From: Kees Cook <keescook@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, George Burgess IV <gbiv@google.com>,
Kees Cook <keescook@chromium.org>,
linux-hardening@vger.kernel.org, llvm@lists.linux.dev,
Miguel Ojeda <ojeda@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>
Subject: [GIT PULL] FORTIFY_SOURCE updates for v5.18-rc1
Date: Fri, 25 Mar 2022 15:03:43 -0700 [thread overview]
Message-ID: <202203251443.9BBADFD98@keescook> (raw)
Hi Linus,
Please pull these FORTIFY_SOURCE updates for v5.18-rc1.
This series consists of two halves:
- strict compile-time buffer size checking under FORTIFY_SOURCE for
the memcpy()-family of functions (for extensive details and rationale,
see the first commit),
- enabling FORTIFY_SOURCE for Clang, which has had many overlapping bugs
that we've finally worked past.
It looks like all the dependent trees with related buffer fixes have been
merged (I was waiting for the scsi tree to get pulled). This has been
in -next for almost 2 development cycles, and I did overnight build
testing merged against your tree under the following combinations,
with no new warnings (there is one Clang 14+ specific issue in
drivers/net/ethernet/huawei/hinic that we're still tracking down as a
likely compiler regression[1]):
gcc 11.2.1 (Fedora 35) defconfig: x86_64 i386 arm64
gcc 11.2.1 (Fedora 35) allmodconfig: x86_64 i386 arm64
gcc 11.2.0 (Ubuntu 21.10) defconfig: x86_64 i386 arm64
gcc 11.2.0 (Ubuntu 21.10) allmodconfig: x86_64 i386 arm64
gcc 10.3.0 (Ubuntu 21.10) defconfig: x86_64 i386 arm64
gcc 10.3.0 (Ubuntu 21.10) allmodconfig: x86_64 i386 arm64
gcc 9.4.0 (Ubuntu 21.10) defconfig: x86_64 i386 arm64
gcc 9.4.0 (Ubuntu 21.10) allmodconfig: x86_64 i386 arm64
gcc 8.5.0 (Ubuntu 21.10) defconfig: x86_64 i386 arm64
gcc 8.5.0 (Ubuntu 21.10) allmodconfig: x86_64 i386 arm64
clang 15.0.0 (local build) defconfig: x86_64 i386 arm64
clang 14.0.0 (Ubuntu 22.04) defconfig: x86_64 i386 arm64
clang 13.0.0 (Fedora 35) defconfig: x86_64 i386 arm64
clang 12.0.1 (Ubuntu 21.10) defconfig: x86_64 i386 arm64
clang 13.0.0 (Ubuntu 21.10) allmodconfig: x86_64 i386
clang 12.0.1 (Ubuntu 21.10) allmodconfig: x86_64 i386
There is also still 1 runtime fix pending for the comedi driver's
selftests[2], which is living in my "pending-fixes" tree (for fixes that
maintainers appear to have picked up, but haven't appeared in -next yet).
Beyond that, as far as I've been able to track, all the other architecture
also build cleanly; we've been fixing any issues as they are reported
by various builders, and when we find them in our builds.
Thanks!
-Kees
[1] https://github.com/ClangBuiltLinux/linux/issues/1592
[2] https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/pending-fixes&id=77cc24d543c46076d753348b6178473eb16fc788
The following changes since commit dfd42facf1e4ada021b939b4e19c935dcdd55566:
Linux 5.17-rc3 (2022-02-06 12:20:50 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/memcpy-v5.18-rc1
for you to fetch changes up to 281d0c962752fb40866dd8d4cade68656f34bd1f:
fortify: Add Clang support (2022-02-13 16:50:07 -0800)
----------------------------------------------------------------
memcpy updates for v5.18-rc1
- Enable strict FORTIFY_SOURCE compile-time validation of memcpy buffers
- Add Clang features needed for FORTIFY_SOURCE support
- Enable FORTIFY_SOURCE for Clang where possible
----------------------------------------------------------------
Kees Cook (12):
fortify: Detect struct member overflows in memcpy() at compile-time
fortify: Detect struct member overflows in memmove() at compile-time
fortify: Detect struct member overflows in memset() at compile-time
fortify: Update compile-time tests for Clang 14
fortify: Replace open-coded __gnu_inline attribute
Compiler Attributes: Add __pass_object_size for Clang
Compiler Attributes: Add __overloadable for Clang
Compiler Attributes: Add __diagnose_as for Clang
fortify: Make pointer arguments const
fortify: Use __diagnose_as() for better diagnostic coverage
fortify: Make sure strlen() may still be used as a constant expression
fortify: Add Clang support
arch/x86/boot/compressed/misc.c | 3 +-
arch/x86/lib/memcpy_32.c | 1 +
include/linux/compiler_attributes.h | 39 ++++
include/linux/fortify-string.h | 238 +++++++++++++++++++-----
lib/Makefile | 3 +-
lib/string_helpers.c | 6 +
lib/test_fortify/read_overflow2_field-memcpy.c | 5 +
lib/test_fortify/read_overflow2_field-memmove.c | 5 +
lib/test_fortify/write_overflow_field-memcpy.c | 5 +
lib/test_fortify/write_overflow_field-memmove.c | 5 +
lib/test_fortify/write_overflow_field-memset.c | 5 +
scripts/test_fortify.sh | 8 +-
security/Kconfig | 5 +-
13 files changed, 272 insertions(+), 56 deletions(-)
create mode 100644 lib/test_fortify/read_overflow2_field-memcpy.c
create mode 100644 lib/test_fortify/read_overflow2_field-memmove.c
create mode 100644 lib/test_fortify/write_overflow_field-memcpy.c
create mode 100644 lib/test_fortify/write_overflow_field-memmove.c
create mode 100644 lib/test_fortify/write_overflow_field-memset.c
--
Kees Cook
next reply other threads:[~2022-03-25 22:03 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-25 22:03 Kees Cook [this message]
2022-03-26 19:29 ` [GIT PULL] FORTIFY_SOURCE updates for v5.18-rc1 Linus Torvalds
2022-03-26 19:40 ` Linus Torvalds
2022-03-28 16:01 ` Kees Cook
2022-03-26 20:18 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202203251443.9BBADFD98@keescook \
--to=keescook@chromium.org \
--cc=gbiv@google.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=ojeda@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.