linux-hardening - Re: [PATCH 6/9] fortify: Split reporting and avoid passing string pointer

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <CAHp75Vf-nG865UwbVjwFjVTtXA7mAdi4FfKCpTHDx55eFnbvAA@mail.gmail.com>
Date:   Thu, 6 Apr 2023 13:20:52 +0300
From:   Andy Shevchenko <andy.shevchenko@...il.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     linux-hardening@...r.kernel.org, Andy Shevchenko <andy@...nel.org>,
        Cezary Rojewski <cezary.rojewski@...el.com>,
        Puyou Lu <puyou.lu@...il.com>, Mark Brown <broonie@...nel.org>,
        Josh Poimboeuf <jpoimboe@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Brendan Higgins <brendan.higgins@...ux.dev>,
        David Gow <davidgow@...gle.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Alexander Potapenko <glider@...gle.com>,
        Zhaoyang Huang <zhaoyang.huang@...soc.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        Geert Uytterhoeven <geert+renesas@...der.be>,
        Miguel Ojeda <ojeda@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Liam Howlett <liam.howlett@...cle.com>,
        Vlastimil Babka <vbabka@...e.cz>,
        Dan Williams <dan.j.williams@...el.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Yury Norov <yury.norov@...il.com>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Sander Vanheule <sander@...nheule.net>,
        Eric Biggers <ebiggers@...gle.com>,
        "Masami Hiramatsu (Google)" <mhiramat@...nel.org>,
        Andrey Konovalov <andreyknvl@...il.com>,
        Linus Walleij <linus.walleij@...aro.org>,
        Daniel Latypov <dlatypov@...gle.com>,
        José Expósito <jose.exposito89@...il.com>,
        linux-kernel@...r.kernel.org, kunit-dev@...glegroups.com
Subject: Re: [PATCH 6/9] fortify: Split reporting and avoid passing string pointer

On Thu, Apr 6, 2023 at 3:02 AM Kees Cook <keescook@...omium.org> wrote:
>
> In preparation for KUnit testing and further improvements in fortify
> failure reporting, split out the report and encode the function and
> access failure (read or write overflow) into a single int argument. This
> mainly ends up saving some space in the data segment. For a defconfig
> with FORTIFY_SOURCE enabled:
>
> $ size gcc/vmlinux.before gcc/vmlinux.after
>    text           data     bss     dec              hex filename
> 26132309        9760658 2195460 38088427        2452eeb gcc/vmlinux.before
> 26132386        9748382 2195460 38076228        244ff44 gcc/vmlinux.after

...

> +       const char *name;
> +       const bool write = !!(reason & 0x1);

Perhaps define that as

FORTIFY_READ_WRITE  BIT(0)
FORTIFY_FUNC_SHIFT  1

const bool write = reason & FORTIFY_READ_WRITE; // and note no need for !! part

switch (reason >> FORTIFY_FUNC_SHIFT) {

> +       switch (reason >> 1) {
> +       case FORTIFY_FUNC_strncpy:
> +               name = "strncpy";
> +               break;
> +       case FORTIFY_FUNC_strnlen:
> +               name = "strnlen";
> +               break;
> +       case FORTIFY_FUNC_strlen:
> +               name = "strlen";
> +               break;
> +       case FORTIFY_FUNC_strlcpy:
> +               name = "strlcpy";
> +               break;
> +       case FORTIFY_FUNC_strscpy:
> +               name = "strscpy";
> +               break;
> +       case FORTIFY_FUNC_strlcat:
> +               name = "strlcat";
> +               break;
> +       case FORTIFY_FUNC_strcat:
> +               name = "strcat";
> +               break;
> +       case FORTIFY_FUNC_strncat:
> +               name = "strncat";
> +               break;
> +       case FORTIFY_FUNC_memset:
> +               name = "memset";
> +               break;
> +       case FORTIFY_FUNC_memcpy:
> +               name = "memcpy";
> +               break;
> +       case FORTIFY_FUNC_memmove:
> +               name = "memmove";
> +               break;
> +       case FORTIFY_FUNC_memscan:
> +               name = "memscan";
> +               break;
> +       case FORTIFY_FUNC_memcmp:
> +               name = "memcmp";
> +               break;
> +       case FORTIFY_FUNC_memchr:
> +               name = "memchr";
> +               break;
> +       case FORTIFY_FUNC_memchr_inv:
> +               name = "memchr_inv";
> +               break;
> +       case FORTIFY_FUNC_kmemdup:
> +               name = "kmemdup";
> +               break;
> +       case FORTIFY_FUNC_strcpy:
> +               name = "strcpy";
> +               break;
> +       default:
> +               name = "unknown";
> +       }

...

> +       WARN(1, "%s: detected buffer %s overflow\n", name, write ? "write" : "read");

Using str_read_write() ?

Dunno if it's already there or needs to be added. I have some patches
to move those str_*() to string_choices.h. We can also prepend yours
with those.

-- 
With Best Regards,
Andy Shevchenko