* [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test
@ 2017-01-11 14:56 Arnd Bergmann
2017-01-11 16:33 ` Kees Cook
2017-01-16 10:23 ` Michael Ellerman
0 siblings, 2 replies; 4+ messages in thread
From: Arnd Bergmann @ 2017-01-11 14:56 UTC (permalink / raw)
To: Kees Cook, Greg Kroah-Hartman
Cc: Arnd Bergmann, Michael Ellerman, linux-kernel
After the latest change to make sure the compiler actually does a memset,
it is now smart enough to flag the stack overflow at compile time,
at least with gcc-7.0:
drivers/misc/lkdtm_bugs.c: In function 'lkdtm_CORRUPT_STACK':
drivers/misc/lkdtm_bugs.c:88:144: warning: 'memset' writing 64 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=]
To outsmart the compiler again, this moves the memset into a noinline
function where (for now) it doesn't see that we intentionally write
broken code here.
Fixes: c55d240003ae ("lkdtm: Prevent the compiler from optimising lkdtm_CORRUPT_STACK()")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
drivers/misc/lkdtm_bugs.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/lkdtm_bugs.c b/drivers/misc/lkdtm_bugs.c
index 91edd0b55e5c..bb3bb8ef5f44 100644
--- a/drivers/misc/lkdtm_bugs.c
+++ b/drivers/misc/lkdtm_bugs.c
@@ -80,12 +80,17 @@ void lkdtm_OVERFLOW(void)
(void) recursive_loop(recur_count);
}
+static noinline void __lkdtm_CORRUPT_STACK(void *stack)
+{
+ memset(stack, 'a', 64);
+}
+
noinline void lkdtm_CORRUPT_STACK(void)
{
/* Use default char array length that triggers stack protection. */
char data[8];
+ __lkdtm_CORRUPT_STACK(&data);
- memset((void *)data, 'a', 64);
pr_info("Corrupted stack with '%16s'...\n", data);
}
--
2.9.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test
2017-01-11 14:56 [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test Arnd Bergmann
@ 2017-01-11 16:33 ` Kees Cook
2017-01-16 10:23 ` Michael Ellerman
1 sibling, 0 replies; 4+ messages in thread
From: Kees Cook @ 2017-01-11 16:33 UTC (permalink / raw)
To: Arnd Bergmann; +Cc: Greg Kroah-Hartman, Michael Ellerman, LKML
On Wed, Jan 11, 2017 at 6:56 AM, Arnd Bergmann <arnd@arndb.de> wrote:
> After the latest change to make sure the compiler actually does a memset,
> it is now smart enough to flag the stack overflow at compile time,
> at least with gcc-7.0:
>
> drivers/misc/lkdtm_bugs.c: In function 'lkdtm_CORRUPT_STACK':
> drivers/misc/lkdtm_bugs.c:88:144: warning: 'memset' writing 64 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=]
>
> To outsmart the compiler again, this moves the memset into a noinline
> function where (for now) it doesn't see that we intentionally write
> broken code here.
>
> Fixes: c55d240003ae ("lkdtm: Prevent the compiler from optimising lkdtm_CORRUPT_STACK()")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Hah. Yes, works for me. :)
Acked-by: Kees Cook <keescook@chromium.org>
-Kees
> ---
> drivers/misc/lkdtm_bugs.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/misc/lkdtm_bugs.c b/drivers/misc/lkdtm_bugs.c
> index 91edd0b55e5c..bb3bb8ef5f44 100644
> --- a/drivers/misc/lkdtm_bugs.c
> +++ b/drivers/misc/lkdtm_bugs.c
> @@ -80,12 +80,17 @@ void lkdtm_OVERFLOW(void)
> (void) recursive_loop(recur_count);
> }
>
> +static noinline void __lkdtm_CORRUPT_STACK(void *stack)
> +{
> + memset(stack, 'a', 64);
> +}
> +
> noinline void lkdtm_CORRUPT_STACK(void)
> {
> /* Use default char array length that triggers stack protection. */
> char data[8];
> + __lkdtm_CORRUPT_STACK(&data);
>
> - memset((void *)data, 'a', 64);
> pr_info("Corrupted stack with '%16s'...\n", data);
> }
>
> --
> 2.9.0
>
--
Kees Cook
Nexus Security
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test
2017-01-11 14:56 [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test Arnd Bergmann
2017-01-11 16:33 ` Kees Cook
@ 2017-01-16 10:23 ` Michael Ellerman
2017-01-16 22:01 ` Kees Cook
1 sibling, 1 reply; 4+ messages in thread
From: Michael Ellerman @ 2017-01-16 10:23 UTC (permalink / raw)
To: Arnd Bergmann, Kees Cook, Greg Kroah-Hartman; +Cc: Arnd Bergmann, linux-kernel
Arnd Bergmann <arnd@arndb.de> writes:
> After the latest change to make sure the compiler actually does a memset,
> it is now smart enough to flag the stack overflow at compile time,
> at least with gcc-7.0:
>
> drivers/misc/lkdtm_bugs.c: In function 'lkdtm_CORRUPT_STACK':
> drivers/misc/lkdtm_bugs.c:88:144: warning: 'memset' writing 64 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=]
>
> To outsmart the compiler again, this moves the memset into a noinline
> function where (for now) it doesn't see that we intentionally write
> broken code here.
Heh, darn it.
I suspect this is an arms race we are eventually going to lose. At some
point we might have to switch to writing some of these in asm :/
cheers
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test
2017-01-16 10:23 ` Michael Ellerman
@ 2017-01-16 22:01 ` Kees Cook
0 siblings, 0 replies; 4+ messages in thread
From: Kees Cook @ 2017-01-16 22:01 UTC (permalink / raw)
To: Michael Ellerman; +Cc: Arnd Bergmann, Greg Kroah-Hartman, LKML
On Mon, Jan 16, 2017 at 2:23 AM, Michael Ellerman <mpe@ellerman.id.au> wrote:
> Arnd Bergmann <arnd@arndb.de> writes:
>
>> After the latest change to make sure the compiler actually does a memset,
>> it is now smart enough to flag the stack overflow at compile time,
>> at least with gcc-7.0:
>>
>> drivers/misc/lkdtm_bugs.c: In function 'lkdtm_CORRUPT_STACK':
>> drivers/misc/lkdtm_bugs.c:88:144: warning: 'memset' writing 64 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=]
>>
>> To outsmart the compiler again, this moves the memset into a noinline
>> function where (for now) it doesn't see that we intentionally write
>> broken code here.
>
> Heh, darn it.
>
> I suspect this is an arms race we are eventually going to lose. At some
> point we might have to switch to writing some of these in asm :/
Yeah, though I'm going to keep trying to avoid this as much as
possible. I was almost there when building the .rodata execution test,
but I found horrible tricks. :P
-Kees
--
Kees Cook
Nexus Security
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-01-16 22:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-11 14:56 [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test Arnd Bergmann
2017-01-11 16:33 ` Kees Cook
2017-01-16 10:23 ` Michael Ellerman
2017-01-16 22:01 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).