Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAK8P3a2xC3OVckPnweSjor3AH5LpSzichKxAjkAcgXDtCf0QmQ@mail.gmail.com>
Date: Thu, 28 Feb 2019 21:27:08 +0100
From: Arnd Bergmann <arnd@...db.de>
To: Kees Cook <keescook@...omium.org>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Emese Revfy <re.emese@...il.com>, 
	Alexander Popov <alex.popov@...ux.com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, 
	Laura Abbott <labbott@...hat.com>, Jann Horn <jannh@...gle.com>, 
	Alexander Potapenko <glider@...gle.com>, Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH 1/2] gcc-plugins: structleak: Generalize to all variable types

On Tue, Feb 12, 2019 at 7:08 PM Kees Cook <keescook@...omium.org> wrote:
>
> This adjusts structleak to also work with non-struct types when they
> are passed by reference, since those variables may leak just like
> anything else. This is exposed via an improved set of Kconfig options.
> (This does mean structleak is slightly misnamed now.)
>
> Building with CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL should give the
> kernel complete initialization coverage of all stack variables passed
> by reference, including padding (see lib/test_stackinit.c).
>
> Using CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE to count added initializations
> under defconfig:
>
>         ..._BYREF:      5945 added initializations
>         ..._BYREF_ALL: 16606 added initializations
>
> There is virtually no change to text+data size (both have less than 0.05%
> growth):

I just resumed my randconfig build testing after a longer break, and found
a regression for stack usage that I bisected to your change. It shows up in a
variety of files depending on the configuration, so far the worst one is the
configuration at https://pastebin.com/UK54qbKa that leads to

../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_start_search':
../drivers/media/dvb-frontends/stv090x.c:1595:1: error: the frame size
of 5320 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]
../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_optimize_track':
../drivers/media/dvb-frontends/stv090x.c:3090:1: error: the frame size
of 5872 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]
../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_algo':
../drivers/media/dvb-frontends/stv090x.c:3431:1: error: the frame size
of 5144 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]
 }

At least for this specific file, I also see a significant (though not alarming)
increase in code size:

   text       data        bss        dec        hex    filename
179196       4632        256     184084      2cf14
obj-x86/drivers/media/dvb-frontends/stv090x-before.o
 216740       4632        256     221628      361bc
obj-x86/drivers/media/dvb-frontends/stv090x-after.o

Part of the problem here is definitely interaction with the asan-stack
sanitizer. Changing asan-stack=1 to asan-stack=0, it looks a lot
better:

../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_start_search':
../drivers/media/dvb-frontends/stv090x.c:1595:1: warning: the frame
size of 120 bytes is larger than 20 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_optimize_track':
../drivers/media/dvb-frontends/stv090x.c:3090:1: warning: the frame
size of 168 bytes is larger than 20 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_algo':
../drivers/media/dvb-frontends/stv090x.c:3431:1: warning: the frame
size of 192 bytes is larger than 20 bytes [-Wframe-larger-than=]

   text       data        bss        dec        hex    filename
184061       4632        256     188949      2e215
obj-x86/drivers/media/dvb-frontends/stv090x.o

I get similar results with asan-stack=1 but without your plugin, only
the combination of the two has the explosive stack size growth.

I can help analyze this further, but maybe you can have a look first,
there might be something obvious when you read the input to the
plugin.

      Arnd

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.