From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752495AbcF1WmG (ORCPT ); Tue, 28 Jun 2016 18:42:06 -0400 Received: from mail-lf0-f49.google.com ([209.85.215.49]:36773 "EHLO mail-lf0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752251AbcF1WmE (ORCPT ); Tue, 28 Jun 2016 18:42:04 -0400 From: Rasmus Villemoes To: pageexec@freemail.hu Cc: Emese Revfy , kernel-hardening@lists.openwall.com, spender@grsecurity.net, mmarek@suse.com, keescook@chromium.org, linux-kernel@vger.kernel.org, yamada.masahiro@socionext.com, linux-kbuild@vger.kernel.org, minipli@ld-linux.so, linux@armlinux.org.uk, catalin.marinas@arm.com, david.brown@linaro.org, benh@kernel.crashing.org, tglx@linutronix.de, akpm@linux-foundation.org, jlayton@poochiereds.net, arnd@arndb.de Subject: Re: [PATCH v1 2/2] Mark functions with the __nocapture attribute Organization: D03 References: <20160628133407.10c2ea1ecd194e8085e84c5a@gmail.com> <20160628133645.8f3cac0df4fc363e308426ac@gmail.com> <874m8dhwb4.fsf@rasmusvillemoes.dk> <5772EE62.11219.7B892887@pageexec.freemail.hu> X-Hashcash: 1:20:160628:linux@armlinux.org.uk::OFBwAQr0rwlhVGEn:00000000000000000000000000000000000000000IZT X-Hashcash: 1:20:160628:linux-kbuild@vger.kernel.org::AIQ55hCqGnk9zBiF:0000000000000000000000000000000000PjI X-Hashcash: 1:20:160628:yamada.masahiro@socionext.com::iXeR128n6KEbIDaB:000000000000000000000000000000000zV5 X-Hashcash: 1:20:160628:benh@kernel.crashing.org::hLJcuKUTnd8kilvs:00000000000000000000000000000000000000tNm X-Hashcash: 1:20:160628:spender@grsecurity.net::3XJU+Roswu/PpaOR:0000000000000000000000000000000000000001PHh X-Hashcash: 1:20:160628:kernel-hardening@lists.openwall.com::c+TTywBmNuOvRDLx:000000000000000000000000002RTV X-Hashcash: 1:20:160628:arnd@arndb.de::VZtRb/iCQWFbIS04:000025fR X-Hashcash: 1:20:160628:minipli@ld-linux.so::eJ//2+x59FfpT87e:0000000000000000000000000000000000000000003MZD X-Hashcash: 1:20:160628:linux-kernel@vger.kernel.org::89TOe0QkudBWvawD:0000000000000000000000000000000003zhs X-Hashcash: 1:20:160628:jlayton@poochiereds.net::FU3u0xp/vbZv+CAu:000000000000000000000000000000000000003ar+ X-Hashcash: 1:20:160628:pageexec@freemail.hu::l8FPj78aEvw1NNsB:0000000000000000000000000000000000000000058ov X-Hashcash: 1:20:160628:tglx@linutronix.de::vKtszJA4gGOPzZCD:00000000000000000000000000000000000000000004rwW X-Hashcash: 1:20:160628:keescook@chromium.org::KnSD/kyiOSB6xKYw:00000000000000000000000000000000000000006MbE X-Hashcash: 1:20:160628:re.emese@gmail.com::clxpvVujCHGjwdWt:00000000000000000000000000000000000000000006Zbk X-Hashcash: 1:20:160628:akpm@linux-foundation.org::2uAGpWQLEgb6yCQY:0000000000000000000000000000000000007aAz X-Hashcash: 1:20:160628:catalin.marinas@arm.com::BBewzTNZgieeP83Z:000000000000000000000000000000000000007OGp X-Hashcash: 1:20:160628:david.brown@linaro.org::l4tkwbGqZytrTK+X:0000000000000000000000000000000000000007gf1 X-Hashcash: 1:20:160628:mmarek@suse.com::R20S9osCQ3HFnejm:008SUd Date: Wed, 29 Jun 2016 00:41:57 +0200 In-Reply-To: <5772EE62.11219.7B892887@pageexec.freemail.hu> (PaX Team's message of "Tue, 28 Jun 2016 23:38:42 +0200") Message-ID: <87furxgclm.fsf@rasmusvillemoes.dk> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 28 2016, "PaX Team" wrote: > On 28 Jun 2016 at 22:50, Rasmus Villemoes wrote: > >> > +extern const char *kstrdup_const(const char *s, gfp_t gfp) __nocapture(1); >> >> OK, so this one is pretty dangerous, and probably wrong. If one does >> >> foo->bar = kstrdup_const(a-macro-that-might-be-a-string-literal) >> >> in an .init function, foo->bar will very likely become dangling. > > doesn't kstrdup_const omit the copy only for arguments that are stored in > .rodata (which doesn't include .init.rodata* and other init sections)? > Ah, right. But that's a little subtle. Also, it kind of defeats the purpose of kstrdup_const - but it's probably not actually called with a string literal all that often. In any case, I think there's still a problem with strchr() and friends. Rasmus From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: kernel-hardening@lists.openwall.com From: Rasmus Villemoes References: <20160628133407.10c2ea1ecd194e8085e84c5a@gmail.com> <20160628133645.8f3cac0df4fc363e308426ac@gmail.com> <874m8dhwb4.fsf@rasmusvillemoes.dk> <5772EE62.11219.7B892887@pageexec.freemail.hu> Date: Wed, 29 Jun 2016 00:41:57 +0200 In-Reply-To: <5772EE62.11219.7B892887@pageexec.freemail.hu> (PaX Team's message of "Tue, 28 Jun 2016 23:38:42 +0200") Message-ID: <87furxgclm.fsf@rasmusvillemoes.dk> MIME-Version: 1.0 Content-Type: text/plain Subject: [kernel-hardening] Re: [PATCH v1 2/2] Mark functions with the __nocapture attribute To: pageexec@freemail.hu Cc: Emese Revfy , kernel-hardening@lists.openwall.com, spender@grsecurity.net, mmarek@suse.com, keescook@chromium.org, linux-kernel@vger.kernel.org, yamada.masahiro@socionext.com, linux-kbuild@vger.kernel.org, minipli@ld-linux.so, linux@armlinux.org.uk, catalin.marinas@arm.com, david.brown@linaro.org, benh@kernel.crashing.org, tglx@linutronix.de, akpm@linux-foundation.org, jlayton@poochiereds.net, arnd@arndb.de List-ID: On Tue, Jun 28 2016, "PaX Team" wrote: > On 28 Jun 2016 at 22:50, Rasmus Villemoes wrote: > >> > +extern const char *kstrdup_const(const char *s, gfp_t gfp) __nocapture(1); >> >> OK, so this one is pretty dangerous, and probably wrong. If one does >> >> foo->bar = kstrdup_const(a-macro-that-might-be-a-string-literal) >> >> in an .init function, foo->bar will very likely become dangling. > > doesn't kstrdup_const omit the copy only for arguments that are stored in > .rodata (which doesn't include .init.rodata* and other init sections)? > Ah, right. But that's a little subtle. Also, it kind of defeats the purpose of kstrdup_const - but it's probably not actually called with a string literal all that often. In any case, I think there's still a problem with strchr() and friends. Rasmus