From patchwork Fri Dec 16 22:06:24 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9478573 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C1AFA6047D for ; Fri, 16 Dec 2016 22:08:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B30DE28638 for ; Fri, 16 Dec 2016 22:08:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A79BB28358; Fri, 16 Dec 2016 22:08:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1D8F928358 for ; Fri, 16 Dec 2016 22:08:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933002AbcLPWIx (ORCPT ); Fri, 16 Dec 2016 17:08:53 -0500 Received: from mail-pf0-f178.google.com ([209.85.192.178]:36565 "EHLO mail-pf0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933027AbcLPWIk (ORCPT ); Fri, 16 Dec 2016 17:08:40 -0500 Received: by mail-pf0-f178.google.com with SMTP id 189so15932047pfz.3 for ; Fri, 16 Dec 2016 14:08:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=YqHm4XWg0U04e9iCtGlOnfWAYuJHAxiCmzNYqicLHi8=; b=hOQXLgrt4bMVgOdnBMs7/OCHUW4iPSpgp1KGNOogaN+EAfkS+usnDWjjAuV5cnbvEE YdPAn3b4Ur2c6rCNXGAY8A4gRoyH/9fdHSKl1PKnpo6d3Idnlu+NcZ8mV756vlqPqRdX dT1R/B96uzbiOcX2do8IyUa1lF7LPzR0jugMQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=YqHm4XWg0U04e9iCtGlOnfWAYuJHAxiCmzNYqicLHi8=; b=NvATsBYr0trhhyQlwVx3qoF9AJHDqjhLV3JUcfwPfqI+7mFGhGGMMTyb6ZI8jar460 vR7xdbAWm1yuk0f2OuC2ghyhrtv1dvKbAjfdkur1KNbYw5cz3hwBDQSPsSIkpFKpXVYk 8smliSR/xOQAkJj4LiewWwEqaxQ68E+Tl9fgPDg9cAv4zrv1gMZuv2buv1Q0pm4/PB3l TCBGDKu6QizetC2NoGpx2leXuYJCIbU4WzGvwBN9GHUZMXwNTlgyHv1hzELQbAXn13lH O+fkJqBenrzHgkLT4zC/3GtTmO/ZnY2JFVDK8JJWuxD4B7rOYg4GNeHdpCJzCrGiEU6w FtRA== X-Gm-Message-State: AKaTC00Jx00PwDGG7pe3hf1YIFh52OH5zoc0lpEIFWOhspNZDdOEqCT3EDrcob1Apj0RksVT X-Received: by 10.84.132.35 with SMTP id 32mr11326077ple.44.1481926119506; Fri, 16 Dec 2016 14:08:39 -0800 (PST) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id q26sm13968551pfk.94.2016.12.16.14.08.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Dec 2016 14:08:38 -0800 (PST) From: Kees Cook To: kernel-hardening@lists.openwall.com Cc: Kees Cook , Emese Revfy , linux-kernel@vger.kernel.org, Arnd Bergmann , Josh Triplett , pageexec@freemail.hu, spender@grsecurity.net, mmarek@suse.com, yamada.masahiro@socionext.com, linux-kbuild@vger.kernel.org, minipli@ld-linux.so, linux@armlinux.org.uk, catalin.marinas@arm.com, linux@rasmusvillemoes.dk, david.brown@linaro.org, benh@kernel.crashing.org, tglx@linutronix.de, akpm@linux-foundation.org, jlayton@poochiereds.net, sam@ravnborg.org Subject: [PATCH v4 4/4] initify: Mark functions with the __unverified_nocapture attribute Date: Fri, 16 Dec 2016 14:06:24 -0800 Message-Id: <1481925984-98605-5-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1481925984-98605-1-git-send-email-keescook@chromium.org> References: <1481925984-98605-1-git-send-email-keescook@chromium.org> Sender: linux-kbuild-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Emese Revfy This attribute disables the compile data flow verification of the designated nocapture parameters of the function. Use it only on function parameters that are difficult for the plugin to analyze. Signed-off-by: Emese Revfy Signed-off-by: Kees Cook --- include/linux/compiler-gcc.h | 1 + include/linux/compiler.h | 4 ++++ lib/vsprintf.c | 4 ++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index 1e11ee911c3e..4ebb3ba17631 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -207,6 +207,7 @@ */ #ifdef INITIFY_PLUGIN #define __nocapture(...) __attribute__((nocapture(__VA_ARGS__))) +#define __unverified_nocapture(...) __attribute__((unverified_nocapture(__VA_ARGS__))) #endif /* diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 8b3dcc790bb6..1bde420f07bb 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -437,6 +437,10 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s # define __nocapture(...) #endif +#ifndef __unverified_nocapture +# define __unverified_nocapture(...) +#endif + /* * Tell gcc if a function is cold. The compiler will assume any path * directly leading to the call is unlikely. diff --git a/lib/vsprintf.c b/lib/vsprintf.c index a192761d338a..cb964b51f9f8 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -118,7 +118,7 @@ long long simple_strtoll(const char *cp, char **endp, unsigned int base) } EXPORT_SYMBOL(simple_strtoll); -static noinline_for_stack __nocapture(1) +static noinline_for_stack __nocapture(1) __unverified_nocapture(1) int skip_atoi(const char **s) { int i = 0; @@ -1570,7 +1570,7 @@ int kptr_restrict __read_mostly; * function pointers are really function descriptors, which contain a * pointer to the real address. */ -static noinline_for_stack __nocapture(1) +static noinline_for_stack __nocapture(1) __unverified_nocapture(1) char *pointer(const char *fmt, char *buf, char *end, void *ptr, struct printf_spec spec) {