From: Kees Cook <keescook@google.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Linux-MM <linux-mm@kvack.org>,
Andrew Morton <akpm@linux-foundation.org>,
kasan-dev <kasan-dev@googlegroups.com>,
Fengguang Wu <fengguang.wu@intel.com>,
Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>
Subject: Re: [PATCH v2] KASAN: prohibit KASAN+STRUCTLEAK combination
Date: Thu, 19 Apr 2018 13:43:11 -0700 [thread overview]
Message-ID: <CAGXu5jK0fWnyQUYP3H5e8hP-6QbtmeC102a-2Mab4CSqj4bpgg@mail.gmail.com> (raw)
In-Reply-To: <20180419172451.104700-1-dvyukov@google.com>
On Thu, Apr 19, 2018 at 10:24 AM, Dmitry Vyukov <dvyukov@google.com> wrote:
> Currently STRUCTLEAK inserts initialization out of live scope of
> variables from KASAN point of view. This leads to KASAN false
> positive reports. Prohibit this combination for now.
>
> Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
> Cc: linux-mm@kvack.org
> Cc: kasan-dev@googlegroups.com
> Cc: Fengguang Wu <fengguang.wu@intel.com>
> Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
> Cc: Kees Cook <keescook@google.com>
This seems fine until we have a better solution. Thanks!
Acked-by: Kees Cook <keescook@chromium.org>
-Kees
>
> ---
>
> This combination leads to periodic confusion
> and pointless debugging:
>
> https://marc.info/?l=linux-kernel&m=151991367323082
> https://marc.info/?l=linux-kernel&m=151992229326243
> https://lkml.org/lkml/2017/11/30/33
>
> Changes since v1:
> - replace KASAN with KASAN_EXTRA
> Only KASAN_EXTRA enables variable scope checking
> ---
> arch/Kconfig | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/Kconfig b/arch/Kconfig
> index 8e0d665c8d53..75dd23acf133 100644
> --- a/arch/Kconfig
> +++ b/arch/Kconfig
> @@ -464,6 +464,10 @@ config GCC_PLUGIN_LATENT_ENTROPY
> config GCC_PLUGIN_STRUCTLEAK
> bool "Force initialization of variables containing userspace addresses"
> depends on GCC_PLUGINS
> + # Currently STRUCTLEAK inserts initialization out of live scope of
> + # variables from KASAN point of view. This leads to KASAN false
> + # positive reports. Prohibit this combination for now.
> + depends on !KASAN_EXTRA
> help
> This plugin zero-initializes any structures containing a
> __user attribute. This can prevent some classes of information
> --
> 2.17.0.484.g0c8726318c-goog
>
--
Kees Cook
Pixel Security
next prev parent reply other threads:[~2018-04-19 20:43 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-19 17:24 Dmitry Vyukov
2018-04-19 20:43 ` Kees Cook [this message]
2018-04-20 5:33 ` Dennis Zhou
2018-04-20 5:56 ` Dmitry Vyukov
2018-04-21 21:06 ` Dennis Zhou
2018-04-21 21:13 ` Kees Cook
2018-04-22 0:15 ` Dennis Zhou
2018-04-30 23:41 ` Kees Cook
2018-05-01 0:36 ` Dennis Zhou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGXu5jK0fWnyQUYP3H5e8hP-6QbtmeC102a-2Mab4CSqj4bpgg@mail.gmail.com \
--to=keescook@google.com \
--cc=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=dvyukov@google.com \
--cc=fengguang.wu@intel.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-mm@kvack.org \
--cc=sergey.senozhatsky.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox