lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Oct 2021 20:06:20 -0700 From: Kees Cook <keescook@...omium.org> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Christoph Lameter <cl@...ux.com>, Pekka Enberg <penberg@...nel.org>, David Rientjes <rientjes@...gle.com>, Joonsoo Kim <iamjoonsoo.kim@....com>, Vlastimil Babka <vbabka@...e.cz>, Andy Whitcroft <apw@...onical.com>, Dennis Zhou <dennis@...nel.org>, Dwaipayan Ray <dwaipayanray1@...il.com>, Joe Perches <joe@...ches.com>, Lukas Bulwahn <lukas.bulwahn@...il.com>, Miguel Ojeda <ojeda@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Tejun Heo <tj@...nel.org>, Daniel Micay <danielmicay@...il.com>, Nick Desaulniers <ndesaulniers@...gle.com>, Masahiro Yamada <masahiroy@...nel.org>, Michal Marek <michal.lkml@...kovi.net>, clang-built-linux@...glegroups.com, linux-mm@...ck.org, linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH v3 4/8] slab: Add __alloc_size attributes for better bounds checking On Tue, Oct 05, 2021 at 06:47:17PM -0700, Andrew Morton wrote: > On Thu, 30 Sep 2021 15:27:00 -0700 Kees Cook <keescook@...omium.org> wrote: > > > As already done in GrapheneOS, add the __alloc_size attribute for regular > > kmalloc interfaces, to provide additional hinting for better bounds > > checking, assisting CONFIG_FORTIFY_SOURCE and other compiler > > optimizations. > > x86_64 allmodconfig: What compiler and version? > > In file included from ./arch/x86/include/asm/preempt.h:7, > from ./include/linux/preempt.h:78, > from ./include/linux/spinlock.h:55, > from ./include/linux/mmzone.h:8, > from ./include/linux/gfp.h:6, > from ./include/linux/mm.h:10, > from ./include/linux/mman.h:5, > from lib/test_kasan_module.c:10: > In function 'check_copy_size', > inlined from 'copy_user_test' at ./include/linux/uaccess.h:191:6: > ./include/linux/thread_info.h:213:4: error: call to '__bad_copy_to' declared with attribute error: copy destination size is too small > 213 | __bad_copy_to(); > | ^~~~~~~~~~~~~~~ > In function 'check_copy_size', > inlined from 'copy_user_test' at ./include/linux/uaccess.h:199:6: > ./include/linux/thread_info.h:211:4: error: call to '__bad_copy_from' declared with attribute error: copy source size is too small > 211 | __bad_copy_from(); > | ^~~~~~~~~~~~~~~~~ > make[1]: *** [lib/test_kasan_module.o] Error 1 > make: *** [lib] Error 2 Hah, yes, it caught an intentionally bad copy. This may bypass the check, as I've had to do in LKDTM before. I will test... diff --git a/lib/test_kasan_module.c b/lib/test_kasan_module.c index 7ebf433edef3..9fb2fb2937da 100644 --- a/lib/test_kasan_module.c +++ b/lib/test_kasan_module.c @@ -19,7 +19,12 @@ static noinline void __init copy_user_test(void) { char *kmem; char __user *usermem; - size_t size = 128 - KASAN_GRANULE_SIZE; + /* + * This is marked volatile to avoid __alloc_size() + * noticing the intentionally out-of-bounds copys + * being done on the allocation. + */ + volatile size_t size = 128 - KASAN_GRANULE_SIZE; int __maybe_unused unused; kmem = kmalloc(size, GFP_KERNEL); -- Kees Cook
Powered by blists - more mailing lists