| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190506154200.GA14919@kroah.com>
Date: Mon, 6 May 2019 17:42:00 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Dmitry Vyukov <dvyukov@...gle.com>,
Alexander Potapenko <glider@...gle.com>,
Andrey Konovalov <andreyknvl@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 4.9 09/62] kasan: turn on
-fsanitize-address-use-after-scope
On Mon, May 06, 2019 at 06:36:45PM +0300, Andrey Ryabinin wrote:
>
>
> On 5/6/19 6:10 PM, Greg Kroah-Hartman wrote:
> > On Mon, May 06, 2019 at 05:55:54PM +0300, Andrey Ryabinin wrote:
> >>
> >>
> >> On 5/6/19 5:32 PM, Greg Kroah-Hartman wrote:
> >>> From: Andrey Ryabinin <aryabinin@...tuozzo.com>
> >>>
> >>> commit c5caf21ab0cf884ef15b25af234f620e4a233139 upstream.
> >>>
> >>> In the upcoming gcc7 release, the -fsanitize=kernel-address option at
> >>> first implied new -fsanitize-address-use-after-scope option. This would
> >>> cause link errors on older kernels because they don't have two new
> >>> functions required for use-after-scope support. Therefore, gcc7 changed
> >>> default to -fno-sanitize-address-use-after-scope.
> >>>
> >>> Now the kernel has everything required for that feature since commit
> >>> 828347f8f9a5 ("kasan: support use-after-scope detection"). So, to make it
> >>> work, we just have to enable use-after-scope in CFLAGS.
> >>>
> >>> Link: http://lkml.kernel.org/r/1481207977-28654-1-git-send-email-aryabinin@virtuozzo.com
> >>> Signed-off-by: Andrey Ryabinin <aryabinin@...tuozzo.com>
> >>> Acked-by: Dmitry Vyukov <dvyukov@...gle.com>
> >>> Cc: Alexander Potapenko <glider@...gle.com>
> >>> Cc: Andrey Konovalov <andreyknvl@...gle.com>
> >>> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
> >>> Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
> >>> Signed-off-by: Andrey Konovalov <andreyknvl@...gle.com>
> >>> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> >>>
> >>> ---
> >>> scripts/Makefile.kasan | 2 ++
> >>> 1 file changed, 2 insertions(+)
> >>>
> >>> --- a/scripts/Makefile.kasan
> >>> +++ b/scripts/Makefile.kasan
> >>> @@ -29,6 +29,8 @@ else
> >>> endif
> >>> endif
> >>>
> >>> +CFLAGS_KASAN += $(call cc-option, -fsanitize-address-use-after-scope)
> >>> +
> >>> CFLAGS_KASAN_NOSANITIZE := -fno-builtin
> >>>
> >>> endif
> >>>
> >>>
> >>
> >> This shouldn't be in the -stable.
> >
> > Why not? Does no one use gcc7 with this kernel and kasan?
> >
>
> You don't need this patch to use kasan on this kernel with gcc7.
> This patch only enables detection of use-after-scope bugs. This feature appeared to be useless,
> hence it disabled recently by commit 7771bdbbfd3d ("kasan: remove use after scope bugs detection.")
Ah, didn't notice that, nice!
Ok, I'll go drop this, thanks for letting me know.
> The link errors mentioned in changelog was the problem only for some period of time in the development branch of GCC 7.
> The released GCC7 version doesn't have this problem.
Also good to know, thanks!
greg k-h
Powered by blists - more mailing lists