| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Apr 2023 15:57:37 -0700
From: Kees Cook <keescook@...omium.org>
To: Andy Shevchenko <andy.shevchenko@...il.com>
Cc: linux-hardening@...r.kernel.org, Andy Shevchenko <andy@...nel.org>,
Cezary Rojewski <cezary.rojewski@...el.com>,
Puyou Lu <puyou.lu@...il.com>, Mark Brown <broonie@...nel.org>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Brendan Higgins <brendan.higgins@...ux.dev>,
David Gow <davidgow@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Nathan Chancellor <nathan@...nel.org>,
Alexander Potapenko <glider@...gle.com>,
Zhaoyang Huang <zhaoyang.huang@...soc.com>,
Randy Dunlap <rdunlap@...radead.org>,
Geert Uytterhoeven <geert+renesas@...der.be>,
Miguel Ojeda <ojeda@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Liam Howlett <liam.howlett@...cle.com>,
Vlastimil Babka <vbabka@...e.cz>,
Dan Williams <dan.j.williams@...el.com>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Yury Norov <yury.norov@...il.com>,
"Jason A. Donenfeld" <Jason@...c4.com>,
Sander Vanheule <sander@...nheule.net>,
Eric Biggers <ebiggers@...gle.com>,
"Masami Hiramatsu (Google)" <mhiramat@...nel.org>,
Andrey Konovalov <andreyknvl@...il.com>,
Linus Walleij <linus.walleij@...aro.org>,
Daniel Latypov <dlatypov@...gle.com>,
José Expósito <jose.exposito89@...il.com>,
linux-kernel@...r.kernel.org, kunit-dev@...glegroups.com
Subject: Re: [PATCH 6/9] fortify: Split reporting and avoid passing string
pointer
On Thu, Apr 06, 2023 at 01:20:52PM +0300, Andy Shevchenko wrote:
> On Thu, Apr 6, 2023 at 3:02 AM Kees Cook <keescook@...omium.org> wrote:
> >
> > In preparation for KUnit testing and further improvements in fortify
> > failure reporting, split out the report and encode the function and
> > access failure (read or write overflow) into a single int argument. This
> > mainly ends up saving some space in the data segment. For a defconfig
> > with FORTIFY_SOURCE enabled:
> >
> > $ size gcc/vmlinux.before gcc/vmlinux.after
> > text data bss dec hex filename
> > 26132309 9760658 2195460 38088427 2452eeb gcc/vmlinux.before
> > 26132386 9748382 2195460 38076228 244ff44 gcc/vmlinux.after
>
> ...
>
> > + const char *name;
> > + const bool write = !!(reason & 0x1);
>
> Perhaps define that as
>
> FORTIFY_READ_WRITE BIT(0)
> FORTIFY_FUNC_SHIFT 1
>
> const bool write = reason & FORTIFY_READ_WRITE; // and note no need for !! part
Yeah, that reads better. The FIELD_GET suggestion down-thread is
probably how I'll go.
>
> switch (reason >> FORTIFY_FUNC_SHIFT) {
>
> > + switch (reason >> 1) {
> > + case FORTIFY_FUNC_strncpy:
> > + name = "strncpy";
> > + break;
> > + case FORTIFY_FUNC_strnlen:
> > + name = "strnlen";
> > + break;
> > + case FORTIFY_FUNC_strlen:
> > + name = "strlen";
> > + break;
> > + case FORTIFY_FUNC_strlcpy:
> > + name = "strlcpy";
> > + break;
> > + case FORTIFY_FUNC_strscpy:
> > + name = "strscpy";
> > + break;
> > + case FORTIFY_FUNC_strlcat:
> > + name = "strlcat";
> > + break;
> > + case FORTIFY_FUNC_strcat:
> > + name = "strcat";
> > + break;
> > + case FORTIFY_FUNC_strncat:
> > + name = "strncat";
> > + break;
> > + case FORTIFY_FUNC_memset:
> > + name = "memset";
> > + break;
> > + case FORTIFY_FUNC_memcpy:
> > + name = "memcpy";
> > + break;
> > + case FORTIFY_FUNC_memmove:
> > + name = "memmove";
> > + break;
> > + case FORTIFY_FUNC_memscan:
> > + name = "memscan";
> > + break;
> > + case FORTIFY_FUNC_memcmp:
> > + name = "memcmp";
> > + break;
> > + case FORTIFY_FUNC_memchr:
> > + name = "memchr";
> > + break;
> > + case FORTIFY_FUNC_memchr_inv:
> > + name = "memchr_inv";
> > + break;
> > + case FORTIFY_FUNC_kmemdup:
> > + name = "kmemdup";
> > + break;
> > + case FORTIFY_FUNC_strcpy:
> > + name = "strcpy";
> > + break;
> > + default:
> > + name = "unknown";
> > + }
>
> ...
>
> > + WARN(1, "%s: detected buffer %s overflow\n", name, write ? "write" : "read");
>
> Using str_read_write() ?
>
> Dunno if it's already there or needs to be added. I have some patches
> to move those str_*() to string_choices.h. We can also prepend yours
> with those.
Oh! Hah. I totally forgot about str_read_write. :) I will use that.
--
Kees Cook
Powered by blists - more mailing lists