From patchwork Tue Jul 26 20:43:27 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Emese Revfy <re.emese@gmail.com>
X-Patchwork-Id: 9248833
Return-Path: <linux-kbuild-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	BE2C96077C for <patchwork-linux-kbuild@patchwork.kernel.org>;
	Tue, 26 Jul 2016 20:25:08 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AFC0E26223
	for <patchwork-linux-kbuild@patchwork.kernel.org>;
	Tue, 26 Jul 2016 20:25:08 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A3971272AA; Tue, 26 Jul 2016 20:25:08 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4754D26223
	for <patchwork-linux-kbuild@patchwork.kernel.org>;
	Tue, 26 Jul 2016 20:25:08 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1758275AbcGZUZH (ORCPT
	<rfc822;patchwork-linux-kbuild@patchwork.kernel.org>);
	Tue, 26 Jul 2016 16:25:07 -0400
Received: from mail-wm0-f67.google.com ([74.125.82.67]:36502 "EHLO
	mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1757322AbcGZUZF (ORCPT
	<rfc822;linux-kbuild@vger.kernel.org>);
	Tue, 26 Jul 2016 16:25:05 -0400
Received: by mail-wm0-f67.google.com with SMTP id x83so3390706wma.3;
	Tue, 26 Jul 2016 13:25:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=date:from:to:cc:subject:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=Fk4uCozI0EvCbUuRnIu196tNibc0/nBX1lSkUh91e40=;
	b=Mv8xMR97J9uoFxzEkAypW1f5dG2lEPV8O7Xmhf6BvUB/4dd47ryfjc2jmaeNQR4Ug1
	78+/cVH7+2QRmYIKJjSpX7uq4hW36EvMzenUPtN/LLusCB7ndu7GoqMiTPCj6gJQR1Tc
	K1A+Y1Polj1cEXDmAWoiPIsed+HAvBt7k+N3LNbBkAIHaIlXaD7N942Vb9hUg+c2tBzk
	qEBrD6khTYwp9ZB8ex1q5UubAGxylUlzSq+pP4r000ETHy3gTRSiDczjQDeLuAJUF8Ch
	BUeogh/2q9/6u8rp+qpAQ/eDIcK9lC9hArc7C50kk4GT+YR0BT3nG2qx79Br8XINfFz8
	kGBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=Fk4uCozI0EvCbUuRnIu196tNibc0/nBX1lSkUh91e40=;
	b=IQpEGonzMPP3jOwJawV9JvoVhd98ThK/u2dFtvE5dbs86rTGEEJjEKq+UvzfwRy1Yc
	3gbb+th1ltRUaE/JQMhCczTjXnN+pe1k/de69vpXvZbGkWPe9O9m5DdA02WtbyKV/i5p
	sZwWXRYpYSYuJqpMgNH7WLRJ2jGTz2k+b4h2SuVvJVcCGwAqAXm/XOo6heXSf5qbNuo+
	v134iPT2gKoqy0RLK7LmYBXBZoIhYannecwPSyHqBEwzWBkQDB14Sz4rWsJkJYt2q2EX
	uX4ff7qcOL0pAdJterZc1L0nTba2wXDt2jU/OOFbK1yy6U16Ggaw9h0pMJuq1qtpz6M+
	Bzwg==
X-Gm-Message-State: 
 AEkoout+PD4BTuoXvtHgvhc0mchcDg/ktjGTFnzCWLy1AaKiyzNaTu40zmUQAugseh3iug==
X-Received: by 10.194.30.197 with SMTP id u5mr23100802wjh.177.1469564704270;
	Tue, 26 Jul 2016 13:25:04 -0700 (PDT)
Received: from vakond.lan (beleg.madhouse-project.org. [128.199.36.147])
	by smtp.gmail.com with ESMTPSA id
	e65sm3444871wmg.3.2016.07.26.13.25.02
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 26 Jul 2016 13:25:03 -0700 (PDT)
Date: Tue, 26 Jul 2016 22:43:27 +0200
From: Emese Revfy <re.emese@gmail.com>
To: kernel-hardening@lists.openwall.com
Cc: pageexec@freemail.hu, spender@grsecurity.net, mmarek@suse.com,
	keescook@chromium.org, linux-kernel@vger.kernel.org,
	yamada.masahiro@socionext.com, linux-kbuild@vger.kernel.org,
	minipli@ld-linux.so, linux@armlinux.org.uk,
	catalin.marinas@arm.com, linux@rasmusvillemoes.dk,
	david.brown@linaro.org, benh@kernel.crashing.org,
	tglx@linutronix.de, akpm@linux-foundation.org,
	jlayton@poochiereds.net, arnd@arndb.de, sam@ravnborg.org,
	isdn@linux-pingi.de
Subject: [PATCH v3 7/7] Mark functions with the __unverified_nocapture
	attribute
Message-Id: <20160726224327.c9b41ba7c1c37771f49968ce@gmail.com>
In-Reply-To: <20160726223541.513ce76f6de65389da6a6abe@gmail.com>
References: <20160726223541.513ce76f6de65389da6a6abe@gmail.com>
X-Mailer: Sylpheed 3.5.0 (GTK+ 2.24.30; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Sender: linux-kbuild-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kbuild.vger.kernel.org>
X-Mailing-List: linux-kbuild@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

This attribute disables the compile data flow verification of the
designated nocapture parameters of the function. Use it only on function
parameters that are difficult for the plugin to analyze.

Signed-off-by: Emese Revfy <re.emese@gmail.com>
---
 include/linux/compiler-gcc.h | 1 +
 include/linux/compiler.h     | 4 ++++
 lib/vsprintf.c               | 4 ++--
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index 6697ea3..76797b9 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -207,6 +207,7 @@
  */
 #ifdef INITIFY_PLUGIN
 #define __nocapture(...) __attribute__((nocapture(__VA_ARGS__)))
+#define __unverified_nocapture(...) __attribute__((unverified_nocapture(__VA_ARGS__)))
 #endif
 
 /*
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 391b48b..f0b4156 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -416,6 +416,10 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
 # define __nocapture(...)
 #endif
 
+#ifndef __unverified_nocapture
+# define __unverified_nocapture(...)
+#endif
+
 /*
  * Tell gcc if a function is cold. The compiler will assume any path
  * directly leading to the call is unlikely.
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index a192761..cb964b5 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -118,7 +118,7 @@ long long simple_strtoll(const char *cp, char **endp, unsigned int base)
 }
 EXPORT_SYMBOL(simple_strtoll);
 
-static noinline_for_stack __nocapture(1)
+static noinline_for_stack __nocapture(1) __unverified_nocapture(1)
 int skip_atoi(const char **s)
 {
 	int i = 0;
@@ -1570,7 +1570,7 @@ int kptr_restrict __read_mostly;
  * function pointers are really function descriptors, which contain a
  * pointer to the real address.
  */
-static noinline_for_stack __nocapture(1)
+static noinline_for_stack __nocapture(1) __unverified_nocapture(1)
 char *pointer(const char *fmt, char *buf, char *end, void *ptr,
 	      struct printf_spec spec)
 {