From patchwork Thu Jan 12 23:40:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9514429 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0346060710 for ; Thu, 12 Jan 2017 23:41:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0BCEF2862E for ; Thu, 12 Jan 2017 23:41:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 003C728666; Thu, 12 Jan 2017 23:41:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id C8CBB2862E for ; Thu, 12 Jan 2017 23:40:59 +0000 (UTC) Received: (qmail 19737 invoked by uid 550); 12 Jan 2017 23:40:57 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: kernel-hardening@lists.openwall.com Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 19699 invoked from network); 12 Jan 2017 23:40:54 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=StRg33M1BK9QCgfnFhhTzV+JJx30Da8vS/1ExQpecK4=; b=sdSEZDWnrgbY2BoXJHnmEoEVAhIgL82sAubxi4CCleNS6Kag2HjOPSoNSR27nEZ6nn +nU+LFq/Z0o6Llm/NMP/PpPniTEXeftwNygKkarypsR1Eyvem+jnSQtmMeOi1ioWkid5 uZIcbKjjikADxAGTD2W0RNIxTunYh99NJgdWHw4bfYOQ97xibseGXu6fjM+Ol2VhHSBa 7w4EGkRomfRZeJxPlXbwnhSeDaYVYmUL9wvf+XX1GwQPt5pY+cEhVx7Mwthg0E+gBXzD itbKH6MwFSkarI9/qVABzFwqK6eTQjddWD6mSQV1W2uPVQi8ZSuHkqf0bwvI2YrcmuRy k0ig== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=StRg33M1BK9QCgfnFhhTzV+JJx30Da8vS/1ExQpecK4=; b=CvwMGAwgGuRys7wypTOF3UJ4HI3c8NxFrG4aIXWkq43Yn5Eex0h/A1dVYqF78fYDlp p7/JjbU9Ycuz968mIOgV6ymYqcCMO9J2oMQpoxOcKro8y5jGXH/MxmIBGqa7q7daLsT0 mLZTxMlXIpngOqs1iMq78X+ToTb8sqsQLnZpk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-transfer-encoding; bh=StRg33M1BK9QCgfnFhhTzV+JJx30Da8vS/1ExQpecK4=; b=C28lT/Bz3P3UidMdbRyTh5m9ww+dsxe7or0UxAWKyQ/8hFTV2Ywe5uJKqVios0n4Lo 4FPIynFlHR7cY2M6XK9zEPX7+GWDvT0/7yHBlS42ulSuMLWKuwbIl6bbi1IYK3PRikQe lygND6rZNkeoBFzXA9rkNc9D6raZtq8wXkxL6PAGCrrUAyso6VyZRcQqNEtDEclBWcag 97fJp5Q+gkd9D6YwlVe63qCZef/bzM+z6BMsiXZyYnTUh753pW/zOokTnWIaq9UoA1I5 W0HTNlHsvNpyJ61+ZjYCnQuF1uGHXGKZ4jjgVRwXaohTC6bVoebDK587wimAuthenJN9 eFIQ== X-Gm-Message-State: AIkVDXLVoS5Ssev2eMFETRG5jIqeTg9gvYfJyO+G1SxqZ+rhwe6I94uSZkqeriqak9jsgaHA8V2eOdrgfqsqIRL+ X-Received: by 10.36.194.70 with SMTP id i67mr614025itg.21.1484264442586; Thu, 12 Jan 2017 15:40:42 -0800 (PST) MIME-Version: 1.0 Sender: keescook@google.com In-Reply-To: References: <1481925984-98605-1-git-send-email-keescook@chromium.org> <20161219121046.646e5ef425178fce8c2cb555@gmail.com> <20170111012459.c0a0c615c99a389e4d89c8b5@gmail.com> <20170112224116.680debbf6f5c288ba51a46c0@gmail.com> From: Kees Cook Date: Thu, 12 Jan 2017 15:40:41 -0800 X-Google-Sender-Auth: dH1zcEbGlb6efr8crH_PBl3zJO4 Message-ID: To: Emese Revfy Cc: "kernel-hardening@lists.openwall.com" , LKML , Arnd Bergmann , Josh Triplett , PaX Team , Brad Spengler , Michal Marek , Masahiro Yamada , linux-kbuild , minipli@ld-linux.so, Russell King , Catalin Marinas , Rasmus Villemoes , David Brown , "benh@kernel.crashing.org" , Thomas Gleixner , Andrew Morton , Jeff Layton , Sam Ravnborg Subject: [kernel-hardening] Re: [PATCH v4 0/4] Introduce the initify gcc plugin X-Virus-Scanned: ClamAV using ClamSMTP On Thu, Jan 12, 2017 at 3:27 PM, Kees Cook wrote: > On Thu, Jan 12, 2017 at 1:41 PM, Emese Revfy wrote: >> On Tue, 10 Jan 2017 17:09:31 -0800 >> Kees Cook wrote: >> >>> WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from >>> the function rebind_subsystems() to the variable >>> .init.rodata.str:__func__.4400 >>> The function rebind_subsystems() references >>> the variable __initconst __func__.4400. >>> This is often because rebind_subsystems lacks a __initconst >>> annotation or the annotation of __func__.4400 is wrong. >> >> Thanks for the report, you can find the fix here: >> https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56 > > Awesome! I can confirm, it builds without warnings now. Thanks! Hm, actually, with an "allyesconfig" build, I'm still seeing warnings (and possibly some nocapture verification failures). Most look like this: WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in reference from the function clk_gate() to the variable .init.rodata.str:__func__.29708 The function clk_gate() references the variable __initconst __func__.29708. This is often because clk_gate lacks a __initconst annotation or the annotation of __func__.29708 is wrong. And there's this (should KASAN be disabled for initify?) mm/kasan/kasan.c: In function ‘memmove’: mm/kasan/kasan.c:346:7: warning: ‘memmove’ captures its 2 (‘src’) parameter, please remove it from the nocapture attribute. void *memmove(void *dest, const void *src, size_t len) ^ mm/kasan/kasan.c: In function ‘memcpy’: mm/kasan/kasan.c:355:7: warning: ‘memcpy’ captures its 2 (‘src’) parameter, please remove it from the nocapture attribute. void *memcpy(void *dest, const void *src, size_t len) ^ And ACPI: drivers/acpi/acpica/utdebug.c: In function ‘acpi_debug_print’: drivers/acpi/acpica/utdebug.c:158:1: warning: ‘acpi_debug_print’ captures its 3 (‘function_name’) parameter, please remove it from the nocapture attribute. acpi_debug_print(u32 requested_debug_level, ^ I used my initify v5 development tree, with the following patch, with "make allyesconfig": http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify static analysis. @@ -429,6 +428,7 @@ config GCC_PLUGIN_INITIFY config GCC_PLUGIN_INITIFY_VERBOSE bool "Report initification" depends on GCC_PLUGIN_INITIFY + depends on !COMPILE_TEST help Print all initified strings and all functions which should be __init/__exit. I'll see if acpi needs __noverified_nocapture ... -Kees diff --git a/arch/Kconfig b/arch/Kconfig index b6009a21ebea..5693ef5f22c8 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -359,7 +359,6 @@ config HAVE_GCC_PLUGINS menuconfig GCC_PLUGINS bool "GCC plugins" depends on HAVE_GCC_PLUGINS - depends on !COMPILE_TEST help GCC plugins are loadable modules that provide extra features to the compiler. They are useful for runtime instrumentation and