From patchwork Sat Nov 18 05:14:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10064339 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 264FA6023A for ; Sat, 18 Nov 2017 05:14:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 14E1B2A618 for ; Sat, 18 Nov 2017 05:14:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 074932A5E4; Sat, 18 Nov 2017 05:14:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 903722A5E4 for ; Sat, 18 Nov 2017 05:14:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757361AbdKRFOo (ORCPT ); Sat, 18 Nov 2017 00:14:44 -0500 Received: from mail-it0-f54.google.com ([209.85.214.54]:46931 "EHLO mail-it0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757063AbdKRFOn (ORCPT ); Sat, 18 Nov 2017 00:14:43 -0500 Received: by mail-it0-f54.google.com with SMTP id r127so6476884itb.5 for ; Fri, 17 Nov 2017 21:14:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=1qB/8WIqHGd4HiZAqsyRmXlqGMubf//Z/SvNUTPzRdU=; b=hWGlM21h8v0H9oSG/LNGJBudxBKhqJSSbcHcaIq8vfCUEhwfblUGWV/U1N62sf37xk IWtKIVNfnPTX5lqXB8BIQz6ZoivEKkdYLzMO8CKr866+yLSM5JzOeSy4+13stQZLrp6k b/9KHtiBSu2GBMApAvA2TPrzS4tIWKNe/8SS+7dThz9beuMc78zcRL9ElR2L59Ga8m/p bw4wzuYYAnAyEMl5zssIoHo0L8oDjHNBkHOfBvCujnTSj7yiMG6FFg+vputvL2C5ahfA 1s+6FnEMSE/1Hi8BG2fXPyxGi/uYjIaqrzSHKLPTSy13SJGXLdLEloBrNNXRrn/Wt1xt ADNw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=1qB/8WIqHGd4HiZAqsyRmXlqGMubf//Z/SvNUTPzRdU=; b=MiB1pSNlSrokL6DLuCCju/q2Eucczx7/+jpEuHV10qId4++4ZIcm8j9JNRPYJNIAf2 77OJdDJ6exyH9USxSF7oMNzJOA/z6b4bVw0NWNiUHXWgTSYzuZPab9uU+pNLRHn0SkaY YHU+MH3C6uV3Z967teozIQUi238SazLb4SsdM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=1qB/8WIqHGd4HiZAqsyRmXlqGMubf//Z/SvNUTPzRdU=; b=ccQbc9nJWzVGV3fWEjPhwcyaH+LPAkDaDUw81N9TeyrDkisTrmcuXY/nwJcKZP2735 eMGhFk1sKSVGkzM1MmUH3Ppsh4hZBsQdGEF0HzEloqOJDvkJvjtIxDmLtnL1fbvn59al EcGrbt6FxwaX3HXCgZSQf+fENR4lGb/0aNixI0kpoOkC5LJO+1pKdddaWiOMo7ix8FMc K1oBqPp1O4KRQM7zGZMHThz6hrB79vk7P22xhWxzBU4AGoM4UkMJOFxm5DpnmR6cA2Pv gQYGIrpajer1rB7fnWZCIbRx/NwcNgYllrdYreHGcbJWTVm7FS+RZqCwEJcHlt10xaxE ehjQ== X-Gm-Message-State: AJaThX7aE7nIdYm5TyKHR2eJGlrYLIuLYwFWcXao3stlQe0QeVx6LctC W9PLUk22BDEBWV+H/75G1IlwPaFpGL0LvbPyS7zqjw== X-Google-Smtp-Source: AGs4zMZgKGFZzJ05ymbIC8+N1T/8U2AReCC6s6FkfD8sZvGgS03SjE5gjiTlFm2TB/1th+Tv0WSPG3TYGyO8vaNX+js= X-Received: by 10.36.172.31 with SMTP id s31mr9939016ite.124.1510982082148; Fri, 17 Nov 2017 21:14:42 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.183.212 with HTTP; Fri, 17 Nov 2017 21:14:41 -0800 (PST) In-Reply-To: <242b16cd-056a-1499-2b65-69084dac1d8d@gentoo.org> References: <40ad7c6e-f0d7-959a-bf29-d3e3843f5d31@gentoo.org> <23f7da04-95f7-24e7-ee70-ce40c5b8fee3@gentoo.org> <67939ef3-29c6-762c-7afe-46cc69630d95@gentoo.org> <3d948180-6bd7-c4e9-5ac8-5baef9cc15a7@gentoo.org> <09f2480f-e8e8-645b-6d94-b6ae4ca47806@gentoo.org> <242b16cd-056a-1499-2b65-69084dac1d8d@gentoo.org> From: Kees Cook Date: Fri, 17 Nov 2017 21:14:41 -0800 X-Google-Sender-Auth: YqV5VFqpYsojJIElS3S4nxDOHdo Message-ID: Subject: Re: [nfsd4] potentially hardware breaking regression in 4.14-rc and 4.13.11 To: Patrick McLean Cc: Linus Torvalds , Emese Revfy , Al Viro , Bruce Fields , "Darrick J. Wong" , Linux Kernel Mailing List , Linux NFS Mailing List , stable , Thorsten Leemhuis , "kernel-hardening@lists.openwall.com" Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Fri, Nov 17, 2017 at 5:54 PM, Patrick McLean wrote: > On 2017-11-17 04:55 PM, Linus Torvalds wrote: >> On Fri, Nov 17, 2017 at 4:27 PM, Patrick McLean wrote: >>> >>> I am still getting the crash at d9e12200852d, I figured I would >>> double-check the "good" and "bad" kernels before starting a full bisect. >> >> .. but without GCC_PLUGIN_RANDSTRUCT it's solid? > > Yes, without GCC_PLUGIN_RANDSTRUCT it's solid. That's strange. With d9e12200852d the shuffle_seed variables won't ever actually get used. (i.e. I wouldn't expect the seed to change any behavior.) Can you confirm with something like this: for (i = 0; i < 4; i++) { seed[i] = shuffle_seed[i]; You should see no reports of "Shuffling struct ..." And if it reports nothing, and you're on d9e12200852d, can you confirm that switching to a "good" seed fixes it? (If it _does_, then I suspect a build artifact being left behind or something odd like that.) >> Kees removed even the baseline "randomize pure function pointer >> structures", so at that commit, nothing should be randomized. >> >> But maybe the plugin code itself ends up confusing gcc somehow? >> >> Even when it doesn't actually do that "relayout_struct()" on the >> structure, it always does those TYPE_ATTRIBUTES() games. FWIW, myself doing a build at d9e12200852d with and without GCC_PLUGIN_RANDSTRUCT _appears_ to produce identical objdump output where I did spot-checks. Also, do you have any other plugins enabled? (Can you send your .config?) -Kees Reported-by: Patrick McLean Reported-by: Maciej S. Szmigiero diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index cdaac8c66734..aac570a57d7d 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -267,12 +267,10 @@ static void shuffle(const_tree type, tree *newtree, unsigned long length) structname = ORIG_TYPE_NAME(type); -#ifdef __DEBUG_PLUGIN fprintf(stderr, "Shuffling struct %s %p\n", (const char *)structname, type); #ifdef __DEBUG_VERBOSE debug_tree((tree)type); #endif -#endif