lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <8b6f684a-38d4-c757-ce0f-fdb2e0a3476b@c-s.fr>
Date:   Mon, 18 Jun 2018 09:01:21 +0200
From:   Christophe LEROY <christophe.leroy@....fr>
To:     Paul Burton <paul.burton@...s.com>, linux-kbuild@...r.kernel.org
Cc:     Mauro Carvalho Chehab <mchehab@...nel.org>,
        linux-mips@...ux-mips.org, Arnd Bergmann <arnd@...db.de>,
        Ingo Molnar <mingo@...nel.org>,
        Matthew Wilcox <matthew@....cx>,
        Thomas Gleixner <tglx@...utronix.de>,
        Douglas Anderson <dianders@...omium.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Matthias Kaehlcke <mka@...omium.org>,
        He Zhe <zhe.he@...driver.com>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Michal Marek <michal.lkml@...kovi.net>,
        Khem Raj <raj.khem@...il.com>,
        Al Viro <viro@...iv.linux.org.uk>,
        Stafford Horne <shorne@...il.com>,
        Gideon Israel Dsouza <gidisrael@...il.com>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Kees Cook <keescook@...omium.org>,
        Michael Ellerman <mpe@...erman.id.au>,
        Heiko Carstens <heiko.carstens@...ibm.com>,
        linux-kernel@...r.kernel.org, Paul Mackerras <paulus@...ba.org>,
        linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH 2/3] disable -Wattribute-alias warning for
 SYSCALL_DEFINEx()



Le 16/06/2018 à 02:53, Paul Burton a écrit :
> From: Arnd Bergmann <arnd@...db.de>
> 
> gcc-8 warns for every single definition of a system call entry
> point, e.g.:
> 
> include/linux/compat.h:56:18: error: 'compat_sys_rt_sigprocmask' alias between functions of incompatible types 'long int(int,  compat_sigset_t *, compat_sigset_t *, compat_size_t)' {aka 'long int(int,  struct <anonymous> *, struct <anonymous> *, unsigned int)'} and 'long int(long int,  long int,  long int,  long int)' [-Werror=attribute-alias]
>    asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))\
>                    ^~~~~~~~~~
> include/linux/compat.h:45:2: note: in expansion of macro 'COMPAT_SYSCALL_DEFINEx'
>    COMPAT_SYSCALL_DEFINEx(4, _##name, __VA_ARGS__)
>    ^~~~~~~~~~~~~~~~~~~~~~
> kernel/signal.c:2601:1: note: in expansion of macro 'COMPAT_SYSCALL_DEFINE4'
>   COMPAT_SYSCALL_DEFINE4(rt_sigprocmask, int, how, compat_sigset_t __user *, nset,
>   ^~~~~~~~~~~~~~~~~~~~~~
> include/linux/compat.h:60:18: note: aliased declaration here
>    asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))\
>                    ^~~~~~~~~~
> 
> The new warning seems reasonable in principle, but it doesn't
> help us here, since we rely on the type mismatch to sanitize the
> system call arguments. After I reported this as GCC PR82435, a new
> -Wno-attribute-alias option was added that could be used to turn the
> warning off globally on the command line, but I'd prefer to do it a
> little more fine-grained.
> 
> Interestingly, turning a warning off and on again inside of
> a single macro doesn't always work, in this case I had to add
> an extra statement inbetween and decided to copy the __SC_TEST
> one from the native syscall to the compat syscall macro.  See
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83256 for more details
> about this.
> 
> [paul.burton@...s.com:
>    - Rebase atop current master.
>    - Split GCC & version arguments to __diag_ignore() in order to match
>      changes to the preceding patch.
>    - Add the comment argument to match the preceding patch.]
> 
> Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82435
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> Signed-off-by: Paul Burton <paul.burton@...s.com>
> Cc: Michal Marek <michal.lkml@...kovi.net>
> Cc: Masahiro Yamada <yamada.masahiro@...ionext.com>
> Cc: Douglas Anderson <dianders@...omium.org>
> Cc: Al Viro <viro@...iv.linux.org.uk>
> Cc: Heiko Carstens <heiko.carstens@...ibm.com>
> Cc: Mauro Carvalho Chehab <mchehab@...nel.org>
> Cc: Matthew Wilcox <matthew@....cx>
> Cc: Matthias Kaehlcke <mka@...omium.org>
> Cc: Arnd Bergmann <arnd@...db.de>
> Cc: Ingo Molnar <mingo@...nel.org>
> Cc: Josh Poimboeuf <jpoimboe@...hat.com>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: Andrew Morton <akpm@...ux-foundation.org>
> Cc: Thomas Gleixner <tglx@...utronix.de>
> Cc: Gideon Israel Dsouza <gidisrael@...il.com>
> Cc: Christophe Leroy <christophe.leroy@....fr>
> Cc: Benjamin Herrenschmidt <benh@...nel.crashing.org>
> Cc: Paul Mackerras <paulus@...ba.org>
> Cc: Michael Ellerman <mpe@...erman.id.au>
> Cc: Stafford Horne <shorne@...il.com>
> Cc: Khem Raj <raj.khem@...il.com>
> Cc: He Zhe <zhe.he@...driver.com>
> Cc: linux-kbuild@...r.kernel.org
> Cc: linux-kernel@...r.kernel.org
> Cc: linux-mips@...ux-mips.org
> Cc: linuxppc-dev@...ts.ozlabs.org

Tested-by: Christophe Leroy <christophe.leroy@....fr>


> ---
> 
>   include/linux/compat.h   | 8 +++++++-
>   include/linux/syscalls.h | 4 ++++
>   2 files changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/include/linux/compat.h b/include/linux/compat.h
> index b1a5562b3215..c68acc47da57 100644
> --- a/include/linux/compat.h
> +++ b/include/linux/compat.h
> @@ -72,6 +72,9 @@
>    */
>   #ifndef COMPAT_SYSCALL_DEFINEx
>   #define COMPAT_SYSCALL_DEFINEx(x, name, ...)					\
> +	__diag_push();								\
> +	__diag_ignore(GCC, 8, "-Wattribute-alias",				\
> +		      "Type aliasing is used to sanitize syscall arguments");\
>   	asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));	\
>   	asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))	\
>   		__attribute__((alias(__stringify(__se_compat_sys##name))));	\
> @@ -80,8 +83,11 @@
>   	asmlinkage long __se_compat_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__));	\
>   	asmlinkage long __se_compat_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__))	\
>   	{									\
> -		return __do_compat_sys##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__));\
> +		long ret = __do_compat_sys##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__));\
> +		__MAP(x,__SC_TEST,__VA_ARGS__);					\
> +		return ret;							\
>   	}									\
> +	__diag_pop();								\
>   	static inline long __do_compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))
>   #endif /* COMPAT_SYSCALL_DEFINEx */
>   
> diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
> index 73810808cdf2..a368a68cb667 100644
> --- a/include/linux/syscalls.h
> +++ b/include/linux/syscalls.h
> @@ -231,6 +231,9 @@ static inline int is_syscall_trace_event(struct trace_event_call *tp_event)
>    */
>   #ifndef __SYSCALL_DEFINEx
>   #define __SYSCALL_DEFINEx(x, name, ...)					\
> +	__diag_push();							\
> +	__diag_ignore(GCC, 8, "-Wattribute-alias",			\
> +		      "Type aliasing is used to sanitize syscall arguments");\
>   	asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))	\
>   		__attribute__((alias(__stringify(__se_sys##name))));	\
>   	ALLOW_ERROR_INJECTION(sys##name, ERRNO);			\
> @@ -243,6 +246,7 @@ static inline int is_syscall_trace_event(struct trace_event_call *tp_event)
>   		__PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__));	\
>   		return ret;						\
>   	}								\
> +	__diag_pop();							\
>   	static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))
>   #endif /* __SYSCALL_DEFINEx */
>   
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ