lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202110281341.8479EC4759@keescook>
Date:   Thu, 28 Oct 2021 13:42:07 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     Vincenzo Frascino <vincenzo.frascino@....com>,
        Arnd Bergmann <arnd@...nel.org>,
        linux-hardening@...r.kernel.org, Kees Cook <keescook@...mium.org>,
        Andrey Ryabinin <ryabinin.a.a@...il.com>,
        Alexander Potapenko <glider@...gle.com>,
        Andrey Konovalov <andreyknvl@...il.com>,
        Dmitry Vyukov <dvyukov@...gle.com>, kasan-dev@...glegroups.com,
        Arnd Bergmann <arnd@...db.de>, Marco Elver <elver@...gle.com>,
        Catalin Marinas <catalin.marinas@....com>,
        Peter Collingbourne <pcc@...gle.com>,
        Patricia Alfonso <trishalfonso@...gle.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] kasan: test: use underlying string helpers

On Thu, Oct 28, 2021 at 01:15:26PM -0700, Andrew Morton wrote:
> On Thu, 14 Oct 2021 19:40:45 -0700 Kees Cook <keescook@...omium.org> wrote:
> 
> > 
> > 
> > On October 14, 2021 1:12:54 AM PDT, Vincenzo Frascino <vincenzo.frascino@....com> wrote:
> > >
> > >
> > >On 10/13/21 5:00 PM, Arnd Bergmann wrote:
> > >> From: Arnd Bergmann <arnd@...db.de>
> > >> 
> > >> Calling memcmp() and memchr() with an intentional buffer overflow
> > >> is now caught at compile time:
> > >> 
> > >> In function 'memcmp',
> > >>     inlined from 'kasan_memcmp' at lib/test_kasan.c:897:2:
> > >> include/linux/fortify-string.h:263:25: error: call to '__read_overflow' declared with attribute error: detected read beyond size of object (1st parameter)
> > >>   263 |                         __read_overflow();
> > >>       |                         ^~~~~~~~~~~~~~~~~
> > >> In function 'memchr',
> > >>     inlined from 'kasan_memchr' at lib/test_kasan.c:872:2:
> > >> include/linux/fortify-string.h:277:17: error: call to '__read_overflow' declared with attribute error: detected read beyond size of object (1st parameter)
> > >>   277 |                 __read_overflow();
> > >>       |                 ^~~~~~~~~~~~~~~~~
> > >> 
> > >> Change the kasan tests to wrap those inside of a noinline function
> > >> to prevent the compiler from noticing the bug and let kasan find
> > >> it at runtime.
> > >> 
> > >> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> > >
> > >Reviewed-by: Vincenzo Frascino <vincenzo.frascino@....com>
> > 
> > How about just explicitly making the size invisible to the compiler?
> > 
> > I did this for similar issues in the same source:
> > 
> > https://lore.kernel.org/linux-hardening/20211006181544.1670992-1-keescook@chromium.org/T/#u

This is already fixed in your tree with:

"kasan: test: consolidate workarounds for unwanted __alloc_size() protection"

which was based on this original patch (and my comments).

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ