| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKwvOdmMhTdkpA5pOrkDkyRB6O6Y8mw_s2JbqvBS3r12BCMQyg@mail.gmail.com>
Date: Tue, 6 Sep 2022 09:37:44 -0700
From: Nick Desaulniers <ndesaulniers@...gle.com>
To: Kees Cook <keescook@...omium.org>
Cc: Nathan Chancellor <nathan@...nel.org>, Tom Rix <trix@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Vlastimil Babka <vbabka@...e.cz>,
"Steven Rostedt (Google)" <rostedt@...dmis.org>,
David Gow <davidgow@...gle.com>,
Yury Norov <yury.norov@...il.com>,
Masami Hiramatsu <mhiramat@...nel.org>,
Sander Vanheule <sander@...nheule.net>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Dan Williams <dan.j.williams@...el.com>,
Isabella Basso <isabbasso@...eup.net>,
Eric Dumazet <edumazet@...gle.com>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Eric Biggers <ebiggers@...gle.com>,
Hannes Reinecke <hare@...e.de>,
linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org,
llvm@...ts.linux.dev
Subject: Re: [PATCH v2 0/3] Fix FORTIFY=y UBSAN_LOCAL_BOUNDS=y
On Fri, Sep 2, 2022 at 1:43 PM Kees Cook <keescook@...omium.org> wrote:
>
> With CONFIG_FORTIFY=y and CONFIG_UBSAN_LOCAL_BOUNDS=y enabled, we
> observe a runtime panic while running Android's Compatibility Test
> Suite's (CTS) android.hardware.input.cts.tests. This is stemming from a
> strlen() call in hidinput_allocate().
>
> __builtin_object_size(str, 0 or 1) has interesting behavior for C
> strings when str is runtime dependent, and all possible values are known
> at compile time; it evaluates to the maximum of those sizes. This causes
> UBSAN_LOCAL_BOUNDS to insert faults for the smaller values, which we
> trip at runtime.
>
> Patch 1 is the actual fix, using a 0-index __builtin_constant_p() check
> to short-circuit the runtime check.
> Patch 2 is a KUnit test to validate this behavior going forward.
> Patch 3 is is a cosmetic cleanup to use SIZE_MAX instead of (size_t)-1
Thanks,
Testing out patch 1/3 against Android's CTS:
https://android-review.googlesource.com/c/kernel/common/+/2206839,
will give formal signoffs/review after a completed test run.
>
> -Kees
>
> v2:
> - different solution
> - add KUnit test
> - expand scope of cosmetic cleanup
> v1: https://lore.kernel.org/lkml/20220830205309.312864-1-ndesaulniers@google.com
>
> Kees Cook (3):
> fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL
> fortify: Add KUnit test for FORTIFY_SOURCE internals
> fortify: Use SIZE_MAX instead of (size_t)-1
>
> MAINTAINERS | 1 +
> include/linux/fortify-string.h | 29 ++++++-------
> lib/Kconfig.debug | 9 ++++
> lib/Makefile | 1 +
> lib/fortify_kunit.c | 77 ++++++++++++++++++++++++++++++++++
> 5 files changed, 103 insertions(+), 14 deletions(-)
> create mode 100644 lib/fortify_kunit.c
>
> --
> 2.34.1
>
--
Thanks,
~Nick Desaulniers
Powered by blists - more mailing lists