lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180920105653.10964-1-linux@rasmusvillemoes.dk>
Date:   Thu, 20 Sep 2018 12:56:53 +0200
From:   Rasmus Villemoes <linux@...musvillemoes.dk>
To:     Jason Baron <jbaron@...mai.com>,
        Andrew Morton <akpm@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org,
        Rasmus Villemoes <linux@...musvillemoes.dk>, x86@...nel.org
Subject: [PATCH 23/22] x86: dynamic_debug: protect against dynamic debug identifier reuse

Most invocations of DEFINE_DYNAMIC_DEBUG_METADATA happen through
"public" macros such as pr_debug or netdev_dbg, which have been updated
to ensure they pass a unique identifier to use as the name for the
struct _ddebug instance. But it is still possible that someone invokes
DEFINE_DYNAMIC_DEBUG_METADATA directly, or creates a new wrapper macro
that does not do the extra-level-of-macros-passing-on-a__UNIQUE_ID
dance. On x86-64, all subsequent uses of that same identifier would
silently reuse the first instance, which is bad.

But we can catch such cases by defining a guard symbol that is unique
per expansion of DEFINE_DYNAMIC_DEBUG_METADATA. This still allows gcc to
emit multiple copies of some static inline function that has a pr_debug
call (because all such copies would pass the same value of %5 to the
assembler), but prevents repeated naked
DEFINE_DYNAMIC_DEBUG_METADATA(descriptor, "bla") - even with a helpful
error message saying that '"descriptor" used as _ddebug identifer more
than once'.

Cc: x86@...nel.org
Signed-off-by: Rasmus Villemoes <linux@...musvillemoes.dk>
---
Just in case it wasn't already ugly enough ;)

 arch/x86/include/asm/dynamic_debug.h | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/dynamic_debug.h b/arch/x86/include/asm/dynamic_debug.h
index 350ef6e2feff..69167f40482c 100644
--- a/arch/x86/include/asm/dynamic_debug.h
+++ b/arch/x86/include/asm/dynamic_debug.h
@@ -26,10 +26,15 @@
 		     "\t.long 0        \t# <padding>\n"			\
 		     _DPRINTK_ASM_KEY_INIT				\
 		     ".popsection\n"					\
+		     ".set "__stringify(name)".ddebug.once, %c5\n"	\
+		     ".elseif "__stringify(name)".ddebug.once - %c5\n"	\
+		     ".line "__stringify(__LINE__) " - 1\n"		\
+		     ".error \"'"__stringify(name)"' used as _ddebug identifier more than once\"\n" \
 		     ".endif\n"						\
 		     : : "i" (KBUILD_MODNAME), "i" (__func__),		\
 		       "i" (__FILE__), "i" (fmt),			\
-		       "i" (_DPRINTK_FLAGS_LINENO_INIT))
+		       "i" (_DPRINTK_FLAGS_LINENO_INIT),		\
+		       "i" (__COUNTER__))
 
 #endif /* _ASM_X86_DYNAMIC_DEBUG_H */
 
-- 
2.16.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ