lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202211222113.10003CF8FD@keescook>
Date:   Tue, 22 Nov 2022 21:15:51 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Siddhesh Poyarekar <siddhesh@...plt.org>
Cc:     linux-hardening@...r.kernel.org, Miguel Ojeda <ojeda@...nel.org>,
        Arnd Bergmann <arnd@...db.de>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Nathan Chancellor <nathan@...nel.org>,
        Tom Rix <trix@...hat.com>, llvm@...ts.linux.dev,
        Juergen Gross <jgross@...e.com>,
        Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4/4] fortify: Use __builtin_dynamic_object_size() when
 available

On Tue, Nov 22, 2022 at 05:20:37AM -0500, Siddhesh Poyarekar wrote:
> On 2022-09-20 15:22, Kees Cook wrote:
> > Since the commits starting with c37495d6254c ("slab: add __alloc_size
> > attributes for better bounds checking"), the compilers have runtime
> > allocation size hints available in some places. This was immediately
> > available to CONFIG_UBSAN_BOUNDS, but CONFIG_FORTIFY_SOURCE needed
> > updating to explicitly make use the hints via the associated
> > __builtin_dynamic_object_size() helper. Detect and use the builtin when
> > it is available, increasing the accuracy of the mitigation. When runtime
> > sizes are not available, __builtin_dynamic_object_size() falls back to
> > __builtin_object_size(), leaving the existing bounds checking unchanged.
> > 
> > Additionally update the VMALLOC_LINEAR_OVERFLOW LKDTM test to make the
> > hint invisible, otherwise the architectural defense is not exercised
> > (the buffer overflow is detected in the memset() rather than when it
> > crosses the edge of the allocation).
> > 
> > Cc: Miguel Ojeda <ojeda@...nel.org>
> > Cc: Siddhesh Poyarekar <siddhesh@...plt.org>
> > Cc: Arnd Bergmann <arnd@...db.de>
> > Cc: Nick Desaulniers <ndesaulniers@...gle.com>
> > Cc: Nathan Chancellor <nathan@...nel.org>
> > Cc: Tom Rix <trix@...hat.com>
> > Cc: linux-hardening@...r.kernel.org
> > Cc: llvm@...ts.linux.dev
> > Signed-off-by: Kees Cook <keescook@...omium.org>
> > ---
> >   drivers/misc/lkdtm/heap.c           | 1 +
> >   include/linux/compiler_attributes.h | 5 +++++
> >   include/linux/fortify-string.h      | 7 +++++++
> >   3 files changed, 13 insertions(+)
> 
> Hi Kees,
> 
> Circling back on this, I noticed that all but this patch got pulled into
> Linus' tree.  Is there a reason why this has been held back?

Hi!

Yeah, it depended on a bunch of various clean-ups, which have finally
managed to land. It's late enough in the devel cycle that I suspect I
will hold this one back until after the merge window and then make sure
it has plenty of time to bake in -next. If the rest of the patches
continue to behave, I may change my mind... :)

-Kees

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ