| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Mar 2020 09:53:22 +0800
From: Walter Wu <walter-zh.wu@...iatek.com>
To: Dmitry Vyukov <dvyukov@...gle.com>, Qian Cai <cai@....pw>
CC: Andrew Morton <akpm@...ux-foundation.org>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Alexander Potapenko <glider@...gle.com>,
kasan-dev <kasan-dev@...glegroups.com>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH -next] lib/test_kasan: silence a -Warray-bounds warning
Hi Qian,
On Tue, 2020-03-10 at 16:20 +0100, 'Dmitry Vyukov' via kasan-dev wrote:
> On Tue, Mar 10, 2020 at 2:38 PM Qian Cai <cai@....pw> wrote:
> >
> > The commit "kasan: add test for invalid size in memmove" introduced a
> > compilation warning where it used a negative size on purpose. Silence it
> > by disabling "array-bounds" checking for this file only for testing
> > purpose.
> >
> > In file included from ./include/linux/bitmap.h:9,
> > from ./include/linux/cpumask.h:12,
> > from ./arch/x86/include/asm/cpumask.h:5,
> > from ./arch/x86/include/asm/msr.h:11,
> > from ./arch/x86/include/asm/processor.h:22,
> > from ./arch/x86/include/asm/cpufeature.h:5,
> > from ./arch/x86/include/asm/thread_info.h:53,
> > from ./include/linux/thread_info.h:38,
> > from ./arch/x86/include/asm/preempt.h:7,
> > from ./include/linux/preempt.h:78,
> > from ./include/linux/rcupdate.h:27,
> > from ./include/linux/rculist.h:11,
> > from ./include/linux/pid.h:5,
> > from ./include/linux/sched.h:14,
> > from ./include/linux/uaccess.h:6,
> > from ./arch/x86/include/asm/fpu/xstate.h:5,
> > from ./arch/x86/include/asm/pgtable.h:26,
> > from ./include/linux/kasan.h:15,
> > from lib/test_kasan.c:12:
> > In function 'memmove',
> > inlined from 'kmalloc_memmove_invalid_size' at
> > lib/test_kasan.c:301:2:
> > ./include/linux/string.h:441:9: warning: '__builtin_memmove' pointer
> > overflow between offset 0 and size [-2, 9223372036854775807]
> > [-Warray-bounds]
> > return __builtin_memmove(p, q, size);
> > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
When pass the negative numbers, then there are two warning. In gcc-8 the
warning is checked by array-bounds, but in gcc-9 the warning is checked
by stringop-overflow.
I try to use you patch to check the gcc-9 toolchains, but it still have
the warning, but using below the patch can fix the warning in gcc-8 and
gcc-9.
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -289,6 +289,7 @@ static noinline void __init
kmalloc_memmove_invalid_size(void)
{
char *ptr;
size_t size = 64;
+ volatile size_t invalid_size = -2;
pr_info("invalid size in memmove\n");
ptr = kmalloc(size, GFP_KERNEL);
@@ -298,7 +299,7 @@ static noinline void __init
kmalloc_memmove_invalid_size(void)
}
memset((char *)ptr, 0, 64);
- memmove((char *)ptr, (char *)ptr + 4, -2);
+ memmove((char *)ptr, (char *)ptr + 4, invalid_size);
kfree(ptr);
}
> > Signed-off-by: Qian Cai <cai@....pw>
> > ---
> > lib/Makefile | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/lib/Makefile b/lib/Makefile
> > index ab68a8674360..24d519a0741d 100644
> > --- a/lib/Makefile
> > +++ b/lib/Makefile
> > @@ -297,6 +297,8 @@ UBSAN_SANITIZE_ubsan.o := n
> > KASAN_SANITIZE_ubsan.o := n
> > KCSAN_SANITIZE_ubsan.o := n
> > CFLAGS_ubsan.o := $(call cc-option, -fno-stack-protector) $(DISABLE_STACKLEAK_PLUGIN)
> > +# kmalloc_memmove_invalid_size() does this on purpose.
> > +CFLAGS_test_kasan.o += $(call cc-disable-warning, array-bounds)
> >
> > obj-$(CONFIG_SBITMAP) += sbitmap.o
> >
> > --
> > 1.8.3.1
> >
>
> Acked-by: Dmitry Vyukov <dvyukov@...gle.com>
>
> Thanks
>
Powered by blists - more mailing lists