| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Sep 2020 13:18:11 +0200
From: Marco Elver <elver@...gle.com>
To: George Popescu <georgepope@...gle.com>
Cc: Kees Cook <keescook@...omium.org>, maz@...nel.org,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Masahiro Yamada <masahiroy@...nel.org>,
Michal Marek <michal.lkml@...kovi.net>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
kvmarm@...ts.cs.columbia.edu, LKML <linux-kernel@...r.kernel.org>,
Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
clang-built-linux <clang-built-linux@...glegroups.com>,
james.morse@....com, julien.thierry.kdev@...il.com,
suzuki.poulose@....com,
Nathan Chancellor <natechancellor@...il.com>,
Nick Desaulniers <ndesaulniers@...gle.com>,
dbrazdil@...gle.com, broonie@...nel.org, maskray@...gle.com,
ascull@...gle.com, Andrew Morton <akpm@...ux-foundation.org>,
Dmitry Vyukov <dvyukov@...gle.com>,
Thomas Gleixner <tglx@...utronix.de>,
Arnd Bergmann <arnd@...db.de>
Subject: Re: [PATCH 06/14] Fix CFLAGS for UBSAN_BOUNDS on Clang
On Tue, 15 Sep 2020 at 12:25, George Popescu <georgepope@...gle.com> wrote:
> On Mon, Sep 14, 2020 at 03:13:14PM -0700, Kees Cook wrote:
> > On Mon, Sep 14, 2020 at 05:27:42PM +0000, George-Aurelian Popescu wrote:
> > > From: George Popescu <georgepope@...gle.com>
> > >
> > > When the kernel is compiled with Clang, UBSAN_BOUNDS inserts a brk after
> > > the handler call, preventing it from printing any information processed
> > > inside the buffer.
> > > For Clang -fsanitize=bounds expands to -fsanitize=array-bounds and
> > > -fsanitize=local-bounds, and the latter adds a brk after the handler
> > > call
> >
> > That sounds like a compiler bug?
> Actually in clang 12 documentation is written that -fsanitize=bounds
> expands to that. GCC doesn't have those two options, only the
> -fsanitize=bounds which looks similar to -fsanitize=array-bounds from
> clang. So I don't see it as a compiler bug, just a misuse of flags.
Clang just allows to be more selective, but ultimately we want to
cover as many bug-classes as possible. There is little point in giving
up checks with Clang just because GCC doesn't implement them. If there
are other valid reasons to give it up, that's fine, but so far it
seems we never ran into the issue you ran into -- which is also a bit
odd, because I do see in the instrumentation passes that
fsanitize=bounds emits traps sometimes.
[...]
> > > ifdef CONFIG_UBSAN_BOUNDS
> > > - CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds)
> > > + # For Clang -fsanitize=bounds translates to -fsanitize=array-bounds and
> > > + # -fsanitize=local-bounds; the latter adds a brk right after the
> > > + # handler is called.
> > > + ifdef CONFIG_CC_IS_CLANG
> > > + CFLAGS_UBSAN += $(call cc-option, -fsanitize=array-bounds)
> >
> > This would mean losing the local-bounds coverage? Isn't that for locally
> > defined arrays on the stack?
> This would mean losing the local-bounds coverage. I tried to test it without
> local-bounds and with a locally defined array on the stack and it works fine
> (the handler is called and the error reported). For me it feels like
> --array-bounds and --local-bounds are triggered for the same type of
> undefined_behaviours but they are handling them different.
Does -fno-sanitize-trap=bounds help?
Thanks,
-- Marco
Powered by blists - more mailing lists