| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Oct 2021 20:06:20 -0700
From: Kees Cook <keescook@...omium.org>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Christoph Lameter <cl@...ux.com>,
Pekka Enberg <penberg@...nel.org>,
David Rientjes <rientjes@...gle.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Vlastimil Babka <vbabka@...e.cz>,
Andy Whitcroft <apw@...onical.com>,
Dennis Zhou <dennis@...nel.org>,
Dwaipayan Ray <dwaipayanray1@...il.com>,
Joe Perches <joe@...ches.com>,
Lukas Bulwahn <lukas.bulwahn@...il.com>,
Miguel Ojeda <ojeda@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Tejun Heo <tj@...nel.org>,
Daniel Micay <danielmicay@...il.com>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Masahiro Yamada <masahiroy@...nel.org>,
Michal Marek <michal.lkml@...kovi.net>,
clang-built-linux@...glegroups.com, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH v3 4/8] slab: Add __alloc_size attributes for better
bounds checking
On Tue, Oct 05, 2021 at 06:47:17PM -0700, Andrew Morton wrote:
> On Thu, 30 Sep 2021 15:27:00 -0700 Kees Cook <keescook@...omium.org> wrote:
>
> > As already done in GrapheneOS, add the __alloc_size attribute for regular
> > kmalloc interfaces, to provide additional hinting for better bounds
> > checking, assisting CONFIG_FORTIFY_SOURCE and other compiler
> > optimizations.
>
> x86_64 allmodconfig:
What compiler and version?
>
> In file included from ./arch/x86/include/asm/preempt.h:7,
> from ./include/linux/preempt.h:78,
> from ./include/linux/spinlock.h:55,
> from ./include/linux/mmzone.h:8,
> from ./include/linux/gfp.h:6,
> from ./include/linux/mm.h:10,
> from ./include/linux/mman.h:5,
> from lib/test_kasan_module.c:10:
> In function 'check_copy_size',
> inlined from 'copy_user_test' at ./include/linux/uaccess.h:191:6:
> ./include/linux/thread_info.h:213:4: error: call to '__bad_copy_to' declared with attribute error: copy destination size is too small
> 213 | __bad_copy_to();
> | ^~~~~~~~~~~~~~~
> In function 'check_copy_size',
> inlined from 'copy_user_test' at ./include/linux/uaccess.h:199:6:
> ./include/linux/thread_info.h:211:4: error: call to '__bad_copy_from' declared with attribute error: copy source size is too small
> 211 | __bad_copy_from();
> | ^~~~~~~~~~~~~~~~~
> make[1]: *** [lib/test_kasan_module.o] Error 1
> make: *** [lib] Error 2
Hah, yes, it caught an intentionally bad copy. This may bypass the
check, as I've had to do in LKDTM before. I will test...
diff --git a/lib/test_kasan_module.c b/lib/test_kasan_module.c
index 7ebf433edef3..9fb2fb2937da 100644
--- a/lib/test_kasan_module.c
+++ b/lib/test_kasan_module.c
@@ -19,7 +19,12 @@ static noinline void __init copy_user_test(void)
{
char *kmem;
char __user *usermem;
- size_t size = 128 - KASAN_GRANULE_SIZE;
+ /*
+ * This is marked volatile to avoid __alloc_size()
+ * noticing the intentionally out-of-bounds copys
+ * being done on the allocation.
+ */
+ volatile size_t size = 128 - KASAN_GRANULE_SIZE;
int __maybe_unused unused;
kmem = kmalloc(size, GFP_KERNEL);
--
Kees Cook
Powered by blists - more mailing lists