From: Emese Revfy <re.emese@gmail.com>
To: kernel-hardening@lists.openwall.com
Cc: pageexec@freemail.hu, spender@grsecurity.net, mmarek@suse.com,
keescook@chromium.org, linux-kernel@vger.kernel.org,
yamada.masahiro@socionext.com, linux-kbuild@vger.kernel.org,
minipli@ld-linux.so, linux@armlinux.org.uk,
catalin.marinas@arm.com, linux@rasmusvillemoes.dk,
david.brown@linaro.org, benh@kernel.crashing.org,
tglx@linutronix.de, akpm@linux-foundation.org,
jlayton@poochiereds.net, arnd@arndb.de, sam@ravnborg.org,
isdn@linux-pingi.de
Subject: [PATCH v3 7/7] Mark functions with the __unverified_nocapture attribute
Date: Tue, 26 Jul 2016 22:43:27 +0200 [thread overview]
Message-ID: <20160726224327.c9b41ba7c1c37771f49968ce@gmail.com> (raw)
In-Reply-To: <20160726223541.513ce76f6de65389da6a6abe@gmail.com>
This attribute disables the compile data flow verification of the
designated nocapture parameters of the function. Use it only on function
parameters that are difficult for the plugin to analyze.
Signed-off-by: Emese Revfy <re.emese@gmail.com>
---
include/linux/compiler-gcc.h | 1 +
include/linux/compiler.h | 4 ++++
lib/vsprintf.c | 4 ++--
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index 6697ea3..76797b9 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -207,6 +207,7 @@
*/
#ifdef INITIFY_PLUGIN
#define __nocapture(...) __attribute__((nocapture(__VA_ARGS__)))
+#define __unverified_nocapture(...) __attribute__((unverified_nocapture(__VA_ARGS__)))
#endif
/*
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 391b48b..f0b4156 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -416,6 +416,10 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
# define __nocapture(...)
#endif
+#ifndef __unverified_nocapture
+# define __unverified_nocapture(...)
+#endif
+
/*
* Tell gcc if a function is cold. The compiler will assume any path
* directly leading to the call is unlikely.
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index a192761..cb964b5 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -118,7 +118,7 @@ long long simple_strtoll(const char *cp, char **endp, unsigned int base)
}
EXPORT_SYMBOL(simple_strtoll);
-static noinline_for_stack __nocapture(1)
+static noinline_for_stack __nocapture(1) __unverified_nocapture(1)
int skip_atoi(const char **s)
{
int i = 0;
@@ -1570,7 +1570,7 @@ int kptr_restrict __read_mostly;
* function pointers are really function descriptors, which contain a
* pointer to the real address.
*/
-static noinline_for_stack __nocapture(1)
+static noinline_for_stack __nocapture(1) __unverified_nocapture(1)
char *pointer(const char *fmt, char *buf, char *end, void *ptr,
struct printf_spec spec)
{
--
2.8.1
WARNING: multiple messages have this Message-ID (diff)
From: Emese Revfy <re.emese@gmail.com>
To: kernel-hardening@lists.openwall.com
Cc: pageexec@freemail.hu, spender@grsecurity.net, mmarek@suse.com,
keescook@chromium.org, linux-kernel@vger.kernel.org,
yamada.masahiro@socionext.com, linux-kbuild@vger.kernel.org,
minipli@ld-linux.so, linux@armlinux.org.uk,
catalin.marinas@arm.com, linux@rasmusvillemoes.dk,
david.brown@linaro.org, benh@kernel.crashing.org,
tglx@linutronix.de, akpm@linux-foundation.org,
jlayton@poochiereds.net, arnd@arndb.de, sam@ravnborg.org,
isdn@linux-pingi.de
Subject: [kernel-hardening] [PATCH v3 7/7] Mark functions with the __unverified_nocapture attribute
Date: Tue, 26 Jul 2016 22:43:27 +0200 [thread overview]
Message-ID: <20160726224327.c9b41ba7c1c37771f49968ce@gmail.com> (raw)
In-Reply-To: <20160726223541.513ce76f6de65389da6a6abe@gmail.com>
This attribute disables the compile data flow verification of the
designated nocapture parameters of the function. Use it only on function
parameters that are difficult for the plugin to analyze.
Signed-off-by: Emese Revfy <re.emese@gmail.com>
---
include/linux/compiler-gcc.h | 1 +
include/linux/compiler.h | 4 ++++
lib/vsprintf.c | 4 ++--
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index 6697ea3..76797b9 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -207,6 +207,7 @@
*/
#ifdef INITIFY_PLUGIN
#define __nocapture(...) __attribute__((nocapture(__VA_ARGS__)))
+#define __unverified_nocapture(...) __attribute__((unverified_nocapture(__VA_ARGS__)))
#endif
/*
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 391b48b..f0b4156 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -416,6 +416,10 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
# define __nocapture(...)
#endif
+#ifndef __unverified_nocapture
+# define __unverified_nocapture(...)
+#endif
+
/*
* Tell gcc if a function is cold. The compiler will assume any path
* directly leading to the call is unlikely.
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index a192761..cb964b5 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -118,7 +118,7 @@ long long simple_strtoll(const char *cp, char **endp, unsigned int base)
}
EXPORT_SYMBOL(simple_strtoll);
-static noinline_for_stack __nocapture(1)
+static noinline_for_stack __nocapture(1) __unverified_nocapture(1)
int skip_atoi(const char **s)
{
int i = 0;
@@ -1570,7 +1570,7 @@ int kptr_restrict __read_mostly;
* function pointers are really function descriptors, which contain a
* pointer to the real address.
*/
-static noinline_for_stack __nocapture(1)
+static noinline_for_stack __nocapture(1) __unverified_nocapture(1)
char *pointer(const char *fmt, char *buf, char *end, void *ptr,
struct printf_spec spec)
{
--
2.8.1
next prev parent reply other threads:[~2016-07-26 20:25 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-26 20:35 [PATCH v3 0/7] Introduce the initify gcc plugin Emese Revfy
2016-07-26 20:35 ` [kernel-hardening] " Emese Revfy
2016-07-26 20:36 ` [PATCH v3 1/7] Move type casts into is_kernel_rodata Emese Revfy
2016-07-26 20:36 ` [kernel-hardening] " Emese Revfy
2016-07-26 20:38 ` [PATCH v3 2/7] Split up struct warn_args Emese Revfy
2016-07-26 20:38 ` [kernel-hardening] " Emese Revfy
2016-07-27 1:15 ` kbuild test robot
2016-07-27 1:15 ` [kernel-hardening] " kbuild test robot
2016-07-27 2:27 ` kbuild test robot
2016-07-27 2:27 ` [kernel-hardening] " kbuild test robot
2016-07-27 15:31 ` Emese Revfy
2016-07-27 15:31 ` [kernel-hardening] " Emese Revfy
2016-07-26 20:39 ` [PATCH v3 3/7] Constify some function parameters Emese Revfy
2016-07-26 20:39 ` [kernel-hardening] " Emese Revfy
2016-07-26 20:40 ` [PATCH v3 4/7] Add the initify gcc plugin Emese Revfy
2016-07-26 20:40 ` [kernel-hardening] " Emese Revfy
2016-07-26 20:41 ` [PATCH v3 5/7] Mark functions with the __nocapture attribute Emese Revfy
2016-07-26 20:41 ` [kernel-hardening] " Emese Revfy
2016-07-26 20:42 ` [PATCH v3 6/7] Mark a few functions with the printf attribute Emese Revfy
2016-07-26 20:42 ` [kernel-hardening] " Emese Revfy
2016-07-27 1:17 ` kbuild test robot
2016-07-27 1:17 ` [kernel-hardening] " kbuild test robot
2016-07-27 1:23 ` kbuild test robot
2016-07-27 1:23 ` [kernel-hardening] " kbuild test robot
2016-07-27 1:29 ` kbuild test robot
2016-07-27 1:29 ` [kernel-hardening] " kbuild test robot
2016-07-27 15:34 ` Emese Revfy
2016-07-27 15:34 ` [kernel-hardening] " Emese Revfy
2016-07-26 20:43 ` Emese Revfy [this message]
2016-07-26 20:43 ` [kernel-hardening] [PATCH v3 7/7] Mark functions with the __unverified_nocapture attribute Emese Revfy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160726224327.c9b41ba7c1c37771f49968ce@gmail.com \
--to=re.emese@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=benh@kernel.crashing.org \
--cc=catalin.marinas@arm.com \
--cc=david.brown@linaro.org \
--cc=isdn@linux-pingi.de \
--cc=jlayton@poochiereds.net \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=linux@rasmusvillemoes.dk \
--cc=minipli@ld-linux.so \
--cc=mmarek@suse.com \
--cc=pageexec@freemail.hu \
--cc=sam@ravnborg.org \
--cc=spender@grsecurity.net \
--cc=tglx@linutronix.de \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.