From patchwork Thu Sep 1 06:59:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12961883 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B02C6ECAAD1 for ; Thu, 1 Sep 2022 06:59:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233092AbiIAG7f (ORCPT ); Thu, 1 Sep 2022 02:59:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47024 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232561AbiIAG7c (ORCPT ); Thu, 1 Sep 2022 02:59:32 -0400 Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2D25122061 for ; Wed, 31 Aug 2022 23:59:22 -0700 (PDT) Received: by mail-pj1-x1030.google.com with SMTP id t11-20020a17090a510b00b001fac77e9d1fso1525731pjh.5 for ; Wed, 31 Aug 2022 23:59:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc; bh=SVF6PLCQYqQfDJ1mbN1yYxWEY7a8snySanblxKa0G2g=; b=EQ/HtONlIP3lRAqKj+jLTa8iFP06eGdSTaZLe5lHLgIDfq9K7upKcsMHo7HNyzsSkF 0ZLJjdRLAFIchTJ6/V08SQ7BFOgs+yr6wqZgVTTZbPc60qYf6bUBktAdTV0xCmLO8+rb TYtDclkULIsMF+oVCmKnFv6cIQg8YhK8pUZys= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc; bh=SVF6PLCQYqQfDJ1mbN1yYxWEY7a8snySanblxKa0G2g=; b=kOOpRYPF80Z9UBT8i4oaVTynuMkvE2GWjH0wxR+cH2Jc5tl0EqkCf9q+LBRoLgNoDc lLs0tfvCtygWspdcg/tmivjU9EzIvfzRvVJiQE6cNFhRSwMi2+N5Z5rUEI+mwWyVL690 8axur2UlBm6z1eZYbiRQaPgxIHSpaYHhfqCc+x4iPJIZSagX8lqpartlMirs1qDwC8w2 U4zj/LUC8vzeM09YqGdD5vDPYY6VA7HfjPCE9CzP8RWX+5qZFvp/iF79okQPPWcCt7Z6 YR4qxqCNx0rbsPcf89j/OlrTKXYoZ5KPKG056RzDWLc1VfZN0GQV2jocojokHZtnwBex Z8BQ== X-Gm-Message-State: ACgBeo2V8MNWfefDWH0y5qds4AnvM71J9P5KNv2G/cX8lsQANOv0Golg 5cCBlnXDxvDKuXu0WYaqcC8j/g== X-Google-Smtp-Source: AA6agR5ZHgeSnW5XK+mgnShl1BdOSPwjqbKb94qG4dgHKo3KiQskBMRdrJtDtsttOZ30SOZ9HrF0LA== X-Received: by 2002:a17:90b:1b0d:b0:1fe:3993:2a82 with SMTP id nu13-20020a17090b1b0d00b001fe39932a82mr5096208pjb.155.1662015559648; Wed, 31 Aug 2022 23:59:19 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id d65-20020a623644000000b0052d40c4c06esm12497770pfa.39.2022.08.31.23.59.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Aug 2022 23:59:17 -0700 (PDT) From: Kees Cook To: "Gustavo A. R. Silva" Cc: Kees Cook , Arnd Bergmann , Greg Kroah-Hartman , Shuah Khan , Nathan Chancellor , Nick Desaulniers , Tom Rix , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-hardening@vger.kernel.org, llvm@lists.linux.dev Subject: [PATCH 0/2] fortify: Add run-time WARN for cross-field memcpy() Date: Wed, 31 Aug 2022 23:59:12 -0700 Message-Id: <20220901065914.1417829-1-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=713; h=from:subject; bh=LeTil4IEruxaVe7mWfrPpEi0Vfjy7lWn1LjQi8mvjkw=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjEFhCZb05sz6D+GQp3RqFe9s96Vb19uXf8nu3+B/3 K+EZyvaJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYxBYQgAKCRCJcvTf3G3AJi02D/ 9A5CVWpB/R+rtBo9Hz69xc6KVgu9rGAbBRmVMjtYWVn4jtOxiPSLL8QvW0t+F8vkIgPS+RUnSfjZ/0 hAU1oLluzNcqNPSj+L+o3ZE3lT5Xiyqcr8goXd36TwOHZWUaEmUTsNqpOyacfC2URgDVGGv3f81HXC m5U4bxfDPCb5BT8oEEhXs+EnMqs5M71OKC4aVhtwv9NPX9Ah4fm2tSgVrp56GMEu+7maQGY0qwBxhB dW7MjQ4glVMJHiL+cIr1k4cv8G6rbH5Gim5R1TBsLDoalZws0NMeanliOh2uEJVju/0SPCvE/48Opw t/00snJqhXKOz5vO1+BvO58eGBDmkPVMKt9wNfagz81UM8FIZ00SJJdt4bHPvKyFFBJF4MbBUOLZTI cjc9glqVRIUaXO3FKCtPshmj8y8mIyieEWgi6QjZfK71EmSGyLVJK98BR5QnRZL08xI+iVEy0oqVSV HwoOnj8kFFns7arwq/q0lqlZhNBcVyS0WEI/gJ89LxMimKXuzoPesmuYtiHxx2HhJH+k2TRQpQpLE3 LbkkMEsGVvNwFnbEAFH/vrV+nAv7gFgoI/ncQT3bBwBjeZRSG12fXhXZrpT+j66OTFoxqr5kh09A1F 4ckTG6O2Wm6QL3oG/QSk+zkNQMRReyyLNpOsiB4/UEAF9Bmss0e2PtJ6+GBQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Hi, I'm hoping to at least get this into -next to see how noisy it ends up being. I've tracked down several false positives that are getting fixed, but I'd like to see this get wider testing. For details, see patch 1, but this is the run-time half of the recent FORTIFY_SOURCE memcpy() bounds checking work. -Kees Kees Cook (2): fortify: Add run-time WARN for cross-field memcpy() lkdtm: Update tests for memcpy() run-time warnings drivers/misc/lkdtm/fortify.c | 96 +++++++++++++++++++++---- include/linux/fortify-string.h | 70 +++++++++++++++++- tools/testing/selftests/lkdtm/tests.txt | 8 ++- 3 files changed, 155 insertions(+), 19 deletions(-) Tested-by: Nathan Chancellor