linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test
@ 2017-01-11 14:56 Arnd Bergmann
  2017-01-11 16:33 ` Kees Cook
  2017-01-16 10:23 ` Michael Ellerman
  0 siblings, 2 replies; 4+ messages in thread
From: Arnd Bergmann @ 2017-01-11 14:56 UTC (permalink / raw)
  To: Kees Cook, Greg Kroah-Hartman
  Cc: Arnd Bergmann, Michael Ellerman, linux-kernel

After the latest change to make sure the compiler actually does a memset,
it is now smart enough to flag the stack overflow at compile time,
at least with gcc-7.0:

drivers/misc/lkdtm_bugs.c: In function 'lkdtm_CORRUPT_STACK':
drivers/misc/lkdtm_bugs.c:88:144: warning: 'memset' writing 64 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=]

To outsmart the compiler again, this moves the memset into a noinline
function where (for now) it doesn't see that we intentionally write
broken code here.

Fixes: c55d240003ae ("lkdtm: Prevent the compiler from optimising lkdtm_CORRUPT_STACK()")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/misc/lkdtm_bugs.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/misc/lkdtm_bugs.c b/drivers/misc/lkdtm_bugs.c
index 91edd0b55e5c..bb3bb8ef5f44 100644
--- a/drivers/misc/lkdtm_bugs.c
+++ b/drivers/misc/lkdtm_bugs.c
@@ -80,12 +80,17 @@ void lkdtm_OVERFLOW(void)
 	(void) recursive_loop(recur_count);
 }
 
+static noinline void __lkdtm_CORRUPT_STACK(void *stack)
+{
+	memset(stack, 'a', 64);
+}
+
 noinline void lkdtm_CORRUPT_STACK(void)
 {
 	/* Use default char array length that triggers stack protection. */
 	char data[8];
+	__lkdtm_CORRUPT_STACK(&data);
 
-	memset((void *)data, 'a', 64);
 	pr_info("Corrupted stack with '%16s'...\n", data);
 }
 
-- 
2.9.0

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test
  2017-01-11 14:56 [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test Arnd Bergmann
@ 2017-01-11 16:33 ` Kees Cook
  2017-01-16 10:23 ` Michael Ellerman
  1 sibling, 0 replies; 4+ messages in thread
From: Kees Cook @ 2017-01-11 16:33 UTC (permalink / raw)
  To: Arnd Bergmann; +Cc: Greg Kroah-Hartman, Michael Ellerman, LKML

On Wed, Jan 11, 2017 at 6:56 AM, Arnd Bergmann <arnd@arndb.de> wrote:
> After the latest change to make sure the compiler actually does a memset,
> it is now smart enough to flag the stack overflow at compile time,
> at least with gcc-7.0:
>
> drivers/misc/lkdtm_bugs.c: In function 'lkdtm_CORRUPT_STACK':
> drivers/misc/lkdtm_bugs.c:88:144: warning: 'memset' writing 64 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=]
>
> To outsmart the compiler again, this moves the memset into a noinline
> function where (for now) it doesn't see that we intentionally write
> broken code here.
>
> Fixes: c55d240003ae ("lkdtm: Prevent the compiler from optimising lkdtm_CORRUPT_STACK()")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

Hah. Yes, works for me. :)

Acked-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
>  drivers/misc/lkdtm_bugs.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/misc/lkdtm_bugs.c b/drivers/misc/lkdtm_bugs.c
> index 91edd0b55e5c..bb3bb8ef5f44 100644
> --- a/drivers/misc/lkdtm_bugs.c
> +++ b/drivers/misc/lkdtm_bugs.c
> @@ -80,12 +80,17 @@ void lkdtm_OVERFLOW(void)
>         (void) recursive_loop(recur_count);
>  }
>
> +static noinline void __lkdtm_CORRUPT_STACK(void *stack)
> +{
> +       memset(stack, 'a', 64);
> +}
> +
>  noinline void lkdtm_CORRUPT_STACK(void)
>  {
>         /* Use default char array length that triggers stack protection. */
>         char data[8];
> +       __lkdtm_CORRUPT_STACK(&data);
>
> -       memset((void *)data, 'a', 64);
>         pr_info("Corrupted stack with '%16s'...\n", data);
>  }
>
> --
> 2.9.0
>



-- 
Kees Cook
Nexus Security

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test
  2017-01-11 14:56 [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test Arnd Bergmann
  2017-01-11 16:33 ` Kees Cook
@ 2017-01-16 10:23 ` Michael Ellerman
  2017-01-16 22:01   ` Kees Cook
  1 sibling, 1 reply; 4+ messages in thread
From: Michael Ellerman @ 2017-01-16 10:23 UTC (permalink / raw)
  To: Arnd Bergmann, Kees Cook, Greg Kroah-Hartman; +Cc: Arnd Bergmann, linux-kernel

Arnd Bergmann <arnd@arndb.de> writes:

> After the latest change to make sure the compiler actually does a memset,
> it is now smart enough to flag the stack overflow at compile time,
> at least with gcc-7.0:
>
> drivers/misc/lkdtm_bugs.c: In function 'lkdtm_CORRUPT_STACK':
> drivers/misc/lkdtm_bugs.c:88:144: warning: 'memset' writing 64 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=]
>
> To outsmart the compiler again, this moves the memset into a noinline
> function where (for now) it doesn't see that we intentionally write
> broken code here.

Heh, darn it.

I suspect this is an arms race we are eventually going to lose. At some
point we might have to switch to writing some of these in asm :/

cheers

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test
  2017-01-16 10:23 ` Michael Ellerman
@ 2017-01-16 22:01   ` Kees Cook
  0 siblings, 0 replies; 4+ messages in thread
From: Kees Cook @ 2017-01-16 22:01 UTC (permalink / raw)
  To: Michael Ellerman; +Cc: Arnd Bergmann, Greg Kroah-Hartman, LKML

On Mon, Jan 16, 2017 at 2:23 AM, Michael Ellerman <mpe@ellerman.id.au> wrote:
> Arnd Bergmann <arnd@arndb.de> writes:
>
>> After the latest change to make sure the compiler actually does a memset,
>> it is now smart enough to flag the stack overflow at compile time,
>> at least with gcc-7.0:
>>
>> drivers/misc/lkdtm_bugs.c: In function 'lkdtm_CORRUPT_STACK':
>> drivers/misc/lkdtm_bugs.c:88:144: warning: 'memset' writing 64 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=]
>>
>> To outsmart the compiler again, this moves the memset into a noinline
>> function where (for now) it doesn't see that we intentionally write
>> broken code here.
>
> Heh, darn it.
>
> I suspect this is an arms race we are eventually going to lose. At some
> point we might have to switch to writing some of these in asm :/

Yeah, though I'm going to keep trying to avoid this as much as
possible. I was almost there when building the .rodata execution test,
but I found horrible tricks. :P

-Kees

-- 
Kees Cook
Nexus Security

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-01-16 22:08 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-11 14:56 [PATCH] lkdtm: hide stack overflow warning for corrupt-stack test Arnd Bergmann
2017-01-11 16:33 ` Kees Cook
2017-01-16 10:23 ` Michael Ellerman
2017-01-16 22:01   ` Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).