From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756886AbdJKEhw (ORCPT ); Wed, 11 Oct 2017 00:37:52 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:35649 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750741AbdJKEhv (ORCPT ); Wed, 11 Oct 2017 00:37:51 -0400 Subject: Re: BUG: KASAN: global-out-of-bounds in strscpy+0x807/0x970 To: Jakub Kicinski , Kees Cook Cc: Simon Brewer , LKML References: <20171010182805.52b9b2af@cakuba.netronome.com> <20171010184626.1d164407@cakuba.netronome.com> From: Tyler Hicks Message-ID: <411eec08-711a-d133-05bf-0e6c7d4101d3@canonical.com> Date: Wed, 11 Oct 2017 00:37:43 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Q8x60uwjwFq8UxXqjsKQmfiEErbbGtbk7" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Q8x60uwjwFq8UxXqjsKQmfiEErbbGtbk7 Content-Type: multipart/mixed; boundary="ucQVkjP3TjboM8RB2thK0rLVqCJGUgtFt"; protected-headers="v1" From: Tyler Hicks To: Jakub Kicinski , Kees Cook Cc: Simon Brewer , LKML Message-ID: <411eec08-711a-d133-05bf-0e6c7d4101d3@canonical.com> Subject: Re: BUG: KASAN: global-out-of-bounds in strscpy+0x807/0x970 References: <20171010182805.52b9b2af@cakuba.netronome.com> <20171010184626.1d164407@cakuba.netronome.com> In-Reply-To: --ucQVkjP3TjboM8RB2thK0rLVqCJGUgtFt Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 10/10/2017 10:32 PM, Simon Brewer wrote: > Hint start looking at this thread. https://lkml.org/lkml/2017/7/18/874 >=20 > Summary: strscpy and KASAN are currently incompatible. strscpy does a > 64 bit speculative fetch on a char pointer (for efficiency reasons).=20 > KASAN spots this and flags an error. Thanks, Simon. I had already reviewed the loop in seccomp_names_from_actions_logged() and couldn't spot an issue so my next step was to take a look at strscpy() itself. Your reply was well timed. :) @Kees, this is a false positive. I picked strscpy() because of its sane return codes for easy error handling but its word-at-a-time complexity is overkill for this sysctl. Are you alright with this KASAN false positive or would you like me to change over to strlcpy()? Tyler >=20 > On 11 October 2017 at 12:46, Jakub Kicinski > wrote: >=20 > On Tue, 10 Oct 2017 21:44:01 -0400, Tyler Hicks wrote: > > On 10/10/2017 09:28 PM, Jakub Kicinski wrote: > > > I'm hitting this on sysctl -a with net-next (4.14-rc4). > > > > Hey Jakub - thanks for the bug report! > > > > > > > > I saw that seccomp_actions_logged_handler was introduced > > > not-so-long-ago by Tyler, is there a fix for this? > > > > No, this is the first I've heard of it. I'll have a look. >=20 > Thanks! :) >=20 >=20 --ucQVkjP3TjboM8RB2thK0rLVqCJGUgtFt-- --Q8x60uwjwFq8UxXqjsKQmfiEErbbGtbk7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZ3aAXAAoJENaSAD2qAscK0b8P/3+omJ5ioBMfLusS2v4tiQrZ aj8cbEMA1T++AUwOQCLFzvylk6mEBPx+SKBafH3Xsm2X87k4kWmB3EVU1FscXGys hE0SLie2fYXOze/ujo78ZUKa0DZU7mS6TI1TtSwObmHt8SZNQUlnEeZDUTydAtYx XktFUUhlqcASaU0NKBHHUc/HfVgb+FZ8/xmqZx/PKycOpaith0uDnn9TblrGJP0g 67AmZwCpMTRnOA7kFmo5JU8Wv3GikMpsLqwewT+a+pH1iuF2eqPvtnAbNQa/tt/C 1ZV+p2Tsu0J1H+HrRKebjZrN5OGVv9AoUNHU//9tIdXagH2VOmLloZ/Rd6DbyHlB hsS6iF1zY7u7onFNa1pvhqCrRHdGDQ1l0TK9RmDavItImoSRTHyoYIO+yPu5VVq1 OSRYCxdzVG67v8B3PjEf6wz9N2luaeB0RjF/npM0PM6k8mMhqQHhy+ffCToFUziy SE9ORQVk2LsjV9Ue5mcx2DWddP9643tvrbA+J72OOu9RpPUDvdjyX7kXAUlQizqf h81yJXCHwB34epUDgTInuSyzL59TL/GulRZQcj9Mc23heDM9j0Xqt35SB5/YbvV1 cg/LTv/ecO7TydimG5CogxmIa1CbS4118GfPHppIWDFLBI4PLeu1HZeRqoaAeMn7 +99FlQnR0qLlkmRDdB2b =taSL -----END PGP SIGNATURE----- --Q8x60uwjwFq8UxXqjsKQmfiEErbbGtbk7--