From patchwork Tue Jul 26 20:43:27 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Emese Revfy X-Patchwork-Id: 9248837 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 349B06077C for ; Tue, 26 Jul 2016 20:25:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 271A326223 for ; Tue, 26 Jul 2016 20:25:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1B535272AA; Tue, 26 Jul 2016 20:25:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 2D71626223 for ; Tue, 26 Jul 2016 20:25:32 +0000 (UTC) Received: (qmail 27761 invoked by uid 550); 26 Jul 2016 20:25:31 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: kernel-hardening@lists.openwall.com Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 27658 invoked from network); 26 Jul 2016 20:25:15 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Fk4uCozI0EvCbUuRnIu196tNibc0/nBX1lSkUh91e40=; b=Mv8xMR97J9uoFxzEkAypW1f5dG2lEPV8O7Xmhf6BvUB/4dd47ryfjc2jmaeNQR4Ug1 78+/cVH7+2QRmYIKJjSpX7uq4hW36EvMzenUPtN/LLusCB7ndu7GoqMiTPCj6gJQR1Tc K1A+Y1Polj1cEXDmAWoiPIsed+HAvBt7k+N3LNbBkAIHaIlXaD7N942Vb9hUg+c2tBzk qEBrD6khTYwp9ZB8ex1q5UubAGxylUlzSq+pP4r000ETHy3gTRSiDczjQDeLuAJUF8Ch BUeogh/2q9/6u8rp+qpAQ/eDIcK9lC9hArc7C50kk4GT+YR0BT3nG2qx79Br8XINfFz8 kGBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Fk4uCozI0EvCbUuRnIu196tNibc0/nBX1lSkUh91e40=; b=XNQBOOxvMnGJP6VuvQKKVFQIhUvJE2VOsS9wUJ57VmQeS/ASTLc0+H4cE8SjeJEIH+ yupiac1m3ynjFKK19hKywywvasQ2uXKLX7tONeH+PYtVkfiixxIiSyLQ9/JAzBdM89/i /MLBP7+0U5GXHzIvtnBjgPNURIhFEDqFjCUL3gdGlL4oXPtTrXI2w5IehNIj3k1S6qJD hVmYkx2zjoT9QyrKZ6J+sYDPIZToYODeqRYXLGk299mqMFWl9gkFwANv9Ele/5IYua97 oIZccx7VcnpLJ0/hWWihmCFDEGaRXG4VUc2+xiRvg4s2nVeKWKmG3rhYa3tkO8/dOF5J YYVA== X-Gm-Message-State: AEkooutwqi03qHL/B8Fr/7MLsnmfVIubr6UphMQtRU57e9Tc2xsTeZ4QQNvQs1PPVU5s7Q== X-Received: by 10.194.30.197 with SMTP id u5mr23100802wjh.177.1469564704270; Tue, 26 Jul 2016 13:25:04 -0700 (PDT) Date: Tue, 26 Jul 2016 22:43:27 +0200 From: Emese Revfy To: kernel-hardening@lists.openwall.com Cc: pageexec@freemail.hu, spender@grsecurity.net, mmarek@suse.com, keescook@chromium.org, linux-kernel@vger.kernel.org, yamada.masahiro@socionext.com, linux-kbuild@vger.kernel.org, minipli@ld-linux.so, linux@armlinux.org.uk, catalin.marinas@arm.com, linux@rasmusvillemoes.dk, david.brown@linaro.org, benh@kernel.crashing.org, tglx@linutronix.de, akpm@linux-foundation.org, jlayton@poochiereds.net, arnd@arndb.de, sam@ravnborg.org, isdn@linux-pingi.de Message-Id: <20160726224327.c9b41ba7c1c37771f49968ce@gmail.com> In-Reply-To: <20160726223541.513ce76f6de65389da6a6abe@gmail.com> References: <20160726223541.513ce76f6de65389da6a6abe@gmail.com> X-Mailer: Sylpheed 3.5.0 (GTK+ 2.24.30; x86_64-pc-linux-gnu) Mime-Version: 1.0 Subject: [kernel-hardening] [PATCH v3 7/7] Mark functions with the __unverified_nocapture attribute X-Virus-Scanned: ClamAV using ClamSMTP This attribute disables the compile data flow verification of the designated nocapture parameters of the function. Use it only on function parameters that are difficult for the plugin to analyze. Signed-off-by: Emese Revfy --- include/linux/compiler-gcc.h | 1 + include/linux/compiler.h | 4 ++++ lib/vsprintf.c | 4 ++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index 6697ea3..76797b9 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -207,6 +207,7 @@ */ #ifdef INITIFY_PLUGIN #define __nocapture(...) __attribute__((nocapture(__VA_ARGS__))) +#define __unverified_nocapture(...) __attribute__((unverified_nocapture(__VA_ARGS__))) #endif /* diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 391b48b..f0b4156 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -416,6 +416,10 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s # define __nocapture(...) #endif +#ifndef __unverified_nocapture +# define __unverified_nocapture(...) +#endif + /* * Tell gcc if a function is cold. The compiler will assume any path * directly leading to the call is unlikely. diff --git a/lib/vsprintf.c b/lib/vsprintf.c index a192761..cb964b5 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -118,7 +118,7 @@ long long simple_strtoll(const char *cp, char **endp, unsigned int base) } EXPORT_SYMBOL(simple_strtoll); -static noinline_for_stack __nocapture(1) +static noinline_for_stack __nocapture(1) __unverified_nocapture(1) int skip_atoi(const char **s) { int i = 0; @@ -1570,7 +1570,7 @@ int kptr_restrict __read_mostly; * function pointers are really function descriptors, which contain a * pointer to the real address. */ -static noinline_for_stack __nocapture(1) +static noinline_for_stack __nocapture(1) __unverified_nocapture(1) char *pointer(const char *fmt, char *buf, char *end, void *ptr, struct printf_spec spec) {