From patchwork Wed Jan 23 11:03:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10777043 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6087E1390 for ; Wed, 23 Jan 2019 11:04:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 50A452AC03 for ; Wed, 23 Jan 2019 11:04:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 450882BD42; Wed, 23 Jan 2019 11:04:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DC6972AC03 for ; Wed, 23 Jan 2019 11:04:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E063F8E001B; Wed, 23 Jan 2019 06:04:16 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id D8D828E0001; Wed, 23 Jan 2019 06:04:16 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C2CC38E001A; Wed, 23 Jan 2019 06:04:16 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by kanga.kvack.org (Postfix) with ESMTP id 76F0E8E0001 for ; Wed, 23 Jan 2019 06:04:16 -0500 (EST) Received: by mail-pf1-f200.google.com with SMTP id x67so1455094pfk.16 for ; Wed, 23 Jan 2019 03:04:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:mime-version:content-transfer-encoding; bh=eOH0evUuoYnXDQzpGOjj3b0HOCtKjXfnS8BAvgmzoB0=; b=Bb/LphnPAYeGvg2uqASvXKMG+5pKfw30i/3pbreqf3Pd3jW2Z83RbRylu12OLXDj95 T+YSNnL2DbqB17pIKgwvuB6t/M9jwOvQM0LpPqfoPY8D4E1WjQ3okKd6MLbR17ztORPv Ecj1hys0E43it6tYkNgWpcnVSZ9VmP7TSxWg9KN2VvUFsnLrnyE165D+ba4NDo2crsLP H78niFFE0wa+H6kXahO7vot0fNk1UhPrq1BdtZduI7nL5Cmz8cHI0C5ka4+c/qquXdpj rtApUVuP9Rhqa2E5NLlFNmvPF57xBXYvutV/5JAib3JtpZ49I8BOj0fXNmvrW42WUm9x f1BA== X-Gm-Message-State: AJcUukfeymM1bhgGd7mGNYhRd9uAYCt2anbSL+4YgFvO+LJESMWnsnea 56c4m4wL8qucDXQ0l3IGbpH0Lwnq1Jmo0Yioh4p0vCOlmd8WQs1Y8iFpdGLiLMOxudZzX24c1/P f9Hsa51S5BkrXz/xUR54oNlpB9NzRmcmIwAJM60VhPTzKIlszMT/Rm3nn7qx2nnlAeOl5i4EY4G XZ6IjUcDS6NbTaVSGXm2fPE9pPHbM1kg/e0MjQ6oQZmMQzB4YO5wey5eJDPnlNftFRqDTg08mFm oMERP9B+4d/KXDuFOKpBxr/HIMk9EMatC7W9hz8dfrSxDFMtpjBiuvgXcf3hxVqWH6Nvm373yy/ LmXQP8dHpXWmBg+ALs/xdrQD4LL5QIBAPtUWrk0srXngCBRdPfbLOQkvwaYx7f6JHmZGjuhcz5e X X-Received: by 2002:a17:902:15a8:: with SMTP id m37mr1783368pla.129.1548241456147; Wed, 23 Jan 2019 03:04:16 -0800 (PST) X-Received: by 2002:a17:902:15a8:: with SMTP id m37mr1783331pla.129.1548241455500; Wed, 23 Jan 2019 03:04:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548241455; cv=none; d=google.com; s=arc-20160816; b=CdeBHDZfjE0KvZKQnD8mTzeqeoe3s/HXYQ6c0Qer98Wr7eIYq4gYOK96hvnBwI/uEA CufKBIPvc7weRESPMoQDIY8PZu0shuV0tERost3HprkfmovtQKmmHdSulsbtZyVt6IJS fkIJduwyotmsmWMZXqzRgdJTi0WmESWbt0aRFydAcL257ZuI2bxNb9S3PhiQSNYbNd9B SOhuqN4ius0+gkcJzZNxtpa5CUgtopnd8DfxP6Z0Y3i8fYTrXzlYUcjAuFfqE76lVzqB zVbNzIJnoDZo5ED8jE3eRjUx1yV/MosmrJaJuZg02ZEM+zYdhYXqDpfYkxdV4N5JApp9 TzHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=eOH0evUuoYnXDQzpGOjj3b0HOCtKjXfnS8BAvgmzoB0=; b=Wa1dY9HEW1klJWErP7x8qxuWRb/zbObipxIKxQ2he9uIu1RZUr+5DQrsDKhaPe6db5 4lOSRY3b+/7aooVhV/i3U2KeYcrLgA2G6gFul521qx/tfqq1RuzoabT93saw8cgm/QUx yoQ2LiUFMPlEZUQBj4g1doDJLIAgTZQrRX4DGi6Ov4ilq8HplcIXGEA9KzfyBWcFAelJ 9i1gPgIlvd2CRVI9Vuvku6/zssyljYV128kHDjZRGq6NhyL8Z2sNeK/5iy/wro7CilmR O0MTSkWxST8MAFRlhYs8YZQB0aRsX4DDI7vsu9QC+G6pxGp831/jcx2Np+mGwYmS49+s fGrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Wr6sF2dn; spf=pass (google.com: domain of keescook@chromium.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 88sor25619039plb.63.2019.01.23.03.04.15 for (Google Transport Security); Wed, 23 Jan 2019 03:04:15 -0800 (PST) Received-SPF: pass (google.com: domain of keescook@chromium.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Wr6sF2dn; spf=pass (google.com: domain of keescook@chromium.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=eOH0evUuoYnXDQzpGOjj3b0HOCtKjXfnS8BAvgmzoB0=; b=Wr6sF2dnqShAFPTeXkP0pt6mBKUJKO97OmiEruwT4K55nJajA+h03gbSSobjz2XPfv dmHCD/XalktgqQ0IiUYMC5jVtzQxKJiJoguJ4OOCavlkG9DFAMd11Miq++jy+d12pAW9 urv3sOXBGTMXSshhkP6/iBRMUbWJT7/wXVNA4= X-Google-Smtp-Source: ALg8bN4MaWR5XqsDsgdWgLwpfKZxt4LUG4ZZGKgogh3VDQfDjkiUg54eL3BLTvjTOGXKhvj7c+hNuQ== X-Received: by 2002:a17:902:714c:: with SMTP id u12mr1770044plm.234.1548241455187; Wed, 23 Jan 2019 03:04:15 -0800 (PST) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id n186sm23207263pfn.137.2019.01.23.03.04.12 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 23 Jan 2019 03:04:12 -0800 (PST) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Ard Biesheuvel , Laura Abbott , Alexander Popov , xen-devel@lists.xenproject.org, dri-devel@lists.freedesktop.org, intel-gfx@lists.freedesktop.org, intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org, linux-usb@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, dev@openvswitch.org, linux-kbuild@vger.kernel.org, linux-security-module@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 0/3] gcc-plugins: Introduce stackinit plugin Date: Wed, 23 Jan 2019 03:03:46 -0800 Message-Id: <20190123110349.35882-1-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This adds a new plugin "stackinit" that attempts to perform unconditional initialization of all stack variables[1]. It has wider effects than GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y since BYREF_ALL does not consider non-structures. A notable weakness is that padding bytes in many cases remain uninitialized since GCC treats these bytes as "undefined". I'm hoping we can improve the compiler (or the plugin) to cover that too. (It's worth noting that BYREF_ALL actually does handle the padding -- I think this is due to the different method of detecting if initialization is needed.) Included is a tree-wide change to move switch variables up and out of their switch and into the top-level variable declarations. Included is a set of test cases for evaluating stack initialization, which checks for padding, different types, etc. Feedback welcome! :) -Kees [1] https://lkml.kernel.org/r/CA+55aFykZL+cSBJjBBts7ebEFfyGPdMzTmLSxKnT_29=j942dA@mail.gmail.com Kees Cook (3): treewide: Lift switch variables out of switches gcc-plugins: Introduce stackinit plugin lib: Introduce test_stackinit module arch/x86/xen/enlighten_pv.c | 7 +- drivers/char/pcmcia/cm4000_cs.c | 2 +- drivers/char/ppdev.c | 20 +- drivers/gpu/drm/drm_edid.c | 4 +- drivers/gpu/drm/i915/intel_display.c | 2 +- drivers/gpu/drm/i915/intel_pm.c | 4 +- drivers/net/ethernet/intel/e1000/e1000_main.c | 3 +- drivers/tty/n_tty.c | 3 +- drivers/usb/gadget/udc/net2280.c | 5 +- fs/fcntl.c | 3 +- lib/Kconfig.debug | 9 + lib/Makefile | 1 + lib/test_stackinit.c | 327 ++++++++++++++++++ mm/shmem.c | 5 +- net/core/skbuff.c | 4 +- net/ipv6/ip6_gre.c | 4 +- net/ipv6/ip6_tunnel.c | 4 +- net/openvswitch/flow_netlink.c | 7 +- scripts/Makefile.gcc-plugins | 6 + scripts/gcc-plugins/Kconfig | 9 + scripts/gcc-plugins/gcc-common.h | 11 +- scripts/gcc-plugins/stackinit_plugin.c | 79 +++++ security/tomoyo/common.c | 3 +- security/tomoyo/condition.c | 7 +- security/tomoyo/util.c | 4 +- 25 files changed, 484 insertions(+), 49 deletions(-) create mode 100644 lib/test_stackinit.c create mode 100644 scripts/gcc-plugins/stackinit_plugin.c