lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Dec 2015 18:50:04 +0300 From: Andrey Ryabinin <aryabinin@...tuozzo.com> To: <linux-kernel@...r.kernel.org> CC: Andrey Ryabinin <aryabinin@...tuozzo.com>, Andrew Morton <akpm@...ux-foundation.org>, Peter Zijlstra <peterz@...radead.org>, Sasha Levin <sasha.levin@...cle.com>, Randy Dunlap <rdunlap@...radead.org>, Rasmus Villemoes <linux@...musvillemoes.dk>, Jonathan Corbet <corbet@....net>, Michal Marek <mmarek@...e.cz>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, Yury Gribov <y.gribov@...sung.com>, Dmitry Vyukov <dvyukov@...gle.com>, Konstantin Khlebnikov <koct9i@...il.com>, Kostya Serebryany <kcc@...gle.com>, <x86@...nel.org>, <linux-doc@...r.kernel.org>, <linux-kbuild@...r.kernel.org> Subject: [PATCH v4 0/3] UBSAN: run-time undefined behavior sanity checker UBSAN is run-time undefined behaviour checker. It uses compile-time instrumentation to catch undefined behavior (UB). Compiler inserts code that perform certain kinds of checks before operations that could cause UB. If check fails (i.e. UB detected) __ubsan_handle_* function called to print error message. Changes since v3: - Fixed build failure/warnings reported by kbuild robot. - Fixed typo per Sasha. Changes since V2: - Dropped -fsanitize=nonnull-attribute. It checks whether null values are not passed to arguments marked as requiring a non-null value by the "nonnull" function attribute. We don't have much functions with such attribute (early_shadow_write() in arch/blackfin and GCC builtin functions: memcpy, memset, memmove, etc). Some kernel code deliberately passes NULL-ptr with 0-length to mem*(). This should be fine since we compile kernel with -fno-delete-null-pointer-checks. And NULL-ptr with != 0 length will just crash. So this options is useless in kernel since it produces only false positives. See also: http://thread.gmane.org/gmane.linux.kernel/1810656 - Also dropped enabling/disabling various checkers via boot cmdline. Boot time flag only disable reports, it can't disable compile-time code instrumentation. Thus, if we ever will need to disable some checker it would be better to do it in compile time via Kconfig option. - Alignment checks produce too much noise if CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS is set. Since there is no boottime option to disable alignment checks, CONFIG_UBSAN_ALIGNMENT was added. It's off by default if CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS is set. - Couple other small misc changes/fixes. Changes since v1: - Refactoring and cleanups in lib/ubsan.c including Sasha's complains. - Some spelling fixes from Randy - Fixed possible memory corruption on 64 big endian machines, spotted by Rasmus. - Links to the relevant GCC documentation added into changelog (Peter). - Added documentation. - Fix deadlock caused by kernel/printk/printk.c instrumentation (patch "kernel: printk: specify alignment for struct printk_log"). - Dropped useless 'Indirect call of a function through a function pointer of the wrong type' checker. GCC doesn't support this, and as clang manual says it's for C++ only. - Added checker for __builtin_unreachable() calls. - Removed redundant -fno-sanitize=float-cast-overflow from CFLAGS. - Added lock to prevent mixing reports. Andrey Ryabinin (3): kernel: printk: specify alignment for struct printk_log mac80211: Prevent build failure with CONFIG_UBSAN=y UBSAN: run-time undefined behavior sanity checker Documentation/ubsan.txt | 84 +++++++ Makefile | 3 +- arch/x86/Kconfig | 1 + arch/x86/boot/Makefile | 1 + arch/x86/boot/compressed/Makefile | 1 + arch/x86/entry/vdso/Makefile | 1 + arch/x86/realmode/rm/Makefile | 1 + drivers/firmware/efi/libstub/Makefile | 1 + include/linux/sched.h | 3 + kernel/printk/printk.c | 10 +- lib/Kconfig.debug | 1 + lib/Kconfig.ubsan | 29 +++ lib/Makefile | 3 + lib/ubsan.c | 456 ++++++++++++++++++++++++++++++++++ lib/ubsan.h | 84 +++++++ mm/kasan/Makefile | 1 + net/mac80211/debugfs.c | 7 +- scripts/Makefile.lib | 6 + scripts/Makefile.ubsan | 18 ++ 19 files changed, 700 insertions(+), 11 deletions(-) create mode 100644 Documentation/ubsan.txt create mode 100644 lib/Kconfig.ubsan create mode 100644 lib/ubsan.c create mode 100644 lib/ubsan.h create mode 100644 scripts/Makefile.ubsan -- 2.4.10 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists