lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAKwvOd=q8VT2HnOzZtbbAZrZqGmhF5X-+fu3fK0bdaXvXrDX8w@mail.gmail.com>
Date:   Tue, 31 Jul 2018 14:10:58 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     lkp@...el.com, kbuild-all@...org,
        Andrew Morton <akpm@...ux-foundation.org>,
        Nathan Chancellor <natechancellor@...il.com>,
        Arnd Bergmann <arnd@...db.de>, paul.burton@...s.com,
        christophe.leroy@....fr, shorne@...il.com,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Ingo Molnar <mingo@...nel.org>,
        Greg KH <gregkh@...uxfoundation.org>,
        Thomas Gleixner <tglx@...utronix.de>, rdunlap@...radead.org,
        bp@...e.de, neilb@...e.com, LKML <linux-kernel@...r.kernel.org>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>, dwmw@...zon.co.uk,
        sandipan@...ux.vnet.ibm.com, linux@...musvillemoes.dk,
        Paul Lawrence <paullawrence@...gle.com>,
        Andrey Konovalov <andreyknvl@...gle.com>,
        Will Deacon <will.deacon@....com>, ghackmann@...roid.com,
        stable@...r.kernel.org, Greg Hackmann <ghackmann@...gle.com>,
        Matthias Kaehlcke <mka@...omium.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Wei Wang <wvw@...gle.com>, avagin@...nvz.org
Subject: Re: [PATCH v2 2/2] kernel.h: Disable -Wreturn-stack-address for _THIS_IP_

On Tue, Jul 31, 2018 at 11:58 AM Nick Desaulniers
<ndesaulniers@...gle.com> wrote:
>
> On Tue, Jul 31, 2018 at 10:02 AM Kees Cook <keescook@...omium.org> wrote:
> >
> > On Tue, Jul 31, 2018 at 9:48 AM, Nick Desaulniers
> > > On Tue, Jul 31, 2018 at 3:27 AM kbuild test robot <lkp@...el.com> wrote:
> > >>    drivers/net//wireless/intel/iwlwifi/iwl-trans.c: In function 'iwl_trans_send_cmd':
> > >> >> drivers/net//wireless/intel/iwlwifi/iwl-trans.c:137:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
> > >>      if (!(cmd->flags & CMD_ASYNC))
> > >>      ^~
> > >>    drivers/net//wireless/intel/iwlwifi/iwl-trans.c:138:1: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
> > >>       lock_map_acquire_read(&trans->sync_cmd_lockdep_map);
> > >>     ^ ~
> > >>
> > >> vim +/if +137 drivers/net//wireless/intel/iwlwifi/iwl-trans.c
> > >>
> > >> 92fe8343 Emmanuel Grumbach 2015-12-01 @137      if (!(cmd->flags & CMD_ASYNC))
> > >> 92fe8343 Emmanuel Grumbach 2015-12-01  138              lock_map_acquire_read(&trans->sync_cmd_lockdep_map);
> >
> > #define lock_map_acquire_read(l)
> > lock_acquire_shared_recursive(l, 0, 0, NULL, _THIS_IP_)
> >
> > #define lock_acquire_shared_recursive(l, s, t, n, i)
> > lock_acquire(l, s, t, 2, 1, n, i)
> >
> > The config doesn't have CONFIG_LOCKDEP, so it's not:
> >
> > extern void lock_acquire(struct lockdep_map *lock, unsigned int subclass,
> >                          int trylock, int read, int check,
> >                          struct lockdep_map *nest_lock, unsigned long ip);
> >
> > but rather:
> >
> > # define lock_acquire(l, s, t, r, c, n, i)      do { } while (0)
>
> This is tricky, if I preprocess that translation unit with the exact
> flags used during compilation, I get:
>
> ```
>  if (!(cmd->flags & CMD_ASYNC))
>
> #pragma GCC diagnostic push
>
> #pragma GCC diagnostic pop
>  do { } while (0);
> ```
>
> Which is not enough to trigger -Wmisleading-indentation alone.  It is
> curious that if we add braces to that if statement (as Nathan notes in
> a sibling post) or removing the pop (not shippable) seems to fix the
> warning.

Something fishy is going on here: https://godbolt.org/g/b5dsqH

It seems that gcc's warning is technically correct, but it seems to be
a miscompile as puts() in my reduced test case is called
unconditionally.  I've filed:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86765

In the meanwhile, I've reworked the patch to change _THIS_IP_ to a
only contain a function call, to a new static inline function which
does what the statement expression used to.  This now triggers
-Wreturn-local-addr warnings in gcc, which is a warning added in
gcc-4.8, so I need to add another __diag_ignore, and case for gcc 4.8
to include/linux/compiler-gcc.h.

At this point, I think I might as well consolidate current_text_addr()
and _THIS_IP_.  Stay tuned for v3.

--
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ