lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 15 Jun 2016 16:49:16 +0100
From:	Mark Rutland <mark.rutland@....com>
To:	linux-kernel@...r.kernel.org
Cc:	Mark Rutland <mark.rutland@....com>,
	Alexander Potapenko <glider@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Dmitry Vyukov <dvyukov@...gle.com>,
	James Morse <james.morse@....com>,
	Kees Cook <keescook@...omium.org>,
	Michal Marek <mmarek@...e.com>
Subject: [PATCH] kcov: reject open when kernel not instrumented

If the toolchain does not support -fsanitize-coverage=trace-pc, we blat
this option from CFLAGS_KCOV, and build the kernel without
instrumentation, even if CONFIG_KCOV was selected. However, we still
build the rest of the kcov infrastructure, and expose a kcov file under
debugfs. This can be confusing, as the kernel will appear to support
kcov, yet will never manage to sample any trace PC values. While we do
note this fact at build time, this may be missed, and a user may not
have access to build logs.

This patch adds an artificial CONFIG symbol, CONFIG_KCOV_CC, that is
only set when the toolchain supports -fsanitize-coverage=trace-pc, and
hence the kernel is built with instrumentation. When this is not the
case, the kernel will return -ENOTSUPP if userspace attempts to open the
kcov debugfs file, indicating that kcov functionality is unavailable.

Signed-off-by: Mark Rutland <mark.rutland@....com>
Cc: Alexander Potapenko <glider@...gle.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Dmitry Vyukov <dvyukov@...gle.com>
Cc: James Morse <james.morse@....com>
Cc: Kees Cook <keescook@...omium.org>
Cc: Michal Marek <mmarek@...e.com>
Cc: linux-kernel@...r.kernel.org
---
 Makefile      | 2 +-
 kernel/kcov.c | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

As discussed [1] in reply to the arm64 patch.

[1] http://lkml.kernel.org/r/CACT4Y+Z3=juvxBJBXRh5PgE35twFRxg-3iMc-owenONU84x5XQ@mail.gmail.com

Mark.

diff --git a/Makefile b/Makefile
index 0f70de6..e6ef260 100644
--- a/Makefile
+++ b/Makefile
@@ -369,7 +369,7 @@ LDFLAGS_MODULE  =
 CFLAGS_KERNEL	=
 AFLAGS_KERNEL	=
 CFLAGS_GCOV	= -fprofile-arcs -ftest-coverage -fno-tree-loop-im -Wno-maybe-uninitialized
-CFLAGS_KCOV	= -fsanitize-coverage=trace-pc
+CFLAGS_KCOV	= -fsanitize-coverage=trace-pc -DCONFIG_KCOV_CC
 
 
 # Use USERINCLUDE when you must reference the UAPI directories only.
diff --git a/kernel/kcov.c b/kernel/kcov.c
index a02f2dd..df2cafd 100644
--- a/kernel/kcov.c
+++ b/kernel/kcov.c
@@ -3,6 +3,7 @@
 #define DISABLE_BRANCH_PROFILING
 #include <linux/compiler.h>
 #include <linux/types.h>
+#include <linux/errno.h>
 #include <linux/file.h>
 #include <linux/fs.h>
 #include <linux/mm.h>
@@ -160,6 +161,13 @@ static int kcov_open(struct inode *inode, struct file *filep)
 {
 	struct kcov *kcov;
 
+	/*
+	 * CONFIG_KCOV was selected, but the compiler does not support the
+	 * options KCOV requires.
+	 */
+	if (!IS_ENABLED(CONFIG_KCOV_CC))
+		return -ENOTSUPP;
+
 	kcov = kzalloc(sizeof(*kcov), GFP_KERNEL);
 	if (!kcov)
 		return -ENOMEM;
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ