Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 2 Mar 2019 10:04:56 +0100
From: Ard Biesheuvel <ard.biesheuvel@...aro.org>
To: Arnd Bergmann <arnd@...db.de>
Cc: Kees Cook <keescook@...omium.org>, 
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Emese Revfy <re.emese@...il.com>, 
	Alexander Popov <alex.popov@...ux.com>, Laura Abbott <labbott@...hat.com>, Jann Horn <jannh@...gle.com>, 
	Alexander Potapenko <glider@...gle.com>, Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH 1/2] gcc-plugins: structleak: Generalize to all variable types

On Thu, 28 Feb 2019 at 21:27, Arnd Bergmann <arnd@...db.de> wrote:
>
> On Tue, Feb 12, 2019 at 7:08 PM Kees Cook <keescook@...omium.org> wrote:
> >
> > This adjusts structleak to also work with non-struct types when they
> > are passed by reference, since those variables may leak just like
> > anything else. This is exposed via an improved set of Kconfig options.
> > (This does mean structleak is slightly misnamed now.)
> >
> > Building with CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL should give the
> > kernel complete initialization coverage of all stack variables passed
> > by reference, including padding (see lib/test_stackinit.c).
> >
> > Using CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE to count added initializations
> > under defconfig:
> >
> >         ..._BYREF:      5945 added initializations
> >         ..._BYREF_ALL: 16606 added initializations
> >
> > There is virtually no change to text+data size (both have less than 0.05%
> > growth):
>
> I just resumed my randconfig build testing after a longer break, and found
> a regression for stack usage that I bisected to your change. It shows up in a
> variety of files depending on the configuration, so far the worst one is the
> configuration at https://pastebin.com/UK54qbKa that leads to
>
> ../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_start_search':
> ../drivers/media/dvb-frontends/stv090x.c:1595:1: error: the frame size
> of 5320 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]
> ../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_optimize_track':
> ../drivers/media/dvb-frontends/stv090x.c:3090:1: error: the frame size
> of 5872 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]
> ../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_algo':
> ../drivers/media/dvb-frontends/stv090x.c:3431:1: error: the frame size
> of 5144 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]
>  }
>
> At least for this specific file, I also see a significant (though not alarming)
> increase in code size:
>
>    text       data        bss        dec        hex    filename
> 179196       4632        256     184084      2cf14
> obj-x86/drivers/media/dvb-frontends/stv090x-before.o
>  216740       4632        256     221628      361bc
> obj-x86/drivers/media/dvb-frontends/stv090x-after.o
>
> Part of the problem here is definitely interaction with the asan-stack
> sanitizer. Changing asan-stack=1 to asan-stack=0, it looks a lot
> better:
>
> ../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_start_search':
> ../drivers/media/dvb-frontends/stv090x.c:1595:1: warning: the frame
> size of 120 bytes is larger than 20 bytes [-Wframe-larger-than=]
> ../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_optimize_track':
> ../drivers/media/dvb-frontends/stv090x.c:3090:1: warning: the frame
> size of 168 bytes is larger than 20 bytes [-Wframe-larger-than=]
> ../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_algo':
> ../drivers/media/dvb-frontends/stv090x.c:3431:1: warning: the frame
> size of 192 bytes is larger than 20 bytes [-Wframe-larger-than=]
>
>    text       data        bss        dec        hex    filename
> 184061       4632        256     188949      2e215
> obj-x86/drivers/media/dvb-frontends/stv090x.o
>
> I get similar results with asan-stack=1 but without your plugin, only
> the combination of the two has the explosive stack size growth.
>
> I can help analyze this further, but maybe you can have a look first,
> there might be something obvious when you read the input to the
> plugin.
>

Is this before or after use-after-scope was disabled entirely?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.