Kernel-hardening archive on lore.kernel.org
 help / color / Atom feed
From: Dmitry Vyukov <dvyukov@google.com>
To: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Andrey Ryabinin <aryabinin@virtuozzo.com>,
	 Elena Petrova <lenaptr@google.com>,
	Alexander Potapenko <glider@google.com>,
	 Linus Torvalds <torvalds@linux-foundation.org>,
	Dan Carpenter <dan.carpenter@oracle.com>,
	 "Gustavo A. R. Silva" <gustavo@embeddedor.com>,
	Arnd Bergmann <arnd@arndb.de>,
	 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	kasan-dev <kasan-dev@googlegroups.com>,
	 LKML <linux-kernel@vger.kernel.org>,
	kernel-hardening@lists.openwall.com,
	 syzkaller <syzkaller@googlegroups.com>
Subject: Re: [PATCH v2 0/3] ubsan: Split out bounds checker
Date: Fri, 22 Nov 2019 10:07:29 +0100
Message-ID: <CACT4Y+b3JZM=TSvUPZRMiJEPNH69otidRCqq9gmKX53UHxYqLg@mail.gmail.com> (raw)
In-Reply-To: <20191121181519.28637-1-keescook@chromium.org>

On Thu, Nov 21, 2019 at 7:15 PM Kees Cook <keescook@chromium.org> wrote:
>
> v2:
>     - clarify Kconfig help text (aryabinin)
>     - add reviewed-by
>     - aim series at akpm, which seems to be where ubsan goes through?
> v1: https://lore.kernel.org/lkml/20191120010636.27368-1-keescook@chromium.org
>
> This splits out the bounds checker so it can be individually used. This
> is expected to be enabled in Android and hopefully for syzbot. Includes
> LKDTM tests for behavioral corner-cases (beyond just the bounds checker).
>
> -Kees

+syzkaller mailing list

This is great!

I wanted to enable UBSAN on syzbot for a long time. And it's
_probably_ not lots of work. But it was stuck on somebody actually
dedicating some time specifically for it.
Kees, or anybody else interested, could you provide relevant configs
that (1) useful for kernel, (2) we want 100% cleanliness, (3) don't
fire all the time even without fuzzing? Anything else required to
enable UBSAN? I don't see anything. syzbot uses gcc 8.something, which
I assume should be enough (but we can upgrade if necessary).



> Kees Cook (3):
>   ubsan: Add trap instrumentation option
>   ubsan: Split "bounds" checker from other options
>   lkdtm/bugs: Add arithmetic overflow and array bounds checks
>
>  drivers/misc/lkdtm/bugs.c  | 75 ++++++++++++++++++++++++++++++++++++++
>  drivers/misc/lkdtm/core.c  |  3 ++
>  drivers/misc/lkdtm/lkdtm.h |  3 ++
>  lib/Kconfig.ubsan          | 42 +++++++++++++++++++--
>  lib/Makefile               |  2 +
>  scripts/Makefile.ubsan     | 16 ++++++--
>  6 files changed, 134 insertions(+), 7 deletions(-)
>
> --
> 2.17.1

  parent reply index

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-21 18:15 Kees Cook
2019-11-21 18:15 ` [PATCH v2 1/3] ubsan: Add trap instrumentation option Kees Cook
2019-12-16 10:26   ` Will Deacon
2019-12-18  0:08     ` Kees Cook
2019-11-21 18:15 ` [PATCH v2 2/3] ubsan: Split "bounds" checker from other options Kees Cook
2019-11-21 18:15 ` [PATCH v2 3/3] lkdtm/bugs: Add arithmetic overflow and array bounds checks Kees Cook
2019-11-22  9:07 ` Dmitry Vyukov [this message]
2019-11-22 16:52   ` [PATCH v2 0/3] ubsan: Split out bounds checker Kees Cook
2019-11-27  5:42   ` Kees Cook
2019-11-27  6:54     ` Dmitry Vyukov
2019-11-27  9:34       ` Dmitry Vyukov
2019-11-27 17:59         ` Kees Cook
2019-11-28 10:38           ` Dmitry Vyukov
2019-11-28 16:14             ` Qian Cai
2019-11-28 13:10           ` Dmitry Vyukov

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACT4Y+b3JZM=TSvUPZRMiJEPNH69otidRCqq9gmKX53UHxYqLg@mail.gmail.com' \
    --to=dvyukov@google.com \
    --cc=akpm@linux-foundation.org \
    --cc=ard.biesheuvel@linaro.org \
    --cc=arnd@arndb.de \
    --cc=aryabinin@virtuozzo.com \
    --cc=dan.carpenter@oracle.com \
    --cc=glider@google.com \
    --cc=gustavo@embeddedor.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=lenaptr@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller@googlegroups.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Kernel-hardening archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernel-hardening/0 kernel-hardening/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernel-hardening kernel-hardening/ https://lore.kernel.org/kernel-hardening \
		kernel-hardening@lists.openwall.com
	public-inbox-index kernel-hardening

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.openwall.lists.kernel-hardening


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git