lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFd5g45+JqKDqewqz2oZtnphA-_0w62FdSTkRs43K_NJUgnLBg@mail.gmail.com> Date: Fri, 29 Jan 2021 13:29:20 -0800 From: Brendan Higgins <brendanhiggins@...gle.com> To: Kees Cook <keescook@...omium.org> Cc: Arnd Bergmann <arnd@...nel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Arnd Bergmann <arnd@...db.de>, Shuah Khan <skhan@...uxfoundation.org>, Geert Uytterhoeven <geert+renesas@...der.be>, Alan Maguire <alan.maguire@...cle.com>, Dmitry Torokhov <dmitry.torokhov@...il.com>, Mika Westerberg <mika.westerberg@...ux.intel.com>, Vitor Massaru Iha <vitor@...saru.org>, linux-hardening@...r.kernel.org, "open list:KERNEL SELFTEST FRAMEWORK" <linux-kselftest@...r.kernel.org>, KUnit Development <kunit-dev@...glegroups.com> Subject: Re: [RFC 0/3] kunit vs structleak On Wed, Jan 27, 2021 at 12:15 PM Kees Cook <keescook@...omium.org> wrote: > > On Mon, Jan 25, 2021 at 01:45:25PM +0100, Arnd Bergmann wrote: > > From: Arnd Bergmann <arnd@...db.de> > > > > I ran into a couple of problems with kunit tests taking too much stack > > space, sometimes dangerously so. These the the three instances that > > cause an increase over the warning limit of some architectures: > > > > lib/bitfield_kunit.c:93:1: error: the frame size of 7440 bytes is larger than 2048 bytes [-Werror=frame-larger-than=] > > drivers/base/test/property-entry-test.c:481:1: error: the frame size of 2640 bytes is larger than 2048 bytes [-Werror=frame-larger-than=] > > drivers/thunderbolt/test.c:1529:1: error: the frame size of 1176 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] > > > > Ideally there should be a way to rewrite the kunit infrastructure > > that avoids the explosion of stack data when the structleak plugin > > is used. > > > > A rather drastic measure would be to use Kconfig logic to make > > the two options mutually exclusive. This would clearly work, but > > is probably not needed. > > > > As a simpler workaround, this disables the plugin for the three > > files in which the excessive stack usage was observed. > > > > Arnd > > > > Arnd Bergmann (3): > > bitfield: build kunit tests without structleak plugin > > drivers/base: build kunit tests without structleak plugin > > thunderbolt: build kunit tests without structleak plugin > > > > drivers/base/test/Makefile | 1 + > > drivers/thunderbolt/Makefile | 1 + > > lib/Makefile | 1 + > > 3 files changed, 3 insertions(+) > > I think I'd prefer centralizing the disabling, as done with the other > plugins, instead of sprinkling "open coded" command-line options around > the kernel's Makefiles. :) > > For example: > > > diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins > index 952e46876329..2d5009e3b593 100644 > --- a/scripts/Makefile.gcc-plugins > +++ b/scripts/Makefile.gcc-plugins > @@ -21,6 +21,10 @@ gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL) \ > += -fplugin-arg-structleak_plugin-byref-all > gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) \ > += -DSTRUCTLEAK_PLUGIN > +ifdef CONFIG_GCC_PLUGIN_STRUCTLEAK > + DISABLE_STRUCTLEAK_PLUGIN += -fplugin-arg-structleak_plugin-disable > +endif > +export DISABLE_STRUCTLEAK_PLUGIN > > gcc-plugin-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += randomize_layout_plugin.so > gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) \ > > > And then use DISABLE_STRUCTLEAK_PLUGIN. This looks fine to me. Does somebody want me to send this out as a patch? Don't want to steal anyone's thunder :-)
Powered by blists - more mailing lists