lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABCJKueOu+MwgvTcEUY51tJ1YjNjS-3zHhAHP=1TQUC1wd_1VA@mail.gmail.com>
Date:   Fri, 15 Sep 2023 12:05:50 -0700
From:   Sami Tolvanen <samitolvanen@...gle.com>
To:     David Gow <davidgow@...gle.com>
Cc:     Nathan Chancellor <nathan@...nel.org>,
        Kees Cook <keescook@...omium.org>,
        Brendan Higgins <brendan.higgins@...ux.dev>,
        Rae Moar <rmoar@...gle.com>, dlatypov@...gle.com,
        Benjamin Berg <benjamin.berg@...el.com>,
        Maxime Ripard <mripard@...nel.org>,
        Richard Fitzgerald <rf@...nsource.cirrus.com>,
        llvm@...ts.linux.dev, linux-kernel@...r.kernel.org,
        kunit-dev@...glegroups.com, linux-kselftest@...r.kernel.org,
        linux-hardening@...r.kernel.org,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Tom Rix <trix@...hat.com>
Subject: Re: [RFC PATCH] kunit: Add a macro to wrap a deferred action function

Hi David,

On Thu, Sep 14, 2023 at 10:01 PM David Gow <davidgow@...gle.com> wrote:
>
> KUnit's deferred action API accepts a void(*)(void *) function pointer
> which is called when the test is exited. However, we very frequently
> want to use existing functions which accept a single pointer, but which
> may not be of type void*. While this is probably dodgy enough to be on
> the wrong side of the C standard, it's been often used for similar
> callbacks, and gcc's -Wcast-function-type seems to ignore cases where
> the only difference is the type of the argument, assuming it's
> compatible (i.e., they're both pointers to data).
>
> However, clang 16 has introduced -Wcast-function-type-strict, which no
> longer permits any deviation in function pointer type. This seems to be
> because it'd break CFI, which validates the type of function calls.
>
> This rather ruins our attempts to cast functions to defer them, and
> leaves us with a few options:
> 1. Stick our fingers in our ears an ignore the warning. (It's worked so
>    far, but probably isn't the right thing to do.)
> 2. Find some horrible way of casting which fools the compiler into
>    letting us do the cast. (It'd still break CFI, though.)
> 3. Disable the warning, and CFI for this function. This isn't optimal,
>    but may make sense for test-only code. However, I think we'd have to
>    do this for every function called, not just the caller, so maybe it's
>    not practical.
> 4. Manually write wrappers around any such functions. This is ugly (do
>    we really want two copies of each function, one of which has no type
>    info and just forwards to the other). It could get repetitive.
> 5. Generate these wrappers with a macro. That's what this patch does.
>
> I'm broadly okay with any of the options above, though whatever we go
> with will no doubt require some bikeshedding of details (should these
> wrappers be public, do we dedupe them, etc).
>
> Thoughts?

Using a macro to generate a wrapper is a reasonable approach IMO, and
we've used it before in the kernel to fix type mismatches in
indirectly called functions (v4l2-ioctl and cfg80211 come to mind at
least).

Sami

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ