-scope



On 5/6/19 6:10 PM, Greg Kroah-Hartman wrote:
> On Mon, May 06, 2019 at 05:55:54PM +0300, Andrey Ryabinin wrote:
>>
>>
>> On 5/6/19 5:32 PM, Greg Kroah-Hartman wrote:
>>> From: Andrey Ryabinin <aryabinin@...tuozzo.com>
>>>
>>> commit c5caf21ab0cf884ef15b25af234f620e4a233139 upstream.
>>>
>>> In the upcoming gcc7 release, the -fsanitize=kernel-address option at
>>> first implied new -fsanitize-address-use-after-scope option.  This would
>>> cause link errors on older kernels because they don't have two new
>>> functions required for use-after-scope support.  Therefore, gcc7 changed
>>> default to -fno-sanitize-address-use-after-scope.
>>>
>>> Now the kernel has everything required for that feature since commit
>>> 828347f8f9a5 ("kasan: support use-after-scope detection").  So, to make it
>>> work, we just have to enable use-after-scope in CFLAGS.
>>>
>>> Link: http://lkml.kernel.org/r/1481207977-28654-1-git-send-email-aryabinin@virtuozzo.com
>>> Signed-off-by: Andrey Ryabinin <aryabinin@...tuozzo.com>
>>> Acked-by: Dmitry Vyukov <dvyukov@...gle.com>
>>> Cc: Alexander Potapenko <glider@...gle.com>
>>> Cc: Andrey Konovalov <andreyknvl@...gle.com>
>>> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
>>> Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
>>> Signed-off-by: Andrey Konovalov <andreyknvl@...gle.com>
>>> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>>>
>>> ---
>>>  scripts/Makefile.kasan |    2 ++
>>>  1 file changed, 2 insertions(+)
>>>
>>> --- a/scripts/Makefile.kasan
>>> +++ b/scripts/Makefile.kasan
>>> @@ -29,6 +29,8 @@ else
>>>      endif
>>>  endif
>>>  
>>> +CFLAGS_KASAN += $(call cc-option, -fsanitize-address-use-after-scope)
>>> +
>>>  CFLAGS_KASAN_NOSANITIZE := -fno-builtin
>>>  
>>>  endif
>>>
>>>
>>
>> This shouldn't be in the -stable.
> 
> Why not?  Does no one use gcc7 with this kernel and kasan?
> 

You don't need this patch to use kasan on this kernel with gcc7.
This patch only enables detection of use-after-scope bugs. This feature appeared to be useless,
hence it disabled recently by commit 7771bdbbfd3d ("kasan: remove use after scope bugs detection.")

The link errors mentioned in changelog was the problem only for some period of time in the development branch of GCC 7.
The released GCC7 version doesn't have this problem.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ