From patchwork Tue Sep 26 06:47:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 9971105 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 39B7D602BD for ; Tue, 26 Sep 2017 06:48:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2AF3A28E7B for ; Tue, 26 Sep 2017 06:48:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1F48428E99; Tue, 26 Sep 2017 06:48:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 999CE28E7B for ; Tue, 26 Sep 2017 06:48:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S936736AbdIZGrv (ORCPT ); Tue, 26 Sep 2017 02:47:51 -0400 Received: from mail-oi0-f68.google.com ([209.85.218.68]:33686 "EHLO mail-oi0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933842AbdIZGrr (ORCPT ); Tue, 26 Sep 2017 02:47:47 -0400 Received: by mail-oi0-f68.google.com with SMTP id z73so5551287oia.0; Mon, 25 Sep 2017 23:47:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=PsEvcK00qK+dsHmnfbLaEKGdKNgYLeXgWN70UJEPpfA=; b=DQwqO8+HJkvMlpLe/7G/N/vY47XqnHcMp049iF9AJIU4+hOnZQxkXv8LYGW5/ueNQz CD/DIqq8w4GDyUuLfkZSwH0892h79fMl3E9eaSvrYEtpcFmRAgwhbJTL1toAZm6wB0UC bxEUm5SnQ6vlhj9+psAHFeKKBmFis6fbAl8TQAKZJqAcFvLAOBKBaehsaJLgWc5wHkJT NwQYAY5Rnydqjctupivk98eLekIDIrh4hjJfaj6impHPJ+Ro1Z3otLggCGNh2bgLXDLl cE9ziBBr5+NKOOa4AgUxHwkW+TWgBgxly5nIkqZ0amfLkfUy5ZZByQsYLDWz9gTjj6qF UYSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=PsEvcK00qK+dsHmnfbLaEKGdKNgYLeXgWN70UJEPpfA=; b=DSNlfzDbemses6WfnW0wZpd9FVMFT2nFxb/GIvdGgBEfc+/XAS6u3fCN7MM8cmmRDW fUpf7Yp2p7LefywI6R+GQhdkt+cO92M8qAUU1GbEaD1UXT3ucyc3a+sBx8UysaZgEE7Z FUWUBNNKVejzVLi5LBiJaTNmaoq6SIbtG4LSHsMAcLL2188DSFHS9/Wyhim2DJV7Gsoj /YqpSUPJcd9P5xR+tMY47767ZlHriL5eDBqssTAwRY9aE0eOIE27cGRJ6G9u4mAeonnD lAgWbzxmumJSOqtzYYDLZEyJzFfvZqYCovnvQqVgV86ty34YOa0iHyj89DwqvVuwGdkD jSew== X-Gm-Message-State: AHPjjUgq+b3ts5ug680lJ+Zs+6pEwkti6G4dtIpEXlM0t3RSW/DuSVmq S4cKbNRYvElBSUTj8b9/8hwRmpfLP9cGtJmvU6Q= X-Google-Smtp-Source: AOwi7QBkoQsPGX6+KCsfW699jGWzlBa61+GWW4zbkSgT42+3Eyz8LKSkStsBOCjtNVGsDFGyRlnkzbsFDw7yAoQILBk= X-Received: by 10.202.185.9 with SMTP id j9mr12374546oif.45.1506408466182; Mon, 25 Sep 2017 23:47:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.0.70 with HTTP; Mon, 25 Sep 2017 23:47:45 -0700 (PDT) In-Reply-To: References: <20170922212930.620249-1-arnd@arndb.de> <20170922212930.620249-5-arnd@arndb.de> <063D6719AE5E284EB5DD2968C1650D6DD007F521@AcuExch.aculab.com> From: Arnd Bergmann Date: Mon, 25 Sep 2017 23:47:45 -0700 X-Google-Sender-Auth: HQ_mIl9Uz7wWSjTodbVv7aMZaN0 Message-ID: Subject: Re: [PATCH v4 4/9] em28xx: fix em28xx_dvb_init for KASAN To: David Laight Cc: Mauro Carvalho Chehab , Jiri Pirko , Arend van Spriel , Kalle Valo , "David S. Miller" , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Masahiro Yamada , Michal Marek , Andrew Morton , Kees Cook , Geert Uytterhoeven , Greg Kroah-Hartman , "linux-media@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "netdev@vger.kernel.org" , "linux-wireless@vger.kernel.org" , "brcm80211-dev-list.pdl@broadcom.com" , "brcm80211-dev-list@cypress.com" , "kasan-dev@googlegroups.com" , "linux-kbuild@vger.kernel.org" , Jakub Jelinek , =?UTF-8?Q?Martin_Li=C5=A1ka?= , "stable@vger.kernel.org" Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Mon, Sep 25, 2017 at 11:32 PM, Arnd Bergmann wrote: > On Mon, Sep 25, 2017 at 7:41 AM, David Laight wrote: >> From: Arnd Bergmann >>> Sent: 22 September 2017 22:29 >> ... >>> It seems that this is triggered in part by using strlcpy(), which the >>> compiler doesn't recognize as copying at most 'len' bytes, since strlcpy >>> is not part of the C standard. >> >> Neither is strncpy(). >> >> It'll almost certainly be a marker in a header file somewhere, >> so it should be possibly to teach it about other functions. > > I'm currently travelling and haven't investigated in detail, but from > taking a closer look here, I found that the hardened 'strlcpy()' > in include/linux/string.h triggers it. There is also a hardened > (much shorted) 'strncpy()' that doesn't trigger it in the same file, > and having only the extern declaration of strncpy also doesn't. And a little more experimenting leads to this simple patch that fixes the problem: if (__builtin_constant_p(len) && len >= p_size) The problem is apparently that the fortified strlcpy calls the fortified strlen, which in turn calls strnlen and that ends up calling the extern '__real_strnlen' that gcc cannot reduce to a constant expression for a constant input. Not sure if that change is the best fix, but it seems to address the problem in this driver and probably leads to better code in other places as well. Arnd --- a/include/linux/string.h +++ b/include/linux/string.h @@ -254,7 +254,7 @@ __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) size_t q_size = __builtin_object_size(q, 0); if (p_size == (size_t)-1 && q_size == (size_t)-1) return __real_strlcpy(p, q, size); - ret = strlen(q); + ret = __builtin_strlen(q); if (size) { size_t len = (ret >= size) ? size - 1 : ret;