lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 4 Sep 2018 13:10:23 +0300
From:   Andrey Ryabinin <aryabinin@...tuozzo.com>
To:     Kyeongdon Kim <kyeongdon.kim@....com>
Cc:     catalin.marinas@....com, will.deacon@....com, glider@...gle.com,
        dvyukov@...gle.com, Jason@...c4.com, robh@...nel.org,
        ard.biesheuvel@...aro.org, linux-arm-kernel@...ts.infradead.org,
        linux-kernel@...r.kernel.org, kasan-dev@...glegroups.com,
        linux-mm@...ck.org
Subject: Re: [PATCH v2] arm64: kasan: add interceptors for strcmp/strncmp
 functions



On 09/04/2018 09:59 AM, Kyeongdon Kim wrote:

>> > +#undef strncmp
>> > +int strncmp(const char *cs, const char *ct, size_t len)
>> > +{
>> > + check_memory_region((unsigned long)cs, len, false, _RET_IP_);
>> > + check_memory_region((unsigned long)ct, len, false, _RET_IP_);
>>
>> This will cause false positives. Both 'cs', and 'ct' could be less than len bytes.
>>
>> There is no need in these interceptors, just use the C implementations from lib/string.c
>> like you did in your first patch.
>> The only thing that was wrong in the first patch is that assembly implementations
>> were compiled out instead of being declared week.
>>
> Well, at first I thought so..
> I would remove diff code in /mm/kasan/kasan.c then use C implementations in lib/string.c
> w/ assem implementations as weak :
> 
> diff --git a/lib/string.c b/lib/string.c
> index 2c0900a..a18b18f 100644
> --- a/lib/string.c
> +++ b/lib/string.c
> @@ -312,7 +312,7 @@ size_t strlcat(char *dest, const char *src, size_t count)
>  EXPORT_SYMBOL(strlcat);
>  #endif
> 
> -#ifndef __HAVE_ARCH_STRCMP
> +#if (defined(CONFIG_ARM64) && defined(CONFIG_KASAN)) || !defined(__HAVE_ARCH_STRCMP)

No. What part of "like you did in your first patch" is unclear to you?

>  /**
>   * strcmp - Compare two strings
>   * @cs: One string
> @@ -336,7 +336,7 @@ int strcmp(const char *cs, const char *ct)
>  EXPORT_SYMBOL(strcmp);
>  #endif
> 
> -#ifndef __HAVE_ARCH_STRNCMP
> +#if (defined(CONFIG_ARM64) && defined(CONFIG_KASAN)) || !defined(__HAVE_ARCH_STRNCMP)
>  /**
>   * strncmp - Compare two length-limited strings
> 
> Can I get your opinion wrt this ?
> 
> Thanks,
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ