From: Kees Cook <keescook@chromium.org>
To: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: linux-hardening@vger.kernel.org,
"Andy Shevchenko" <andy@kernel.org>,
"Cezary Rojewski" <cezary.rojewski@intel.com>,
"Puyou Lu" <puyou.lu@gmail.com>,
"Mark Brown" <broonie@kernel.org>,
"Josh Poimboeuf" <jpoimboe@kernel.org>,
"Peter Zijlstra" <peterz@infradead.org>,
"Brendan Higgins" <brendan.higgins@linux.dev>,
"David Gow" <davidgow@google.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Nathan Chancellor" <nathan@kernel.org>,
"Alexander Potapenko" <glider@google.com>,
"Zhaoyang Huang" <zhaoyang.huang@unisoc.com>,
"Randy Dunlap" <rdunlap@infradead.org>,
"Geert Uytterhoeven" <geert+renesas@glider.be>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Liam Howlett" <liam.howlett@oracle.com>,
"Vlastimil Babka" <vbabka@suse.cz>,
"Dan Williams" <dan.j.williams@intel.com>,
"Rasmus Villemoes" <linux@rasmusvillemoes.dk>,
"Yury Norov" <yury.norov@gmail.com>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
"Sander Vanheule" <sander@svanheule.net>,
"Eric Biggers" <ebiggers@google.com>,
"Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
"Andrey Konovalov" <andreyknvl@gmail.com>,
"Linus Walleij" <linus.walleij@linaro.org>,
"Daniel Latypov" <dlatypov@google.com>,
"José Expósito" <jose.exposito89@gmail.com>,
linux-kernel@vger.kernel.org, kunit-dev@googlegroups.com
Subject: Re: [PATCH 6/9] fortify: Split reporting and avoid passing string pointer
Date: Thu, 6 Apr 2023 15:57:37 -0700 [thread overview]
Message-ID: <642f4e62.170a0220.1f11f.36df@mx.google.com> (raw)
In-Reply-To: <CAHp75Vf-nG865UwbVjwFjVTtXA7mAdi4FfKCpTHDx55eFnbvAA@mail.gmail.com>
On Thu, Apr 06, 2023 at 01:20:52PM +0300, Andy Shevchenko wrote:
> On Thu, Apr 6, 2023 at 3:02 AM Kees Cook <keescook@chromium.org> wrote:
> >
> > In preparation for KUnit testing and further improvements in fortify
> > failure reporting, split out the report and encode the function and
> > access failure (read or write overflow) into a single int argument. This
> > mainly ends up saving some space in the data segment. For a defconfig
> > with FORTIFY_SOURCE enabled:
> >
> > $ size gcc/vmlinux.before gcc/vmlinux.after
> > text data bss dec hex filename
> > 26132309 9760658 2195460 38088427 2452eeb gcc/vmlinux.before
> > 26132386 9748382 2195460 38076228 244ff44 gcc/vmlinux.after
>
> ...
>
> > + const char *name;
> > + const bool write = !!(reason & 0x1);
>
> Perhaps define that as
>
> FORTIFY_READ_WRITE BIT(0)
> FORTIFY_FUNC_SHIFT 1
>
> const bool write = reason & FORTIFY_READ_WRITE; // and note no need for !! part
Yeah, that reads better. The FIELD_GET suggestion down-thread is
probably how I'll go.
>
> switch (reason >> FORTIFY_FUNC_SHIFT) {
>
> > + switch (reason >> 1) {
> > + case FORTIFY_FUNC_strncpy:
> > + name = "strncpy";
> > + break;
> > + case FORTIFY_FUNC_strnlen:
> > + name = "strnlen";
> > + break;
> > + case FORTIFY_FUNC_strlen:
> > + name = "strlen";
> > + break;
> > + case FORTIFY_FUNC_strlcpy:
> > + name = "strlcpy";
> > + break;
> > + case FORTIFY_FUNC_strscpy:
> > + name = "strscpy";
> > + break;
> > + case FORTIFY_FUNC_strlcat:
> > + name = "strlcat";
> > + break;
> > + case FORTIFY_FUNC_strcat:
> > + name = "strcat";
> > + break;
> > + case FORTIFY_FUNC_strncat:
> > + name = "strncat";
> > + break;
> > + case FORTIFY_FUNC_memset:
> > + name = "memset";
> > + break;
> > + case FORTIFY_FUNC_memcpy:
> > + name = "memcpy";
> > + break;
> > + case FORTIFY_FUNC_memmove:
> > + name = "memmove";
> > + break;
> > + case FORTIFY_FUNC_memscan:
> > + name = "memscan";
> > + break;
> > + case FORTIFY_FUNC_memcmp:
> > + name = "memcmp";
> > + break;
> > + case FORTIFY_FUNC_memchr:
> > + name = "memchr";
> > + break;
> > + case FORTIFY_FUNC_memchr_inv:
> > + name = "memchr_inv";
> > + break;
> > + case FORTIFY_FUNC_kmemdup:
> > + name = "kmemdup";
> > + break;
> > + case FORTIFY_FUNC_strcpy:
> > + name = "strcpy";
> > + break;
> > + default:
> > + name = "unknown";
> > + }
>
> ...
>
> > + WARN(1, "%s: detected buffer %s overflow\n", name, write ? "write" : "read");
>
> Using str_read_write() ?
>
> Dunno if it's already there or needs to be added. I have some patches
> to move those str_*() to string_choices.h. We can also prepend yours
> with those.
Oh! Hah. I totally forgot about str_read_write. :) I will use that.
--
Kees Cook
next prev parent reply other threads:[~2023-04-06 22:57 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-06 0:01 [PATCH 0/9] fortify: Add KUnit tests for runtime overflows Kees Cook
2023-04-06 0:02 ` [PATCH 1/9] kunit: tool: Enable CONFIG_FORTIFY_SOURCE under UML Kees Cook
2023-04-06 3:10 ` Kees Cook
2023-04-06 0:02 ` [PATCH 2/9] fortify: Allow KUnit test to build without FORTIFY Kees Cook
2023-04-06 1:22 ` Daniel Latypov
2023-04-06 23:09 ` Kees Cook
2023-04-06 0:02 ` [PATCH 3/9] string: Add Kunit tests for strcat() family Kees Cook
2023-04-06 4:19 ` kernel test robot
2023-04-06 9:11 ` Alexander Potapenko
2023-04-06 23:07 ` Kees Cook
2023-04-12 12:34 ` Alexander Potapenko
2023-04-06 0:02 ` [PATCH 4/9] fortify: Add protection for strlcat() Kees Cook
2023-04-06 13:32 ` Miguel Ojeda
2023-04-06 22:58 ` Kees Cook
2023-04-06 0:02 ` [PATCH 5/9] fortify: strcat: Move definition to use fortified strlcat() Kees Cook
2023-04-06 0:02 ` [PATCH 6/9] fortify: Split reporting and avoid passing string pointer Kees Cook
2023-04-06 10:20 ` Andy Shevchenko
2023-04-06 22:57 ` Kees Cook [this message]
2023-04-07 8:34 ` Andy Shevchenko
2023-04-07 19:49 ` Kees Cook
2023-04-06 11:19 ` kernel test robot
2024-02-22 13:00 ` Arnd Bergmann
2024-02-22 16:30 ` Kees Cook
2024-02-22 17:11 ` Andy Shevchenko
2023-04-06 13:44 ` Miguel Ojeda
2023-04-06 22:54 ` Kees Cook
2023-04-06 15:23 ` Alexander Lobakin
2023-04-06 22:54 ` Kees Cook
2023-04-07 10:26 ` kernel test robot
2023-04-06 0:02 ` [PATCH 7/9] fortify: Provide KUnit counters for failure testing Kees Cook
2023-04-06 0:02 ` [PATCH 8/9] fortify: Add KUnit tests for runtime overflows Kees Cook
2023-04-06 0:02 ` [PATCH 9/9] fortify: Improve buffer overflow reporting Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=642f4e62.170a0220.1f11f.36df@mx.google.com \
--to=keescook@chromium.org \
--cc=Jason@zx2c4.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=andy.shevchenko@gmail.com \
--cc=andy@kernel.org \
--cc=brendan.higgins@linux.dev \
--cc=broonie@kernel.org \
--cc=cezary.rojewski@intel.com \
--cc=dan.j.williams@intel.com \
--cc=davidgow@google.com \
--cc=dlatypov@google.com \
--cc=ebiggers@google.com \
--cc=geert+renesas@glider.be \
--cc=glider@google.com \
--cc=jose.exposito89@gmail.com \
--cc=jpoimboe@kernel.org \
--cc=kunit-dev@googlegroups.com \
--cc=liam.howlett@oracle.com \
--cc=linus.walleij@linaro.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mhiramat@kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=ojeda@kernel.org \
--cc=peterz@infradead.org \
--cc=puyou.lu@gmail.com \
--cc=rdunlap@infradead.org \
--cc=sander@svanheule.net \
--cc=vbabka@suse.cz \
--cc=yury.norov@gmail.com \
--cc=zhaoyang.huang@unisoc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.