lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 9 Mar 2016 03:43:05 -0800
From:	tip-bot for Josh Poimboeuf <tipbot@...or.com>
To:	linux-tip-commits@...r.kernel.org
Cc:	acme@...radead.org, namhyung@...il.com,
	chris.j.arges@...onical.com, luto@...nel.org, mingo@...nel.org,
	tglx@...utronix.de, palves@...hat.com,
	torvalds@...ux-foundation.org, jslaby@...e.cz,
	linux-kernel@...r.kernel.org, peterz@...radead.org,
	bernd@...rovitsch.priv.at, jpoimboe@...hat.com, hpa@...or.com,
	mmarek@...e.cz, acme@...nel.org, akpm@...ux-foundation.org,
	bp@...en8.de
Subject: [tip:core/objtool] objtool: Detect infinite recursion

Commit-ID:  b1e03249510b32645826bbf61a1452dd766c2e5c
Gitweb:     http://git.kernel.org/tip/b1e03249510b32645826bbf61a1452dd766c2e5c
Author:     Josh Poimboeuf <jpoimboe@...hat.com>
AuthorDate: Wed, 9 Mar 2016 00:06:52 -0600
Committer:  Ingo Molnar <mingo@...nel.org>
CommitDate: Wed, 9 Mar 2016 10:48:07 +0100

objtool: Detect infinite recursion

I don't _think_ dead_end_function() can get into a recursive loop, but
just in case, stop the loop and print a warning.

Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Arnaldo Carvalho de Melo <acme@...radead.org>
Cc: Arnaldo Carvalho de Melo <acme@...nel.org>
Cc: Bernd Petrovitsch <bernd@...rovitsch.priv.at>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Chris J Arges <chris.j.arges@...onical.com>
Cc: Jiri Slaby <jslaby@...e.cz>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Michal Marek <mmarek@...e.cz>
Cc: Namhyung Kim <namhyung@...il.com>
Cc: Pedro Alves <palves@...hat.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: live-patching@...r.kernel.org
Link: http://lkml.kernel.org/r/ff489a63e6feb88abb192cfb361d81626dcf3e89.1457502970.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@...nel.org>
---
 tools/objtool/builtin-check.c | 45 +++++++++++++++++++++++++++++++------------
 1 file changed, 33 insertions(+), 12 deletions(-)

diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c
index 80d9ed9..51da270 100644
--- a/tools/objtool/builtin-check.c
+++ b/tools/objtool/builtin-check.c
@@ -121,8 +121,14 @@ static bool ignore_func(struct objtool_file *file, struct symbol *func)
  *
  * For local functions, we have to detect them manually by simply looking for
  * the lack of a return instruction.
+ *
+ * Returns:
+ *  -1: error
+ *   0: no dead end
+ *   1: dead end
  */
-static bool dead_end_function(struct objtool_file *file, struct symbol *func)
+static int __dead_end_function(struct objtool_file *file, struct symbol *func,
+			       int recursion)
 {
 	int i;
 	struct instruction *insn, *func_insn;
@@ -144,19 +150,19 @@ static bool dead_end_function(struct objtool_file *file, struct symbol *func)
 	};
 
 	if (func->bind == STB_WEAK)
-		return false;
+		return 0;
 
 	if (func->bind == STB_GLOBAL)
 		for (i = 0; i < ARRAY_SIZE(global_noreturns); i++)
 			if (!strcmp(func->name, global_noreturns[i]))
-				return true;
+				return 1;
 
 	if (!func->sec)
-		return false;
+		return 0;
 
 	func_insn = find_instruction(file, func->sec, func->offset);
 	if (!func_insn)
-		return false;
+		return 0;
 
 	insn = func_insn;
 	list_for_each_entry_from(insn, &file->insns, list) {
@@ -167,11 +173,11 @@ static bool dead_end_function(struct objtool_file *file, struct symbol *func)
 		empty = false;
 
 		if (insn->type == INSN_RETURN)
-			return false;
+			return 0;
 	}
 
 	if (empty)
-		return false;
+		return 0;
 
 	/*
 	 * A function can have a sibling call instead of a return.  In that
@@ -190,7 +196,7 @@ static bool dead_end_function(struct objtool_file *file, struct symbol *func)
 
 			if (!dest)
 				/* sibling call to another file */
-				return false;
+				return 0;
 
 			if (dest->sec != func->sec ||
 			    dest->offset < func->offset ||
@@ -201,16 +207,28 @@ static bool dead_end_function(struct objtool_file *file, struct symbol *func)
 				if (!dest_func)
 					continue;
 
-				return dead_end_function(file, dest_func);
+				if (recursion == 5) {
+					WARN_FUNC("infinite recursion (objtool bug!)",
+						  dest->sec, dest->offset);
+					return -1;
+				}
+
+				return __dead_end_function(file, dest_func,
+							   recursion + 1);
 			}
 		}
 
 		if (insn->type == INSN_JUMP_DYNAMIC)
 			/* sibling call */
-			return false;
+			return 0;
 	}
 
-	return true;
+	return 1;
+}
+
+static int dead_end_function(struct objtool_file *file, struct symbol *func)
+{
+	return __dead_end_function(file, func, 0);
 }
 
 /*
@@ -809,8 +827,11 @@ static int validate_branch(struct objtool_file *file,
 				break;
 			}
 
-			if (dead_end_function(file, insn->call_dest))
+			ret = dead_end_function(file, insn->call_dest);
+			if (ret == 1)
 				return warnings;
+			if (ret == -1)
+				warnings++;
 
 			/* fallthrough */
 		case INSN_CALL_DYNAMIC:

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ