| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 May 2024 09:31:47 +0200 From: Roberto Sassu <roberto.sassu@...weicloud.com> To: Kees Cook <keescook@...omium.org>, Masahiro Yamada <masahiroy@...nel.org> Cc: linux-kbuild@...r.kernel.org, linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org, Andrey Ryabinin <ryabinin.a.a@...il.com>, Alexander Potapenko <glider@...gle.com>, Andrey Konovalov <andreyknvl@...il.com>, Dmitry Vyukov <dvyukov@...gle.com>, Vincenzo Frascino <vincenzo.frascino@....com>, Marco Elver <elver@...gle.com>, Josh Poimboeuf <jpoimboe@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Peter Oberparleiter <oberpar@...ux.ibm.com>, Johannes Berg <johannes@...solutions.net>, kasan-dev@...glegroups.com, linux-hardening@...r.kernel.org Subject: Re: [PATCH 0/3] kbuild: remove many tool coverage variables On Mon, 2024-05-13 at 11:48 -0700, Kees Cook wrote: > In the future can you CC the various maintainers of the affected > tooling? :) > > On Mon, May 06, 2024 at 10:35:41PM +0900, Masahiro Yamada wrote: > > > > This patch set removes many instances of the following variables: > > > > - OBJECT_FILES_NON_STANDARD > > - KASAN_SANITIZE > > - UBSAN_SANITIZE > > - KCSAN_SANITIZE > > - KMSAN_SANITIZE > > - GCOV_PROFILE > > - KCOV_INSTRUMENT > > > > Such tools are intended only for kernel space objects, most of which > > are listed in obj-y, lib-y, or obj-m. > > This is a reasonable assertion, and the changes really simplify things > now and into the future. Thanks for finding such a clean solution! I > note that it also immediately fixes the issue noticed and fixed here: > https://lore.kernel.org/all/20240513122754.1282833-1-roberto.sassu@huaweicloud.com/ Yes, this patch set fixes the issue too. Tested-by: Roberto Sassu <roberto.sassu@...wei.com> Now UBSAN complains about misaligned address, such as: [ 0.150000][ T1] UBSAN: misaligned-access in kernel/workqueue.c:5514:3 [ 0.150000][ T1] member access within misaligned address 0000000064c36f78 for type 'struct pool_workqueue' [ 0.150000][ T1] which requires 512 byte alignment [ 0.150000][ T1] CPU: 0 PID: 1 Comm: swapper Not tainted 6.9.0-dont-use-00003-g3b621c71dc5e #2244 But I guess this is for a separate thread. Thanks Roberto > > The best guess is, objects in $(obj-y), $(lib-y), $(obj-m) can opt in > > such tools. Otherwise, not. > > > > This works in most places. > > I am worried about the use of "guess" and "most", though. :) Before, we > had some clear opt-out situations, and now it's more of a side-effect. I > think this is okay, but I'd really like to know more about your testing. > > It seems like you did build testing comparing build flags, since you > call out some of the explicit changes in patch 2, quoting: > > > - include arch/mips/vdso/vdso-image.o into UBSAN, GCOV, KCOV > > - include arch/sparc/vdso/vdso-image-*.o into UBSAN > > - include arch/sparc/vdso/vma.o into UBSAN > > - include arch/x86/entry/vdso/extable.o into KASAN, KCSAN, UBSAN, GCOV, KCOV > > - include arch/x86/entry/vdso/vdso-image-*.o into KASAN, KCSAN, UBSAN, GCOV, KCOV > > - include arch/x86/entry/vdso/vdso32-setup.o into KASAN, KCSAN, UBSAN, GCOV, KCOV > > - include arch/x86/entry/vdso/vma.o into GCOV, KCOV > > - include arch/x86/um/vdso/vma.o into KASAN, GCOV, KCOV > > I would agree that these cases are all likely desirable. > > Did you find any cases where you found that instrumentation was _removed_ > where not expected? > > -Kees >
Powered by blists - more mailing lists