From patchwork Wed Jan 23 11:03:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10778535 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7335F1399 for ; Thu, 24 Jan 2019 08:26:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6593C2E201 for ; Thu, 24 Jan 2019 08:26:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 595F32E209; Thu, 24 Jan 2019 08:26:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 17DC82E201 for ; Thu, 24 Jan 2019 08:26:11 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 8FB3A6F0D1; Thu, 24 Jan 2019 08:25:39 +0000 (UTC) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) by gabe.freedesktop.org (Postfix) with ESMTPS id 8BE966EEE4 for ; Wed, 23 Jan 2019 11:04:15 +0000 (UTC) Received: by mail-pl1-x644.google.com with SMTP id 101so1007687pld.6 for ; Wed, 23 Jan 2019 03:04:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=eOH0evUuoYnXDQzpGOjj3b0HOCtKjXfnS8BAvgmzoB0=; b=jThXNLs+lWyJpxMSGMLZkEYhAE+Zl/LZQkvccy/jj2BhyqqxMJ32Yg5sGHNE7a2XjM /DC6s+3zrXRdl0vqVGSgOxlfcyBIJOL00g8o0CvB0C6/EPejo30yu8Efmud9HDnvdPFl s7N7SzVKUtT8bbqWg/PQSQux3XzYFBL5dTRKtVjXgt9a33SKOD8+vbthfsyaQILOME6w 4DBlazXdCUqklrxF2M3QsbD90cIaK4R5YZeLQQpVOxy9mKoSxkfxodYS79dkg5es4P9s clpdNdV6TvZqkkpAEFhpntFUQ2OWSBk4E0G1lTFUV8YP+jVbVZKoudajF/1W2d+XaDmd QlNg== X-Gm-Message-State: AJcUukdSbG3xvO/CtDhmVg5pTmBTc4yO3CPQZ5DfcW7xK9a9pgN9rVzH aQ+LTSE7hXRGAlC1nl1o/k+QKQ== X-Google-Smtp-Source: ALg8bN4MaWR5XqsDsgdWgLwpfKZxt4LUG4ZZGKgogh3VDQfDjkiUg54eL3BLTvjTOGXKhvj7c+hNuQ== X-Received: by 2002:a17:902:714c:: with SMTP id u12mr1770044plm.234.1548241455187; Wed, 23 Jan 2019 03:04:15 -0800 (PST) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id n186sm23207263pfn.137.2019.01.23.03.04.12 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 23 Jan 2019 03:04:12 -0800 (PST) From: Kees Cook To: linux-kernel@vger.kernel.org Subject: [PATCH 0/3] gcc-plugins: Introduce stackinit plugin Date: Wed, 23 Jan 2019 03:03:46 -0800 Message-Id: <20190123110349.35882-1-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 24 Jan 2019 08:25:37 +0000 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dev@openvswitch.org, Kees Cook , Ard Biesheuvel , netdev@vger.kernel.org, intel-gfx@lists.freedesktop.org, linux-usb@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-mm@kvack.org, linux-security-module@vger.kernel.org, kernel-hardening@lists.openwall.com, intel-wired-lan@lists.osuosl.org, linux-fsdevel@vger.kernel.org, xen-devel@lists.xenproject.org, linux-kbuild@vger.kernel.org, Alexander Popov Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Virus-Scanned: ClamAV using ClamSMTP This adds a new plugin "stackinit" that attempts to perform unconditional initialization of all stack variables[1]. It has wider effects than GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y since BYREF_ALL does not consider non-structures. A notable weakness is that padding bytes in many cases remain uninitialized since GCC treats these bytes as "undefined". I'm hoping we can improve the compiler (or the plugin) to cover that too. (It's worth noting that BYREF_ALL actually does handle the padding -- I think this is due to the different method of detecting if initialization is needed.) Included is a tree-wide change to move switch variables up and out of their switch and into the top-level variable declarations. Included is a set of test cases for evaluating stack initialization, which checks for padding, different types, etc. Feedback welcome! :) -Kees [1] https://lkml.kernel.org/r/CA+55aFykZL+cSBJjBBts7ebEFfyGPdMzTmLSxKnT_29=j942dA@mail.gmail.com Kees Cook (3): treewide: Lift switch variables out of switches gcc-plugins: Introduce stackinit plugin lib: Introduce test_stackinit module arch/x86/xen/enlighten_pv.c | 7 +- drivers/char/pcmcia/cm4000_cs.c | 2 +- drivers/char/ppdev.c | 20 +- drivers/gpu/drm/drm_edid.c | 4 +- drivers/gpu/drm/i915/intel_display.c | 2 +- drivers/gpu/drm/i915/intel_pm.c | 4 +- drivers/net/ethernet/intel/e1000/e1000_main.c | 3 +- drivers/tty/n_tty.c | 3 +- drivers/usb/gadget/udc/net2280.c | 5 +- fs/fcntl.c | 3 +- lib/Kconfig.debug | 9 + lib/Makefile | 1 + lib/test_stackinit.c | 327 ++++++++++++++++++ mm/shmem.c | 5 +- net/core/skbuff.c | 4 +- net/ipv6/ip6_gre.c | 4 +- net/ipv6/ip6_tunnel.c | 4 +- net/openvswitch/flow_netlink.c | 7 +- scripts/Makefile.gcc-plugins | 6 + scripts/gcc-plugins/Kconfig | 9 + scripts/gcc-plugins/gcc-common.h | 11 +- scripts/gcc-plugins/stackinit_plugin.c | 79 +++++ security/tomoyo/common.c | 3 +- security/tomoyo/condition.c | 7 +- security/tomoyo/util.c | 4 +- 25 files changed, 484 insertions(+), 49 deletions(-) create mode 100644 lib/test_stackinit.c create mode 100644 scripts/gcc-plugins/stackinit_plugin.c