lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251105084733.3598704-5-me@linux.beauty>
Date: Wed,  5 Nov 2025 16:46:55 +0800
From: Li Chen <me@...ux.beauty>
To: Kees Cook <kees@...nel.org>,
	Nathan Chancellor <nathan@...nel.org>,
	Nicolas Schier <nicolas.schier@...ux.dev>,
	linux-kernel@...r.kernel.org,
	linux-hardening@...r.kernel.org,
	linux-kbuild@...r.kernel.org
Subject: [RFC PATCH 0/2] Add cleanup_plugin for detecting problematic cleanup patterns

From: Li Chen <chenl311@...natelecom.cn>

Hello,

This patch series introduces a new GCC plugin called cleanup_plugin that
warns developers about problematic patterns when using variables with
__attribute__((cleanup(...))). The plugin addresses concerns documented
in include/linux/cleanup.h regarding resource leaks and interdependency
issues.

The cleanup attribute helpers (__free, DEFINE_FREE, etc.) are designed
to automatically clean up resources when variables go out of scope,
following LIFO (last in first out) ordering. However, certain patterns
can lead to subtle bugs:

1. Uninitialized cleanup variables: Variables declared with cleanup
   attributes but not initialized can cause issues when cleanup functions
   are called on undefined values.

2. NULL-initialized cleanup variables: The "__free(...) = NULL" pattern
   at function top can cause interdependency problems, especially when
   combined with guards or multiple cleanup variables, as the cleanup
   may run in unexpected contexts.

The plugin detects both of these problematic patterns and provides clear
warnings to developers, helping prevent  incorrect cleanup ordering.
Importantly, the plugin's warnings are not converted
to errors by -Werror, allowing builds to continue while still alerting
developers to potential issues.

The plugin is enabled by default as it provides valuable compile-time
feedback without impacting build performance.

Li Chen (2):
  gcc-plugins: add cleanup_plugin for uninitialized cleanup detection
  gcc-plugins: cleanup_plugin: detect NULL init

 scripts/Makefile.gcc-plugins         |   1 +
 scripts/gcc-plugins/Kconfig          |   6 +
 scripts/gcc-plugins/cleanup_plugin.c | 204 +++++++++++++++++++++++++++
 3 files changed, 211 insertions(+)
 create mode 100644 scripts/gcc-plugins/cleanup_plugin.c

-- 
2.51.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ