From patchwork Wed Jan 23 11:03:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10777053 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5A25891E for ; Wed, 23 Jan 2019 11:04:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4A323288E4 for ; Wed, 23 Jan 2019 11:04:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3DF5D2BCF6; Wed, 23 Jan 2019 11:04:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 09154288E4 for ; Wed, 23 Jan 2019 11:04:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3D0D58E001C; Wed, 23 Jan 2019 06:04:19 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 35C5F8E001A; Wed, 23 Jan 2019 06:04:19 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 112FF8E001C; Wed, 23 Jan 2019 06:04:19 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by kanga.kvack.org (Postfix) with ESMTP id 9D5578E001A for ; Wed, 23 Jan 2019 06:04:18 -0500 (EST) Received: by mail-pl1-f200.google.com with SMTP id v11so1295083ply.4 for ; Wed, 23 Jan 2019 03:04:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=JO0vE/vFJiS4gzSeqeVbyVV3LiMkmvtrdh6Lf0qdc2s=; b=akHKi+9honi+JyiEVUizmP+WC02y7QmvF8MigU4AwW+kiWoplg26q2koC2a6CkoA7l uFEO/dAS//s3AsLmFYhGcDgUQGgPktLBhoOyyxyBmJZr9TAVuVRIfwOqIH/B4iN6pXiA oP1Ql2KqHKkxtXFVZv7lf8v3nByU+s77dM+qhN7kKA2Hi6altMxhXDPc6C0MGNgu2SSj p0YJNdc+cxck5BAXMapKGSrsu4Jf7yZ3YeWeI1G0T4fKyxhVWqSednTi+WS/MpSXqHu6 jkv5ho/iiq4svBMaosXjE+e+Wru5k4wJnfoA9VzWbTjrd0khih87p75dh8u3Xpgv9wvK OI0g== X-Gm-Message-State: AJcUukffOOAaydD6hJ/go7W43LQ3m/cqZLyOmOXIzGQwtpPoxu6LmtBc 8emqD/+fqRsyYiM7YlFHoFnqvRbIn4pX+kLoUxzJaLDzNLISkBawm7HC0bIVWIliN0FzpSCDnhf 6DstzZ0dB3AKvxmKK6lJ5AZjLc+6HDeV28Mohr3y2zSJx+shzCOE8i5h4Tkb5+TZi/1heZhwtBa jkgnv9yKUpdur7IWFw2MZp3sMWUcseq4HaDlm7AylV6FTm5FfQ94aqusE71iHRuc68lHyeyBhNH OaCRaTpZbhA8OSQQFg3+XOyjnpTLoM6irAKjAajQhT8j6QxeWwwCF0S2WBgvKW9LujgJbruLH4k OlUk83ZLkv0nDNGiohrPUGD/hDxr/U8jUP3PoL0S7tuQdK2F1RjuGkV93KA50X1UIRnMdCxaQu0 3 X-Received: by 2002:a17:902:8c91:: with SMTP id t17mr1723576plo.119.1548241458270; Wed, 23 Jan 2019 03:04:18 -0800 (PST) X-Received: by 2002:a17:902:8c91:: with SMTP id t17mr1723490plo.119.1548241456928; Wed, 23 Jan 2019 03:04:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548241456; cv=none; d=google.com; s=arc-20160816; b=X4kKd8DExfZlYQ9sYwHb2Izurm2oYqcaxseUtqwY5y+iP3nY081R1e12XQk4sYIOBa gUutgg1FjG4hL3zr5wlQ2sZtbzqU28Y6Fpz3C/CHLZVAHUdH8OEHv8ruN3/zgxXZ8hJ1 +B5Q9xdenNkM95U1uksHvXw5DGCEMw0NQldkpa9kM/bYJ9s/U74m5+f9q4f0P2MgQ6Ta UhtKrKby4WJjMSFfC+bopZD4bjLf70P51YNW5ArJa+v2Vr1gYyh9kZIgtbvilzTBnzO0 BYA4HrG5o9U3OYTsbPuUPtmkNGJujAG86lwvar7KYnf6fch5wX0aEd8UCF/xG3YPknML hzHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=JO0vE/vFJiS4gzSeqeVbyVV3LiMkmvtrdh6Lf0qdc2s=; b=iGsTjJljE6Sx9ifBNmRAPtUISWqTUoSvS4Y8J7EziUuIW4ieakDSZxgJjXDh2AKNvc W/fSczAFgizG8yC+bV0+jqGzGNE4NWmXIEnYZy61xTOKZV1iLBEb6f24QSAp4xvHsobz zxQhCktsSUF+Vwh41tbRS92HhvBTDIY3FF24iQ+BPLN9r8ZCF5J/Z9QAitAslmgG7pA/ 8YajUsU9Q6XesJ2xkmAAEPkRpqVBHdTpBGG6iqHhL3uVzZtYg1tmUGxs9xAxF4dAUih9 EH1lvk1sH6v9XvIUp8cTN2eouG5kH143Jyi06j7wBRVgkMz6Xa349Y7tmdtA1lIgkgnC raeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=cShFyyzP; spf=pass (google.com: domain of keescook@chromium.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id j1sor26212094plk.57.2019.01.23.03.04.16 for (Google Transport Security); Wed, 23 Jan 2019 03:04:16 -0800 (PST) Received-SPF: pass (google.com: domain of keescook@chromium.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=cShFyyzP; spf=pass (google.com: domain of keescook@chromium.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JO0vE/vFJiS4gzSeqeVbyVV3LiMkmvtrdh6Lf0qdc2s=; b=cShFyyzPSMdUXoOJVfMLqeNzdV+YrRJK6IXF4kAh8ZTXzNNuKV/QvBxjTT5icsuwrY UI9Ov5OKi9yenNcIWuqxwc6xavsJbYXtmKINI3hGjpxMiNapqnei3zZlr1cZX+6R9/tU 8QMPkn/5RJa8oKDZcAJajxEhmkLrtvUk25PMA= X-Google-Smtp-Source: ALg8bN6/BGw8B1OP0mS7q6FPiu4ppk8p8QOO9dHknhYA8VVGQHUkP+l6TrWW+pGtZS5VbAttBUYaFw== X-Received: by 2002:a17:902:346:: with SMTP id 64mr1790469pld.337.1548241456456; Wed, 23 Jan 2019 03:04:16 -0800 (PST) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id l74sm29941153pfb.145.2019.01.23.03.04.12 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 23 Jan 2019 03:04:12 -0800 (PST) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Ard Biesheuvel , Laura Abbott , Alexander Popov , xen-devel@lists.xenproject.org, dri-devel@lists.freedesktop.org, intel-gfx@lists.freedesktop.org, intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org, linux-usb@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, dev@openvswitch.org, linux-kbuild@vger.kernel.org, linux-security-module@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 1/3] treewide: Lift switch variables out of switches Date: Wed, 23 Jan 2019 03:03:47 -0800 Message-Id: <20190123110349.35882-2-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190123110349.35882-1-keescook@chromium.org> References: <20190123110349.35882-1-keescook@chromium.org> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Variables declared in a switch statement before any case statements cannot be initialized, so move all instances out of the switches. After this, future always-initialized stack variables will work and not throw warnings like this: fs/fcntl.c: In function ‘send_sigio_to_task’: fs/fcntl.c:738:13: warning: statement will never be executed [-Wswitch-unreachable] siginfo_t si; ^~ Signed-off-by: Kees Cook Reviewed-by: Jani Nikula Acked-by: Jani Nikula Acked-by: Jeff Kirsher --- arch/x86/xen/enlighten_pv.c | 7 ++++--- drivers/char/pcmcia/cm4000_cs.c | 2 +- drivers/char/ppdev.c | 20 ++++++++----------- drivers/gpu/drm/drm_edid.c | 4 ++-- drivers/gpu/drm/i915/intel_display.c | 2 +- drivers/gpu/drm/i915/intel_pm.c | 4 ++-- drivers/net/ethernet/intel/e1000/e1000_main.c | 3 ++- drivers/tty/n_tty.c | 3 +-- drivers/usb/gadget/udc/net2280.c | 5 ++--- fs/fcntl.c | 3 ++- mm/shmem.c | 5 +++-- net/core/skbuff.c | 4 ++-- net/ipv6/ip6_gre.c | 4 ++-- net/ipv6/ip6_tunnel.c | 4 ++-- net/openvswitch/flow_netlink.c | 7 +++---- security/tomoyo/common.c | 3 ++- security/tomoyo/condition.c | 7 ++++--- security/tomoyo/util.c | 4 ++-- 18 files changed, 45 insertions(+), 46 deletions(-) diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c index c54a493e139a..a79d4b548a08 100644 --- a/arch/x86/xen/enlighten_pv.c +++ b/arch/x86/xen/enlighten_pv.c @@ -907,14 +907,15 @@ static u64 xen_read_msr_safe(unsigned int msr, int *err) static int xen_write_msr_safe(unsigned int msr, unsigned low, unsigned high) { int ret; +#ifdef CONFIG_X86_64 + unsigned which; + u64 base; +#endif ret = 0; switch (msr) { #ifdef CONFIG_X86_64 - unsigned which; - u64 base; - case MSR_FS_BASE: which = SEGBASE_FS; goto set; case MSR_KERNEL_GS_BASE: which = SEGBASE_GS_USER; goto set; case MSR_GS_BASE: which = SEGBASE_GS_KERNEL; goto set; diff --git a/drivers/char/pcmcia/cm4000_cs.c b/drivers/char/pcmcia/cm4000_cs.c index 7a4eb86aedac..7211dc0e6f4f 100644 --- a/drivers/char/pcmcia/cm4000_cs.c +++ b/drivers/char/pcmcia/cm4000_cs.c @@ -663,6 +663,7 @@ static void monitor_card(struct timer_list *t) { struct cm4000_dev *dev = from_timer(dev, t, timer); unsigned int iobase = dev->p_dev->resource[0]->start; + unsigned char flags0; unsigned short s; struct ptsreq ptsreq; int i, atrc; @@ -731,7 +732,6 @@ static void monitor_card(struct timer_list *t) } switch (dev->mstate) { - unsigned char flags0; case M_CARDOFF: DEBUGP(4, dev, "M_CARDOFF\n"); flags0 = inb(REG_FLAGS0(iobase)); diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c index 1ae77b41050a..d77c97e4f996 100644 --- a/drivers/char/ppdev.c +++ b/drivers/char/ppdev.c @@ -359,14 +359,19 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg) struct pp_struct *pp = file->private_data; struct parport *port; void __user *argp = (void __user *)arg; + struct ieee1284_info *info; + unsigned char reg; + unsigned char mask; + int mode; + s32 time32[2]; + s64 time64[2]; + struct timespec64 ts; + int ret; /* First handle the cases that don't take arguments. */ switch (cmd) { case PPCLAIM: { - struct ieee1284_info *info; - int ret; - if (pp->flags & PP_CLAIMED) { dev_dbg(&pp->pdev->dev, "you've already got it!\n"); return -EINVAL; @@ -517,15 +522,6 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg) port = pp->pdev->port; switch (cmd) { - struct ieee1284_info *info; - unsigned char reg; - unsigned char mask; - int mode; - s32 time32[2]; - s64 time64[2]; - struct timespec64 ts; - int ret; - case PPRSTATUS: reg = parport_read_status(port); if (copy_to_user(argp, ®, sizeof(reg))) diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c index b506e3622b08..8f93956c1628 100644 --- a/drivers/gpu/drm/drm_edid.c +++ b/drivers/gpu/drm/drm_edid.c @@ -3942,12 +3942,12 @@ static void drm_edid_to_eld(struct drm_connector *connector, struct edid *edid) } for_each_cea_db(cea, i, start, end) { + int sad_count; + db = &cea[i]; dbl = cea_db_payload_len(db); switch (cea_db_tag(db)) { - int sad_count; - case AUDIO_BLOCK: /* Audio Data Block, contains SADs */ sad_count = min(dbl / 3, 15 - total_sad_count); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index 3da9c0f9e948..aa1c2ebea456 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -11341,6 +11341,7 @@ static bool check_digital_port_conflicts(struct drm_atomic_state *state) drm_for_each_connector_iter(connector, &conn_iter) { struct drm_connector_state *connector_state; struct intel_encoder *encoder; + unsigned int port_mask; connector_state = drm_atomic_get_new_connector_state(state, connector); if (!connector_state) @@ -11354,7 +11355,6 @@ static bool check_digital_port_conflicts(struct drm_atomic_state *state) WARN_ON(!connector_state->crtc); switch (encoder->type) { - unsigned int port_mask; case INTEL_OUTPUT_DDI: if (WARN_ON(!HAS_DDI(to_i915(dev)))) break; diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c index a26b4eddda25..c135fdec96b3 100644 --- a/drivers/gpu/drm/i915/intel_pm.c +++ b/drivers/gpu/drm/i915/intel_pm.c @@ -478,9 +478,9 @@ static void vlv_get_fifo_size(struct intel_crtc_state *crtc_state) struct vlv_fifo_state *fifo_state = &crtc_state->wm.vlv.fifo_state; enum pipe pipe = crtc->pipe; int sprite0_start, sprite1_start; + uint32_t dsparb, dsparb2, dsparb3; switch (pipe) { - uint32_t dsparb, dsparb2, dsparb3; case PIPE_A: dsparb = I915_READ(DSPARB); dsparb2 = I915_READ(DSPARB2); @@ -1944,6 +1944,7 @@ static void vlv_atomic_update_fifo(struct intel_atomic_state *state, const struct vlv_fifo_state *fifo_state = &crtc_state->wm.vlv.fifo_state; int sprite0_start, sprite1_start, fifo_size; + uint32_t dsparb, dsparb2, dsparb3; if (!crtc_state->fifo_changed) return; @@ -1969,7 +1970,6 @@ static void vlv_atomic_update_fifo(struct intel_atomic_state *state, spin_lock(&dev_priv->uncore.lock); switch (crtc->pipe) { - uint32_t dsparb, dsparb2, dsparb3; case PIPE_A: dsparb = I915_READ_FW(DSPARB); dsparb2 = I915_READ_FW(DSPARB2); diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c index 8fe9af0e2ab7..041062736845 100644 --- a/drivers/net/ethernet/intel/e1000/e1000_main.c +++ b/drivers/net/ethernet/intel/e1000/e1000_main.c @@ -3140,8 +3140,9 @@ static netdev_tx_t e1000_xmit_frame(struct sk_buff *skb, hdr_len = skb_transport_offset(skb) + tcp_hdrlen(skb); if (skb->data_len && hdr_len == len) { + unsigned int pull_size; + switch (hw->mac_type) { - unsigned int pull_size; case e1000_82544: /* Make sure we have room to chop off 4 bytes, * and that the end alignment will work out to diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c index 5dc9686697cf..eafb39157281 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -634,6 +634,7 @@ static size_t __process_echoes(struct tty_struct *tty) while (MASK(ldata->echo_commit) != MASK(tail)) { c = echo_buf(ldata, tail); if (c == ECHO_OP_START) { + unsigned int num_chars, num_bs; unsigned char op; int no_space_left = 0; @@ -652,8 +653,6 @@ static size_t __process_echoes(struct tty_struct *tty) op = echo_buf(ldata, tail + 1); switch (op) { - unsigned int num_chars, num_bs; - case ECHO_OP_ERASE_TAB: if (MASK(ldata->echo_commit) == MASK(tail + 2)) goto not_yet_stored; diff --git a/drivers/usb/gadget/udc/net2280.c b/drivers/usb/gadget/udc/net2280.c index e7dae5379e04..2b275a574e94 100644 --- a/drivers/usb/gadget/udc/net2280.c +++ b/drivers/usb/gadget/udc/net2280.c @@ -2854,16 +2854,15 @@ static void ep_clear_seqnum(struct net2280_ep *ep) static void handle_stat0_irqs_superspeed(struct net2280 *dev, struct net2280_ep *ep, struct usb_ctrlrequest r) { + struct net2280_ep *e; int tmp = 0; + u16 status; #define w_value le16_to_cpu(r.wValue) #define w_index le16_to_cpu(r.wIndex) #define w_length le16_to_cpu(r.wLength) switch (r.bRequest) { - struct net2280_ep *e; - u16 status; - case USB_REQ_SET_CONFIGURATION: dev->addressed_state = !w_value; goto usb3_delegate; diff --git a/fs/fcntl.c b/fs/fcntl.c index 083185174c6d..0640b64ecdc2 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -725,6 +725,8 @@ static void send_sigio_to_task(struct task_struct *p, struct fown_struct *fown, int fd, int reason, enum pid_type type) { + kernel_siginfo_t si; + /* * F_SETSIG can change ->signum lockless in parallel, make * sure we read it once and use the same value throughout. @@ -735,7 +737,6 @@ static void send_sigio_to_task(struct task_struct *p, return; switch (signum) { - kernel_siginfo_t si; default: /* Queue a rt signal with the appropriate fd as its value. We use SI_SIGIO as the source, not diff --git a/mm/shmem.c b/mm/shmem.c index 6ece1e2fe76e..0b02624dd8b2 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -1721,6 +1721,9 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index, swap_free(swap); } else { + loff_t i_size; + pgoff_t off; + if (vma && userfaultfd_missing(vma)) { *fault_type = handle_userfault(vmf, VM_UFFD_MISSING); return 0; @@ -1734,8 +1737,6 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index, if (shmem_huge == SHMEM_HUGE_FORCE) goto alloc_huge; switch (sbinfo->huge) { - loff_t i_size; - pgoff_t off; case SHMEM_HUGE_NEVER: goto alloc_nohuge; case SHMEM_HUGE_WITHIN_SIZE: diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 26d848484912..7597b3fc9d21 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -4506,9 +4506,9 @@ static __sum16 *skb_checksum_setup_ip(struct sk_buff *skb, typeof(IPPROTO_IP) proto, unsigned int off) { - switch (proto) { - int err; + int err; + switch (proto) { case IPPROTO_TCP: err = skb_maybe_pull_tail(skb, off + sizeof(struct tcphdr), off + MAX_TCP_HDR_LEN); diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c index b1be67ca6768..9aee1add46c0 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -427,9 +427,11 @@ static int ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt, u8 type, u8 code, int offset, __be32 info) { struct net *net = dev_net(skb->dev); + struct ipv6_tlv_tnl_enc_lim *tel; const struct ipv6hdr *ipv6h; struct tnl_ptk_info tpi; struct ip6_tnl *t; + __u32 teli; if (gre_parse_header(skb, &tpi, NULL, htons(ETH_P_IPV6), offset) < 0) @@ -442,8 +444,6 @@ static int ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt, return -ENOENT; switch (type) { - struct ipv6_tlv_tnl_enc_lim *tel; - __u32 teli; case ICMPV6_DEST_UNREACH: net_dbg_ratelimited("%s: Path to destination invalid or inactive!\n", t->parms.name); diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 0c6403cf8b52..94ccc7a9037b 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -478,10 +478,12 @@ ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt, struct net *net = dev_net(skb->dev); u8 rel_type = ICMPV6_DEST_UNREACH; u8 rel_code = ICMPV6_ADDR_UNREACH; + struct ipv6_tlv_tnl_enc_lim *tel; __u32 rel_info = 0; struct ip6_tnl *t; int err = -ENOENT; int rel_msg = 0; + __u32 mtu, teli; u8 tproto; __u16 len; @@ -501,8 +503,6 @@ ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt, err = 0; switch (*type) { - struct ipv6_tlv_tnl_enc_lim *tel; - __u32 mtu, teli; case ICMPV6_DEST_UNREACH: net_dbg_ratelimited("%s: Path to destination invalid or inactive!\n", t->parms.name); diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c index 691da853bef5..dee2f9516ae8 100644 --- a/net/openvswitch/flow_netlink.c +++ b/net/openvswitch/flow_netlink.c @@ -2652,8 +2652,11 @@ static int validate_set(const struct nlattr *a, u8 mac_proto, __be16 eth_type, bool masked, bool log) { const struct nlattr *ovs_key = nla_data(a); + const struct ovs_key_ipv4 *ipv4_key; + const struct ovs_key_ipv6 *ipv6_key; int key_type = nla_type(ovs_key); size_t key_len; + int err; /* There can be only one key in a action */ if (nla_total_size(nla_len(ovs_key)) != nla_len(a)) @@ -2671,10 +2674,6 @@ static int validate_set(const struct nlattr *a, return -EINVAL; switch (key_type) { - const struct ovs_key_ipv4 *ipv4_key; - const struct ovs_key_ipv6 *ipv6_key; - int err; - case OVS_KEY_ATTR_PRIORITY: case OVS_KEY_ATTR_SKB_MARK: case OVS_KEY_ATTR_CT_MARK: diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index c598aa00d5e3..bedbd0518153 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -1583,8 +1583,9 @@ static void tomoyo_read_domain(struct tomoyo_io_buffer *head) list_for_each_cookie(head->r.domain, &tomoyo_domain_list) { struct tomoyo_domain_info *domain = list_entry(head->r.domain, typeof(*domain), list); + u8 i; + switch (head->r.step) { - u8 i; case 0: if (domain->is_deleted && !head->r.print_this_domain_only) diff --git a/security/tomoyo/condition.c b/security/tomoyo/condition.c index 8d0e1b9c9c57..c10d903febe5 100644 --- a/security/tomoyo/condition.c +++ b/security/tomoyo/condition.c @@ -787,10 +787,11 @@ bool tomoyo_condition(struct tomoyo_request_info *r, /* Check string expressions. */ if (right == TOMOYO_NAME_UNION) { const struct tomoyo_name_union *ptr = names_p++; + struct tomoyo_path_info *symlink; + struct tomoyo_execve *ee; + struct file *file; + switch (left) { - struct tomoyo_path_info *symlink; - struct tomoyo_execve *ee; - struct file *file; case TOMOYO_SYMLINK_TARGET: symlink = obj ? obj->symlink_target : NULL; if (!symlink || diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index badffc8271c8..8e2bb36df37b 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -668,6 +668,8 @@ static bool tomoyo_file_matches_pattern2(const char *filename, { while (filename < filename_end && pattern < pattern_end) { char c; + int i, j; + if (*pattern != '\\') { if (*filename++ != *pattern++) return false; @@ -676,8 +678,6 @@ static bool tomoyo_file_matches_pattern2(const char *filename, c = *filename; pattern++; switch (*pattern) { - int i; - int j; case '?': if (c == '/') { return false; From patchwork Wed Jan 23 11:03:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10777037 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6931191E for ; Wed, 23 Jan 2019 11:04:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5863328948 for ; Wed, 23 Jan 2019 11:04:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4CAD82BD2E; Wed, 23 Jan 2019 11:04:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 82F5D2897F for ; Wed, 23 Jan 2019 11:04:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 863008E0019; Wed, 23 Jan 2019 06:04:16 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 81E428E001A; Wed, 23 Jan 2019 06:04:16 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6AFFF8E0019; Wed, 23 Jan 2019 06:04:16 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by kanga.kvack.org (Postfix) with ESMTP id 1F88D8E0001 for ; Wed, 23 Jan 2019 06:04:16 -0500 (EST) Received: by mail-pf1-f198.google.com with SMTP id q64so1445475pfa.18 for ; Wed, 23 Jan 2019 03:04:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references; bh=2oTiebAzQ5b6qVKjCZS4pAFofSOciry9mA2bg9E9rXs=; b=qyVTM39HVi87EiIfpU644wdUiCbqMWUCqcQLT9xPVTVH2nsjwmI0FP16VElvfNCdZv PeLG/ZtKSX+YCShigI1BKX0Wz33K2eOqiYVhIJ4gySO0Pp8qRmEQs9XP1S0iW5i2gCoz 0l4V2EssefZqF0y1T5yxJcDln+avIfvNMuTWH+jCKVN38SnpEY1mS/NnMfXynk3jeOnd Hd4n049Iojt5QlZ6Y1Qbh7tmEG3Ul5GxpDirTKpXwWowH1wbcdj68lgoi5F7YSKgSHtL 95ZLhi1vSpeHWRVoKgyc9Fcxa6/ovHws11jTN+dPo8f4Vz/CVj9zgYnrYcINKxxD4bFO JymQ== X-Gm-Message-State: AJcUukcXLOTj26d/CCqV12XjJuzvLD1pbMh9LmPkNHnsoTdYqOw5/F0l A3yclrZ76gQuTSCkT1+1AXISbop7lLNdQF0odgYOdf9mv0IHc4fBUO/MrdAbI+VzdIrHMWdodZx /YG3iv45zWOWyc6vDYk3KykERDhgdD8FvrNYRbr4j8zebGHkdIg+MI/jQI/hFmIQVxYX5i8HstN /xIK8UNuiNqylH5yKU3UTgrCePSrxBItwBh6ls+uLttuUqKxNUrMU4o28sVfEl7kzqXO+jhGOfS F9Sst213X0wZBfghL0bDImxUGYxWAkUQAA/i5VGUXD++qJWB34ntMX+rCRBLrZV5wvuhArwSfPN VmfScy0DBQsWKr/YpKQ5Qj8rpCFcogDhyT0nIKY+UFuFalqqgtUjn5oXhgOwebH1jjkm/poZmK8 v X-Received: by 2002:a63:f109:: with SMTP id f9mr1564158pgi.286.1548241455591; Wed, 23 Jan 2019 03:04:15 -0800 (PST) X-Received: by 2002:a63:f109:: with SMTP id f9mr1564091pgi.286.1548241454475; Wed, 23 Jan 2019 03:04:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548241454; cv=none; d=google.com; s=arc-20160816; b=qxhPNSdlR2l6MmaOHUN2Am4bV2jmqleWMzPXdMQ6ALYyQw2DDjrpKkJcPbN5u2xoWS 2RmthY4D+DrNbNFR4G/E6ZR0tgf3BCezWqh9YupndhvvqbYUKoJ+8tURfgvMLiCJ23Yl dmpuAHN9VoPAIywvotKmp6x6kkm6kHe9lEaqNBLt5k5+XRS+DlSqPpclnSnwjd472jro Ojl/y4nRJ0tzFR0z9Bmz/CSQRciegAXyi0kHhZLyLkVzatMB1pkCRUxPRmLFzazlwhjJ X/pkt0P+U5hWIA61kINFl1hZOYufetPmytawHjJyiiDJ5Y4s5ycf2Pad7sfJ+iU5l57c CILw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=2oTiebAzQ5b6qVKjCZS4pAFofSOciry9mA2bg9E9rXs=; b=lpICB4Q1weq0/rLYoOtnPFq/Y4ddBtQr3EduPpdqvLFnmBZjR3m2c/Yf4Db7N5rwvj 4fnYMXrMDvmeouxZTx5DD0KDfdb6sFhK6Qk4K1KFzs4RF5mpV2Ndlhn/pBHkjrFStWbT rUZ9gHzvamMRpDp2PDqtso+fegUPcH6iwDFRvGhFeXU/Pg7mYuhlElDFeggfLFCNBT3O ZF3SUA+vO37O25vTpyC/d1M4fi5Pd7zzeTZmMvDfWIIDGVmk6BigBaq3tcFJdsQR2KWz jaqzvfVoFjMnTfeBCIY57wmT1ANh/YV1jgumvN+qHBcc9Y9BODVdDvqp/15o0VrghqLc xQHA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=cnJST061; spf=pass (google.com: domain of keescook@chromium.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id u69sor26629326pfa.13.2019.01.23.03.04.14 for (Google Transport Security); Wed, 23 Jan 2019 03:04:14 -0800 (PST) Received-SPF: pass (google.com: domain of keescook@chromium.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=cnJST061; spf=pass (google.com: domain of keescook@chromium.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2oTiebAzQ5b6qVKjCZS4pAFofSOciry9mA2bg9E9rXs=; b=cnJST061ci5OXEjV2JX9Ft1UTAM+A2tN08MzJmbqli+RSpPNcMaRCmDXjsaSCE44IZ IKTe9gOS+UUMxQXAQg6oZD2ZuQoudeqxj0hfHiOyNlcz0Ju1KDgiD0yD06yvalFBL61k fAwJbo8Ok5tqOSlkxx9W0rjUrq3pcA8Q9v5jA= X-Google-Smtp-Source: ALg8bN7KzuIz1gic94LNejFFA7v4wK4lCeYq6wzgHu7pVkAgD50U+IS6a7uMtYrk4PkQfwJqul8B0Q== X-Received: by 2002:a62:e0d8:: with SMTP id d85mr1609113pfm.214.1548241453780; Wed, 23 Jan 2019 03:04:13 -0800 (PST) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id p64sm3050357pfi.56.2019.01.23.03.04.12 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 23 Jan 2019 03:04:12 -0800 (PST) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Ard Biesheuvel , Laura Abbott , Alexander Popov , xen-devel@lists.xenproject.org, dri-devel@lists.freedesktop.org, intel-gfx@lists.freedesktop.org, intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org, linux-usb@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, dev@openvswitch.org, linux-kbuild@vger.kernel.org, linux-security-module@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 2/3] gcc-plugins: Introduce stackinit plugin Date: Wed, 23 Jan 2019 03:03:48 -0800 Message-Id: <20190123110349.35882-3-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190123110349.35882-1-keescook@chromium.org> References: <20190123110349.35882-1-keescook@chromium.org> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This attempts to duplicate the proposed gcc option -finit-local-vars[1] in an effort to implement the "always initialize local variables" kernel development goal[2]. Enabling CONFIG_GCC_PLUGIN_STACKINIT should stop all "uninitialized stack variable" flaws as long as they don't depend on being zero. :) [1] https://gcc.gnu.org/ml/gcc-patches/2014-06/msg00615.html [2] https://lkml.kernel.org/r/CA+55aFykZL+cSBJjBBts7ebEFfyGPdMzTmLSxKnT_29=j942dA@mail.gmail.com Signed-off-by: Kees Cook --- scripts/Makefile.gcc-plugins | 6 ++ scripts/gcc-plugins/Kconfig | 9 +++ scripts/gcc-plugins/gcc-common.h | 11 +++- scripts/gcc-plugins/stackinit_plugin.c | 79 ++++++++++++++++++++++++++ 4 files changed, 102 insertions(+), 3 deletions(-) create mode 100644 scripts/gcc-plugins/stackinit_plugin.c diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins index 35042d96cf5d..2483121d781c 100644 --- a/scripts/Makefile.gcc-plugins +++ b/scripts/Makefile.gcc-plugins @@ -12,6 +12,12 @@ export DISABLE_LATENT_ENTROPY_PLUGIN gcc-plugin-$(CONFIG_GCC_PLUGIN_SANCOV) += sancov_plugin.so +gcc-plugin-$(CONFIG_GCC_PLUGIN_STACKINIT) += stackinit_plugin.so +ifdef CONFIG_GCC_PLUGIN_STACKINIT + DISABLE_STACKINIT_PLUGIN += -fplugin-arg-stackinit_plugin-disable +endif +export DISABLE_STACKINIT_PLUGIN + gcc-plugin-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += structleak_plugin.so gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE) \ += -fplugin-arg-structleak_plugin-verbose diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig index d45f7f36b859..b117fe83f1d3 100644 --- a/scripts/gcc-plugins/Kconfig +++ b/scripts/gcc-plugins/Kconfig @@ -66,6 +66,15 @@ config GCC_PLUGIN_LATENT_ENTROPY * https://grsecurity.net/ * https://pax.grsecurity.net/ +config GCC_PLUGIN_STACKINIT + bool "Initialize all stack variables to zero by default" + depends on GCC_PLUGINS + depends on !GCC_PLUGIN_STRUCTLEAK + help + This plugin zero-initializes all stack variables. This is more + comprehensive than GCC_PLUGIN_STRUCTLEAK, and attempts to + duplicate the proposed -finit-local-vars gcc build flag. + config GCC_PLUGIN_STRUCTLEAK bool "Force initialization of variables containing userspace addresses" # Currently STRUCTLEAK inserts initialization out of live scope of diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h index 552d5efd7cb7..f690b4deeabd 100644 --- a/scripts/gcc-plugins/gcc-common.h +++ b/scripts/gcc-plugins/gcc-common.h @@ -76,6 +76,14 @@ #include "c-common.h" #endif +#if BUILDING_GCC_VERSION > 4005 +#include "c-tree.h" +#else +/* should come from c-tree.h if only it were installed for gcc 4.5... */ +#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) +extern bool global_bindings_p (void); +#endif + #if BUILDING_GCC_VERSION <= 4008 #include "tree-flow.h" #else @@ -158,9 +166,6 @@ void dump_gimple_stmt(pretty_printer *, gimple, int, int); #define TYPE_NAME_POINTER(node) IDENTIFIER_POINTER(TYPE_NAME(node)) #define TYPE_NAME_LENGTH(node) IDENTIFIER_LENGTH(TYPE_NAME(node)) -/* should come from c-tree.h if only it were installed for gcc 4.5... */ -#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) - static inline tree build_const_char_string(int len, const char *str) { tree cstr, elem, index, type; diff --git a/scripts/gcc-plugins/stackinit_plugin.c b/scripts/gcc-plugins/stackinit_plugin.c new file mode 100644 index 000000000000..41055cd7098e --- /dev/null +++ b/scripts/gcc-plugins/stackinit_plugin.c @@ -0,0 +1,79 @@ +/* SPDX-License: GPLv2 */ +/* + * This will zero-initialize local stack variables. (Though structure + * padding may remain uninitialized in certain cases.) + * + * Implements Florian Weimer's "-finit-local-vars" gcc patch as a plugin: + * https://gcc.gnu.org/ml/gcc-patches/2014-06/msg00615.html + * + * Plugin skeleton code thanks to PaX Team. + * + * Options: + * -fplugin-arg-stackinit_plugin-disable + */ + +#include "gcc-common.h" + +__visible int plugin_is_GPL_compatible; + +static struct plugin_info stackinit_plugin_info = { + .version = "20190122", + .help = "disable\tdo not activate plugin\n", +}; + +static void finish_decl(void *event_data, void *data) +{ + tree decl = (tree)event_data; + tree type; + + if (TREE_CODE (decl) != VAR_DECL) + return; + + if (DECL_EXTERNAL (decl)) + return; + + if (DECL_INITIAL (decl) != NULL_TREE) + return; + + if (global_bindings_p ()) + return; + + type = TREE_TYPE (decl); + if (AGGREGATE_TYPE_P (type)) + DECL_INITIAL (decl) = build_constructor (type, NULL); + else + DECL_INITIAL (decl) = fold_convert (type, integer_zero_node); +} + +__visible int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) +{ + int i; + const char * const plugin_name = plugin_info->base_name; + const int argc = plugin_info->argc; + const struct plugin_argument * const argv = plugin_info->argv; + bool enable = true; + + if (!plugin_default_version_check(version, &gcc_version)) { + error(G_("incompatible gcc/plugin versions")); + return 1; + } + + if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { + inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); + enable = false; + } + + for (i = 0; i < argc; ++i) { + if (!strcmp(argv[i].key, "disable")) { + enable = false; + continue; + } + error(G_("unknown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } + + register_callback(plugin_name, PLUGIN_INFO, NULL, &stackinit_plugin_info); + if (enable) + register_callback(plugin_name, PLUGIN_FINISH_DECL, finish_decl, NULL); + + return 0; +} From patchwork Wed Jan 23 11:03:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10777051 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 302DE91E for ; Wed, 23 Jan 2019 11:04:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1E10B2BD2E for ; Wed, 23 Jan 2019 11:04:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 11C282BD39; Wed, 23 Jan 2019 11:04:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CE9C82BD49 for ; Wed, 23 Jan 2019 11:04:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 704B88E0001; Wed, 23 Jan 2019 06:04:17 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 6893E8E001A; Wed, 23 Jan 2019 06:04:17 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 50D718E0001; Wed, 23 Jan 2019 06:04:17 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by kanga.kvack.org (Postfix) with ESMTP id DB6908E001A for ; Wed, 23 Jan 2019 06:04:16 -0500 (EST) Received: by mail-pf1-f199.google.com with SMTP id f69so1483892pff.5 for ; Wed, 23 Jan 2019 03:04:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references; bh=WWbvkyDFrEwD8Gl8RHFeeU54ZHjYlP1PsRcb35sltHw=; b=aiLpW7ljQ2WjQbqdgoEJZOPcpsLaVOBwU/Zg/5lKi3cv5awwgOEdXoPgvyO8JG1Mpj CaIDFidWjdl7k2PMSN0WDerX/FurtV//mzGHZkYL5Agw54ABhXOs8Jq9NkVu0fYp4Bmw quhMmPgpe3Tb5SrKUsJrzEflLRe3HgheN4YUrYQOuhJf9nVWXuUIxc78nVZ08n1G3QHU ztAiNAY9wiAeiyuN4GzmX/pfY3CA3IEH96K/Yzf5gLAlJyWG884o/gbiLXSJ3K4oHeKS li7SnETVMXYDTf5Jem7B11YyP46TSbq2g+qzFHaUIiu+eYmYkTdqXsnKiLtUoPIgj3Yn Qd+Q== X-Gm-Message-State: AJcUukdWSWgEi9yOR35LSyDQT2rDXE+i2KOFtA/XAxef5Zjw3b9ZO3ev dSUAlNF8WT3JM93Sjrx6k65O2JrrRVcN5BX71YLcx4wORhhbpNc159a2tWBrloy715g+THtec+I 1Ny9zMC7kLBpRLycwz0H2zsf6Qy4AhrgtB3vevjxyYnYI9JPx7uk/fvt9nTL239knHXVVEVx4lX VGoZl9fPXJ8fddjsHqrrU0zDpOFuXigN+RKJ/91U6wmDvOZQGwcGPKrYcQmvC0r7x9w6OxZgTAv tjh7T44fekh+9ijdOkN44uq+mfD4PxH7GNhoQjQbyWHrqzHhLis21XxTmhkLkv8UfFrLNKlxDhT LgNmBSIc8D4Ivxkj7aWnZmv95NVTJny2o1z4lzG6ibsUa7L4q7o70H8braR1E7Eaui/wKsj+Qi0 7 X-Received: by 2002:a63:1c09:: with SMTP id c9mr1556460pgc.200.1548241456439; Wed, 23 Jan 2019 03:04:16 -0800 (PST) X-Received: by 2002:a63:1c09:: with SMTP id c9mr1556380pgc.200.1548241455048; Wed, 23 Jan 2019 03:04:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548241455; cv=none; d=google.com; s=arc-20160816; b=QrjxoEjs+xwAF5L70/mjNgZ7BisGfKO02pgmxLoHrxR01SdhPT/2qg/IQKQ7PYV7mP 8215nD7kE3jx+e45G+5lxNUbQMaWo52lvpCkcTcdHiRsXE9GYWSqE04QeQjnQyAn6RTI TfIhsm42cu5MPYny01xPzhfPq/7UL+YWtZ2w2O/QHlFCJ8NIU43i2a+wqD4rpcz1tWOq 9oFlnfkLuRfbiol2cv7/jmoBystgwFFnSp9EUNywdJshHbBsIxj4pNbGNhnhvQV95Eyi jP8hblXEpB0xg84pd/VaOZfBGlVsO41e+M9hD29Lz/rVBDBiVRuBtHj5VXdUXboMT2kX gq9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WWbvkyDFrEwD8Gl8RHFeeU54ZHjYlP1PsRcb35sltHw=; b=x/2ubv5RRJ3j3lPQYPMg2o2wNjyc9aG7dIXqxMeDM9HFS0822UJmSXoeO2eSQ4Xax5 EZP15o0BrpLXi7nwNVrZRsSOeMUXlJ1wyIq/7/LhUUgMPmwhmWJ6Pavr5yXzhMlyhBTW IZHkgKZk5w24/g10NIMQRJIG/+JOy6+sW7o86VWfLlqb0XLX1RNgVLy+TFi9ee8kK4GA 6qex9CcxdE9fMnzf7jjRHrO9dqPa59gA6Uzxz4CEr3OqLbgty+kOUcjh7olCUOyVK8OL 2r4awCG2VrxLj3gpNN5RIT4NybcIfiyiPdFm0kU8t3bii0OfJzUcIhf+ZrAzHtUKT/dr iL+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DkyomhsD; spf=pass (google.com: domain of keescook@chromium.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id j6sor27582318pgq.46.2019.01.23.03.04.14 for (Google Transport Security); Wed, 23 Jan 2019 03:04:15 -0800 (PST) Received-SPF: pass (google.com: domain of keescook@chromium.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DkyomhsD; spf=pass (google.com: domain of keescook@chromium.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=WWbvkyDFrEwD8Gl8RHFeeU54ZHjYlP1PsRcb35sltHw=; b=DkyomhsDwUdIfnaDB/NeiZUczL0kVk8bi1CWvJwOo+O8Y3gwR8sdwlvtjgUZMWvt7A Q4e8Rnt7B3G04qrG0W5Z37/0zhU/H5BC3W/9B9kMPvBf0G47QvaIoCZgUn3sUBs6FFYX lBdX04C6nh3Qfmf12yYQiGNupJGr/usqexPmw= X-Google-Smtp-Source: ALg8bN6pJQ3eCmEXxAgRqj/tyajOwVnmQ4WNYNAOVXjqhOShRLFHBh9ESM5QcYvZHttlSHXjQfRQag== X-Received: by 2002:a65:50c1:: with SMTP id s1mr1531952pgp.350.1548241454431; Wed, 23 Jan 2019 03:04:14 -0800 (PST) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id a4sm20257473pgv.70.2019.01.23.03.04.12 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 23 Jan 2019 03:04:12 -0800 (PST) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Ard Biesheuvel , Laura Abbott , Alexander Popov , xen-devel@lists.xenproject.org, dri-devel@lists.freedesktop.org, intel-gfx@lists.freedesktop.org, intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org, linux-usb@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, dev@openvswitch.org, linux-kbuild@vger.kernel.org, linux-security-module@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 3/3] lib: Introduce test_stackinit module Date: Wed, 23 Jan 2019 03:03:49 -0800 Message-Id: <20190123110349.35882-4-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190123110349.35882-1-keescook@chromium.org> References: <20190123110349.35882-1-keescook@chromium.org> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Adds test for stack initialization coverage. We have several build options that control the level of stack variable initialization. This test lets us visualize which options cover which cases, and provide tests for options that are currently not available (padding initialization). All options pass the explicit initialization cases and the partial initializers (even with padding): test_stackinit: u8_zero ok test_stackinit: u16_zero ok test_stackinit: u32_zero ok test_stackinit: u64_zero ok test_stackinit: char_array_zero ok test_stackinit: small_hole_zero ok test_stackinit: big_hole_zero ok test_stackinit: packed_zero ok test_stackinit: small_hole_dynamic_partial ok test_stackinit: big_hole_dynamic_partial ok test_stackinit: packed_static_partial ok test_stackinit: small_hole_static_partial ok test_stackinit: big_hole_static_partial ok The results of the other tests (which contain no explicit initialization), change based on the build's configured compiler instrumentation. No options: test_stackinit: small_hole_static_all FAIL (uninit bytes: 3) test_stackinit: big_hole_static_all FAIL (uninit bytes: 61) test_stackinit: small_hole_dynamic_all FAIL (uninit bytes: 3) test_stackinit: big_hole_dynamic_all FAIL (uninit bytes: 61) test_stackinit: small_hole_runtime_partial FAIL (uninit bytes: 23) test_stackinit: big_hole_runtime_partial FAIL (uninit bytes: 127) test_stackinit: small_hole_runtime_all FAIL (uninit bytes: 3) test_stackinit: big_hole_runtime_all FAIL (uninit bytes: 61) test_stackinit: u8 FAIL (uninit bytes: 1) test_stackinit: u16 FAIL (uninit bytes: 2) test_stackinit: u32 FAIL (uninit bytes: 4) test_stackinit: u64 FAIL (uninit bytes: 8) test_stackinit: char_array FAIL (uninit bytes: 16) test_stackinit: small_hole FAIL (uninit bytes: 24) test_stackinit: big_hole FAIL (uninit bytes: 128) test_stackinit: user FAIL (uninit bytes: 32) test_stackinit: failures: 16 CONFIG_GCC_PLUGIN_STRUCTLEAK=y This only tries to initialize structs with __user markings: test_stackinit: small_hole_static_all FAIL (uninit bytes: 3) test_stackinit: big_hole_static_all FAIL (uninit bytes: 61) test_stackinit: small_hole_dynamic_all FAIL (uninit bytes: 3) test_stackinit: big_hole_dynamic_all FAIL (uninit bytes: 61) test_stackinit: small_hole_runtime_partial FAIL (uninit bytes: 23) test_stackinit: big_hole_runtime_partial FAIL (uninit bytes: 127) test_stackinit: small_hole_runtime_all FAIL (uninit bytes: 3) test_stackinit: big_hole_runtime_all FAIL (uninit bytes: 61) test_stackinit: u8 FAIL (uninit bytes: 1) test_stackinit: u16 FAIL (uninit bytes: 2) test_stackinit: u32 FAIL (uninit bytes: 4) test_stackinit: u64 FAIL (uninit bytes: 8) test_stackinit: char_array FAIL (uninit bytes: 16) test_stackinit: small_hole FAIL (uninit bytes: 24) test_stackinit: big_hole FAIL (uninit bytes: 128) test_stackinit: user ok test_stackinit: failures: 15 CONFIG_GCC_PLUGIN_STRUCTLEAK=y CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y This initializes all structures passed by reference (scalars and strings remain uninitialized, but padding is wiped): test_stackinit: small_hole_static_all ok test_stackinit: big_hole_static_all ok test_stackinit: small_hole_dynamic_all ok test_stackinit: big_hole_dynamic_all ok test_stackinit: small_hole_runtime_partial ok test_stackinit: big_hole_runtime_partial ok test_stackinit: small_hole_runtime_all ok test_stackinit: big_hole_runtime_all ok test_stackinit: u8 FAIL (uninit bytes: 1) test_stackinit: u16 FAIL (uninit bytes: 2) test_stackinit: u32 FAIL (uninit bytes: 4) test_stackinit: u64 FAIL (uninit bytes: 8) test_stackinit: char_array FAIL (uninit bytes: 16) test_stackinit: small_hole ok test_stackinit: big_hole ok test_stackinit: user ok test_stackinit: failures: 5 CONFIG_GCC_PLUGIN_STACKINIT=y This initializes all variables, but has no special padding handling: test_stackinit: small_hole_static_all FAIL (uninit bytes: 3) test_stackinit: big_hole_static_all FAIL (uninit bytes: 61) test_stackinit: small_hole_dynamic_all FAIL (uninit bytes: 3) test_stackinit: big_hole_dynamic_all FAIL (uninit bytes: 61) test_stackinit: small_hole_runtime_partial ok test_stackinit: big_hole_runtime_partial ok test_stackinit: small_hole_runtime_all ok test_stackinit: big_hole_runtime_all ok test_stackinit: u8 ok test_stackinit: u16 ok test_stackinit: u32 ok test_stackinit: u64 ok test_stackinit: char_array ok test_stackinit: small_hole ok test_stackinit: big_hole ok test_stackinit: user ok test_stackinit: failures: 4 Signed-off-by: Kees Cook --- lib/Kconfig.debug | 9 ++ lib/Makefile | 1 + lib/test_stackinit.c | 327 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 337 insertions(+) create mode 100644 lib/test_stackinit.c diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index d4df5b24d75e..09788afcccc9 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2001,6 +2001,15 @@ config TEST_OBJAGG If unsure, say N. +config TEST_STACKINIT + tristate "Test level of stack variable initialization" + help + Test if the kernel is zero-initializing stack variables + from CONFIG_GCC_PLUGIN_STACKINIT, CONFIG_GCC_PLUGIN_STRUCTLEAK, + and/or GCC_PLUGIN_STRUCTLEAK_BYREF_ALL. + + If unsure, say N. + endif # RUNTIME_TESTING_MENU config MEMTEST diff --git a/lib/Makefile b/lib/Makefile index e1b59da71418..c81a66d4d00d 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -76,6 +76,7 @@ obj-$(CONFIG_TEST_KMOD) += test_kmod.o obj-$(CONFIG_TEST_DEBUG_VIRTUAL) += test_debug_virtual.o obj-$(CONFIG_TEST_MEMCAT_P) += test_memcat_p.o obj-$(CONFIG_TEST_OBJAGG) += test_objagg.o +obj-$(CONFIG_TEST_STACKINIT) += test_stackinit.o ifeq ($(CONFIG_DEBUG_KOBJECT),y) CFLAGS_kobject.o += -DDEBUG diff --git a/lib/test_stackinit.c b/lib/test_stackinit.c new file mode 100644 index 000000000000..e2ff56a1002a --- /dev/null +++ b/lib/test_stackinit.c @@ -0,0 +1,327 @@ +// SPDX-Licenses: GPLv2 +/* + * Test cases for -finit-local-vars and CONFIG_GCC_PLUGIN_STACKINIT. + */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include +#include + +/* Exfiltration buffer. */ +#define MAX_VAR_SIZE 128 +static char check_buf[MAX_VAR_SIZE]; + +/* Character array to trigger stack protector in all functions. */ +#define VAR_BUFFER 32 + +/* Volatile mask to convince compiler to copy memory with 0xff. */ +static volatile u8 forced_mask = 0xff; + +/* Location and size tracking to validate fill and test are colocated. */ +static void *fill_start, *target_start; +static size_t fill_size, target_size; + +static bool range_contains(char *haystack_start, size_t haystack_size, + char *needle_start, size_t needle_size) +{ + if (needle_start >= haystack_start && + needle_start + needle_size <= haystack_start + haystack_size) + return true; + return false; +} + +#define DO_NOTHING_TYPE_SCALAR(var_type) var_type +#define DO_NOTHING_TYPE_STRING(var_type) void +#define DO_NOTHING_TYPE_STRUCT(var_type) void + +#define DO_NOTHING_RETURN_SCALAR(ptr) *(ptr) +#define DO_NOTHING_RETURN_STRING(ptr) /**/ +#define DO_NOTHING_RETURN_STRUCT(ptr) /**/ + +#define DO_NOTHING_CALL_SCALAR(var, name) \ + (var) = do_nothing_ ## name(&(var)) +#define DO_NOTHING_CALL_STRING(var, name) \ + do_nothing_ ## name(var) +#define DO_NOTHING_CALL_STRUCT(var, name) \ + do_nothing_ ## name(&(var)) + +#define FETCH_ARG_SCALAR(var) &var +#define FETCH_ARG_STRING(var) var +#define FETCH_ARG_STRUCT(var) &var + +#define FILL_SIZE_SCALAR 1 +#define FILL_SIZE_STRING 16 +#define FILL_SIZE_STRUCT 1 + +#define INIT_CLONE_SCALAR /**/ +#define INIT_CLONE_STRING [FILL_SIZE_STRING] +#define INIT_CLONE_STRUCT /**/ + +#define INIT_SCALAR_NONE /**/ +#define INIT_SCALAR_ZERO = 0 + +#define INIT_STRING_NONE [FILL_SIZE_STRING] /**/ +#define INIT_STRING_ZERO [FILL_SIZE_STRING] = { } + +#define INIT_STRUCT_NONE /**/ +#define INIT_STRUCT_ZERO = { } +#define INIT_STRUCT_STATIC_PARTIAL = { .two = 0, } +#define INIT_STRUCT_STATIC_ALL = { .one = arg->one, \ + .two = arg->two, \ + .three = arg->three, \ + .four = arg->four, \ + } +#define INIT_STRUCT_DYNAMIC_PARTIAL = { .two = arg->two, } +#define INIT_STRUCT_DYNAMIC_ALL = { .one = arg->one, \ + .two = arg->two, \ + .three = arg->three, \ + .four = arg->four, \ + } +#define INIT_STRUCT_RUNTIME_PARTIAL ; \ + var.two = 0 +#define INIT_STRUCT_RUNTIME_ALL ; \ + var.one = 0; \ + var.two = 0; \ + var.three = 0; \ + memset(&var.four, 0, \ + sizeof(var.four)) + +/* + * @name: unique string name for the test + * @var_type: type to be tested for zeroing initialization + * @which: is this a SCALAR or a STRUCT type? + * @init_level: what kind of initialization is performed + */ +#define DEFINE_TEST(name, var_type, which, init_level) \ +static noinline int fill_ ## name(unsigned long sp) \ +{ \ + char buf[VAR_BUFFER + \ + sizeof(var_type) * FILL_SIZE_ ## which * 4]; \ + \ + fill_start = buf; \ + fill_size = sizeof(buf); \ + /* Fill variable with 0xFF. */ \ + memset(fill_start, (char)((sp && 0xff) | forced_mask), \ + fill_size); \ + \ + return (int)buf[0] | (int)buf[sizeof(buf)-1]; \ +} \ +/* no-op to force compiler into ignoring "uninitialized" vars */\ +static noinline DO_NOTHING_TYPE_ ## which(var_type) \ +do_nothing_ ## name(var_type *ptr) \ +{ \ + /* Will always be true, but compiler doesn't know. */ \ + if ((unsigned long)ptr > 0x2) \ + return DO_NOTHING_RETURN_ ## which(ptr); \ + else \ + return DO_NOTHING_RETURN_ ## which(ptr + 1); \ +} \ +static noinline int fetch_ ## name(unsigned long sp, \ + var_type *arg) \ +{ \ + char buf[VAR_BUFFER]; \ + var_type var INIT_ ## which ## _ ## init_level; \ + \ + target_start = &var; \ + target_size = sizeof(var); \ + /* \ + * Keep this buffer around to make sure we've got a \ + * stack frame of SOME kind... \ + */ \ + memset(buf, (char)(sp && 0xff), sizeof(buf)); \ + \ + /* Silence "never initialized" warnings. */ \ + DO_NOTHING_CALL_ ## which(var, name); \ + \ + /* Exfiltrate "var" or field of "var". */ \ + memcpy(check_buf, target_start, target_size); \ + \ + return (int)buf[0] | (int)buf[sizeof(buf) - 1]; \ +} \ +/* Returns 0 on success, 1 on failure. */ \ +static noinline int test_ ## name (void) \ +{ \ + var_type zero INIT_CLONE_ ## which; \ + int ignored; \ + u8 sum = 0, i; \ + \ + /* Notice when a new test is larger than expected. */ \ + BUILD_BUG_ON(sizeof(zero) > MAX_VAR_SIZE); \ + /* Clear entire check buffer for later bit tests. */ \ + memset(check_buf, 0x00, sizeof(check_buf)); \ + \ + /* Fill clone type with zero for per-field init. */ \ + memset(&zero, 0x00, sizeof(zero)); \ + /* Fill stack with 0xFF. */ \ + ignored = fill_ ##name((unsigned long)&ignored); \ + /* Extract stack-defined variable contents. */ \ + ignored = fetch_ ##name((unsigned long)&ignored, \ + FETCH_ARG_ ## which(zero)); \ + \ + /* Validate that compiler lined up fill and target. */ \ + if (!range_contains(fill_start, fill_size, \ + target_start, target_size)) { \ + pr_err(#name ": stack fill missed target!?\n"); \ + pr_err(#name ": fill %zu wide\n", fill_size); \ + pr_err(#name ": target offset by %ld\n", \ + (ssize_t)(uintptr_t)fill_start - \ + (ssize_t)(uintptr_t)target_start); \ + return 1; \ + } \ + \ + /* Look for any set bits in the check region. */ \ + for (i = 0; i < sizeof(check_buf); i++) \ + sum += (check_buf[i] != 0); \ + \ + if (sum == 0) \ + pr_info(#name " ok\n"); \ + else \ + pr_warn(#name " FAIL (uninit bytes: %d)\n", \ + sum); \ + \ + return (sum != 0); \ +} + +/* Structure with no padding. */ +struct test_packed { + unsigned long one; + unsigned long two; + unsigned long three; + unsigned long four; +}; + +/* Simple structure with padding likely to be covered by compiler. */ +struct test_small_hole { + size_t one; + char two; + /* 3 byte padding hole here. */ + int three; + unsigned long four; +}; + +/* Try to trigger unhandled padding in a structure. */ +struct test_aligned { + u32 internal1; + u64 internal2; +} __aligned(64); + +struct test_big_hole { + u8 one; + u8 two; + u8 three; + /* 61 byte padding hole here. */ + struct test_aligned four; +} __aligned(64); + +/* Test if STRUCTLEAK is clearing structs with __user fields. */ +struct test_user { + u8 one; + char __user *two; + unsigned long three; + unsigned long four; +}; + +/* These should be fully initialized all the time! */ +DEFINE_TEST(u8_zero, u8, SCALAR, ZERO); +DEFINE_TEST(u16_zero, u16, SCALAR, ZERO); +DEFINE_TEST(u32_zero, u32, SCALAR, ZERO); +DEFINE_TEST(u64_zero, u64, SCALAR, ZERO); +DEFINE_TEST(char_array_zero, unsigned char, STRING, ZERO); + +DEFINE_TEST(packed_zero, struct test_packed, STRUCT, ZERO); +DEFINE_TEST(small_hole_zero, struct test_small_hole, STRUCT, ZERO); +DEFINE_TEST(big_hole_zero, struct test_big_hole, STRUCT, ZERO); + +/* Static initialization: padding may be left uninitialized. */ +DEFINE_TEST(packed_static_partial, struct test_packed, STRUCT, STATIC_PARTIAL); +DEFINE_TEST(small_hole_static_partial, struct test_small_hole, STRUCT, STATIC_PARTIAL); +DEFINE_TEST(big_hole_static_partial, struct test_big_hole, STRUCT, STATIC_PARTIAL); + +DEFINE_TEST(small_hole_static_all, struct test_small_hole, STRUCT, STATIC_ALL); +DEFINE_TEST(big_hole_static_all, struct test_big_hole, STRUCT, STATIC_ALL); + +/* Dynamic initialization: padding may be left uninitialized. */ +DEFINE_TEST(small_hole_dynamic_partial, struct test_small_hole, STRUCT, DYNAMIC_PARTIAL); +DEFINE_TEST(big_hole_dynamic_partial, struct test_big_hole, STRUCT, DYNAMIC_PARTIAL); + +DEFINE_TEST(small_hole_dynamic_all, struct test_small_hole, STRUCT, DYNAMIC_ALL); +DEFINE_TEST(big_hole_dynamic_all, struct test_big_hole, STRUCT, DYNAMIC_ALL); + +/* Runtime initialization: padding may be left uninitialized. */ +DEFINE_TEST(small_hole_runtime_partial, struct test_small_hole, STRUCT, RUNTIME_PARTIAL); +DEFINE_TEST(big_hole_runtime_partial, struct test_big_hole, STRUCT, RUNTIME_PARTIAL); + +DEFINE_TEST(small_hole_runtime_all, struct test_small_hole, STRUCT, RUNTIME_ALL); +DEFINE_TEST(big_hole_runtime_all, struct test_big_hole, STRUCT, RUNTIME_ALL); + +/* No initialization without compiler instrumentation. */ +DEFINE_TEST(u8, u8, SCALAR, NONE); +DEFINE_TEST(u16, u16, SCALAR, NONE); +DEFINE_TEST(u32, u32, SCALAR, NONE); +DEFINE_TEST(u64, u64, SCALAR, NONE); +DEFINE_TEST(char_array, unsigned char, STRING, NONE); +DEFINE_TEST(small_hole, struct test_small_hole, STRUCT, NONE); +DEFINE_TEST(big_hole, struct test_big_hole, STRUCT, NONE); +DEFINE_TEST(user, struct test_user, STRUCT, NONE); + +static int __init test_stackinit_init(void) +{ + unsigned int failures = 0; + + /* These are explicitly initialized and should always pass. */ + failures += test_u8_zero(); + failures += test_u16_zero(); + failures += test_u32_zero(); + failures += test_u64_zero(); + failures += test_char_array_zero(); + failures += test_small_hole_zero(); + failures += test_big_hole_zero(); + failures += test_packed_zero(); + + /* Padding here appears to be accidentally always initialized. */ + failures += test_small_hole_dynamic_partial(); + failures += test_big_hole_dynamic_partial(); + failures += test_packed_static_partial(); + + /* Padding initialization depends on compiler behaviors. */ + failures += test_small_hole_static_partial(); + failures += test_big_hole_static_partial(); + failures += test_small_hole_static_all(); + failures += test_big_hole_static_all(); + failures += test_small_hole_dynamic_all(); + failures += test_big_hole_dynamic_all(); + failures += test_small_hole_runtime_partial(); + failures += test_big_hole_runtime_partial(); + failures += test_small_hole_runtime_all(); + failures += test_big_hole_runtime_all(); + + /* STACKINIT should cover everything from here down. */ + failures += test_u8(); + failures += test_u16(); + failures += test_u32(); + failures += test_u64(); + failures += test_char_array(); + + /* STRUCTLEAK_BYREF_ALL should cover from here down. */ + failures += test_small_hole(); + failures += test_big_hole(); + + /* STRUCTLEAK should cover this. */ + failures += test_user(); + + if (failures == 0) + pr_info("all tests passed!\n"); + else + pr_err("failures: %u\n", failures); + + return failures ? -EINVAL : 0; +} +module_init(test_stackinit_init); + +static void __exit test_stackinit_exit(void) +{ } +module_exit(test_stackinit_exit); + +MODULE_LICENSE("GPL");