lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1583891602.17522.17.camel@mtksdccf07>
Date:   Wed, 11 Mar 2020 09:53:22 +0800
From:   Walter Wu <walter-zh.wu@...iatek.com>
To:     Dmitry Vyukov <dvyukov@...gle.com>, Qian Cai <cai@....pw>
CC:     Andrew Morton <akpm@...ux-foundation.org>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>,
        Alexander Potapenko <glider@...gle.com>,
        kasan-dev <kasan-dev@...glegroups.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH -next] lib/test_kasan: silence a -Warray-bounds warning

Hi Qian,

On Tue, 2020-03-10 at 16:20 +0100, 'Dmitry Vyukov' via kasan-dev wrote:
> On Tue, Mar 10, 2020 at 2:38 PM Qian Cai <cai@....pw> wrote:
> >
> > The commit "kasan: add test for invalid size in memmove" introduced a
> > compilation warning where it used a negative size on purpose. Silence it
> > by disabling "array-bounds" checking for this file only for testing
> > purpose.
> >
> > In file included from ./include/linux/bitmap.h:9,
> >                  from ./include/linux/cpumask.h:12,
> >                  from ./arch/x86/include/asm/cpumask.h:5,
> >                  from ./arch/x86/include/asm/msr.h:11,
> >                  from ./arch/x86/include/asm/processor.h:22,
> >                  from ./arch/x86/include/asm/cpufeature.h:5,
> >                  from ./arch/x86/include/asm/thread_info.h:53,
> >                  from ./include/linux/thread_info.h:38,
> >                  from ./arch/x86/include/asm/preempt.h:7,
> >                  from ./include/linux/preempt.h:78,
> >                  from ./include/linux/rcupdate.h:27,
> >                  from ./include/linux/rculist.h:11,
> >                  from ./include/linux/pid.h:5,
> >                  from ./include/linux/sched.h:14,
> >                  from ./include/linux/uaccess.h:6,
> >                  from ./arch/x86/include/asm/fpu/xstate.h:5,
> >                  from ./arch/x86/include/asm/pgtable.h:26,
> >                  from ./include/linux/kasan.h:15,
> >                  from lib/test_kasan.c:12:
> > In function 'memmove',
> >     inlined from 'kmalloc_memmove_invalid_size' at
> > lib/test_kasan.c:301:2:
> > ./include/linux/string.h:441:9: warning: '__builtin_memmove' pointer
> > overflow between offset 0 and size [-2, 9223372036854775807]
> > [-Warray-bounds]
> >   return __builtin_memmove(p, q, size);
> >          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >

When pass the negative numbers, then there are two warning. In gcc-8 the
warning is checked by array-bounds, but in gcc-9 the warning is checked
by stringop-overflow.

I try to use you patch to check the gcc-9 toolchains, but it still have
the warning, but using below the patch can fix the warning in gcc-8 and
gcc-9.


--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -289,6 +289,7 @@ static noinline void __init
kmalloc_memmove_invalid_size(void)
 {
        char *ptr;
        size_t size = 64;
+       volatile size_t invalid_size = -2;

        pr_info("invalid size in memmove\n");
        ptr = kmalloc(size, GFP_KERNEL);
@@ -298,7 +299,7 @@ static noinline void __init
kmalloc_memmove_invalid_size(void)
        }

        memset((char *)ptr, 0, 64);
-       memmove((char *)ptr, (char *)ptr + 4, -2);
+       memmove((char *)ptr, (char *)ptr + 4, invalid_size);
        kfree(ptr);
 }



> > Signed-off-by: Qian Cai <cai@....pw>
> > ---
> >  lib/Makefile | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/lib/Makefile b/lib/Makefile
> > index ab68a8674360..24d519a0741d 100644
> > --- a/lib/Makefile
> > +++ b/lib/Makefile
> > @@ -297,6 +297,8 @@ UBSAN_SANITIZE_ubsan.o := n
> >  KASAN_SANITIZE_ubsan.o := n
> >  KCSAN_SANITIZE_ubsan.o := n
> >  CFLAGS_ubsan.o := $(call cc-option, -fno-stack-protector) $(DISABLE_STACKLEAK_PLUGIN)
> > +# kmalloc_memmove_invalid_size() does this on purpose.
> > +CFLAGS_test_kasan.o += $(call cc-disable-warning, array-bounds)
> >
> >  obj-$(CONFIG_SBITMAP) += sbitmap.o
> >
> > --
> > 1.8.3.1
> >
> 
> Acked-by: Dmitry Vyukov <dvyukov@...gle.com>
> 
> Thanks
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ