* [PATCH] KASAN: prohibit KASAN+STRUCTLEAK combination
@ 2018-04-19 9:48 Dmitry Vyukov
2018-04-19 17:21 ` Andrey Ryabinin
0 siblings, 1 reply; 3+ messages in thread
From: Dmitry Vyukov @ 2018-04-19 9:48 UTC (permalink / raw)
To: linux-mm, akpm
Cc: Dmitry Vyukov, kasan-dev, Fengguang Wu, Sergey Senozhatsky,
Andrey Ryabinin, Kees Cook
Currently STRUCTLEAK inserts initialization out of live scope of
variables from KASAN point of view. This leads to KASAN false
positive reports. Prohibit this combination for now.
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Cc: linux-mm@kvack.org
Cc: kasan-dev@googlegroups.com
Cc: Fengguang Wu <fengguang.wu@intel.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Kees Cook <keescook@google.com>
---
This combination leads to periodic confusion
and pointless debugging:
https://marc.info/?l=linux-kernel&m=151991367323082
https://marc.info/?l=linux-kernel&m=151992229326243
https://lkml.org/lkml/2017/11/30/33
---
arch/Kconfig | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/Kconfig b/arch/Kconfig
index 8e0d665c8d53..983578c44cca 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -464,6 +464,10 @@ config GCC_PLUGIN_LATENT_ENTROPY
config GCC_PLUGIN_STRUCTLEAK
bool "Force initialization of variables containing userspace addresses"
depends on GCC_PLUGINS
+ # Currently STRUCTLEAK inserts initialization out of live scope of
+ # variables from KASAN point of view. This leads to KASAN false
+ # positive reports. Prohibit this combination for now.
+ depends on !KASAN
help
This plugin zero-initializes any structures containing a
__user attribute. This can prevent some classes of information
--
2.17.0.484.g0c8726318c-goog
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] KASAN: prohibit KASAN+STRUCTLEAK combination
2018-04-19 9:48 [PATCH] KASAN: prohibit KASAN+STRUCTLEAK combination Dmitry Vyukov
@ 2018-04-19 17:21 ` Andrey Ryabinin
2018-04-19 17:25 ` Dmitry Vyukov
0 siblings, 1 reply; 3+ messages in thread
From: Andrey Ryabinin @ 2018-04-19 17:21 UTC (permalink / raw)
To: Dmitry Vyukov, linux-mm, akpm
Cc: kasan-dev, Fengguang Wu, Sergey Senozhatsky, Kees Cook
On 04/19/2018 12:48 PM, Dmitry Vyukov wrote:
> --- a/arch/Kconfig
> +++ b/arch/Kconfig
> @@ -464,6 +464,10 @@ config GCC_PLUGIN_LATENT_ENTROPY
> config GCC_PLUGIN_STRUCTLEAK
> bool "Force initialization of variables containing userspace addresses"
> depends on GCC_PLUGINS
> + # Currently STRUCTLEAK inserts initialization out of live scope of
> + # variables from KASAN point of view. This leads to KASAN false
> + # positive reports. Prohibit this combination for now.
> + depends on !KASAN
KASAN_EXTRA
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] KASAN: prohibit KASAN+STRUCTLEAK combination
2018-04-19 17:21 ` Andrey Ryabinin
@ 2018-04-19 17:25 ` Dmitry Vyukov
0 siblings, 0 replies; 3+ messages in thread
From: Dmitry Vyukov @ 2018-04-19 17:25 UTC (permalink / raw)
To: Andrey Ryabinin
Cc: Linux-MM, Andrew Morton, kasan-dev, Fengguang Wu,
Sergey Senozhatsky, Kees Cook
On Thu, Apr 19, 2018 at 7:21 PM, Andrey Ryabinin
<aryabinin@virtuozzo.com> wrote:
>
>
> On 04/19/2018 12:48 PM, Dmitry Vyukov wrote:
>
>> --- a/arch/Kconfig
>> +++ b/arch/Kconfig
>> @@ -464,6 +464,10 @@ config GCC_PLUGIN_LATENT_ENTROPY
>> config GCC_PLUGIN_STRUCTLEAK
>> bool "Force initialization of variables containing userspace addresses"
>> depends on GCC_PLUGINS
>> + # Currently STRUCTLEAK inserts initialization out of live scope of
>> + # variables from KASAN point of view. This leads to KASAN false
>> + # positive reports. Prohibit this combination for now.
>> + depends on !KASAN
> KASAN_EXTRA
Remailed, thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-04-19 17:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-19 9:48 [PATCH] KASAN: prohibit KASAN+STRUCTLEAK combination Dmitry Vyukov
2018-04-19 17:21 ` Andrey Ryabinin
2018-04-19 17:25 ` Dmitry Vyukov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.