From patchwork Tue Sep 26 16:49:48 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Ryabinin X-Patchwork-Id: 9972373 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 88A1D6037F for ; Tue, 26 Sep 2017 16:47:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 794F2204C1 for ; Tue, 26 Sep 2017 16:47:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6DD47262AE; Tue, 26 Sep 2017 16:47:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 05E4C204C1 for ; Tue, 26 Sep 2017 16:47:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S967912AbdIZQrE (ORCPT ); Tue, 26 Sep 2017 12:47:04 -0400 Received: from mail-eopbgr00094.outbound.protection.outlook.com ([40.107.0.94]:17376 "EHLO EUR02-AM5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S936407AbdIZQrA (ORCPT ); Tue, 26 Sep 2017 12:47:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=97QMXsLibuzoIZ3BemGeHTunXNd6vTHVlSqS3rZHcwY=; b=AMpphwo543aSokt5Xy1j7J9O3I1nbJSrnW9sxfI6CjQKVCUpFQlYZCzHXWChnzXHjVpkGzI44dxiscyyLDW26pTi9R1ZrDFQZ4ThzTjqlNgCMKUavA0Rj/UtLqXV9ApBvOvBXbvmBW7r4is1CHyO9kZJDv1uMJO91QrpuicmnII= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=aryabinin@virtuozzo.com; Received: from [172.16.25.12] (195.214.232.6) by DB6PR08MB2824.eurprd08.prod.outlook.com (2603:10a6:6:1d::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Tue, 26 Sep 2017 16:46:51 +0000 Subject: Re: [PATCH v4 4/9] em28xx: fix em28xx_dvb_init for KASAN To: Arnd Bergmann , David Laight Cc: Mauro Carvalho Chehab , Jiri Pirko , Arend van Spriel , Kalle Valo , "David S. Miller" , Alexander Potapenko , Dmitry Vyukov , Masahiro Yamada , Michal Marek , Andrew Morton , Kees Cook , Geert Uytterhoeven , Greg Kroah-Hartman , "linux-media@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "netdev@vger.kernel.org" , "linux-wireless@vger.kernel.org" , "brcm80211-dev-list.pdl@broadcom.com" , "brcm80211-dev-list@cypress.com" , "kasan-dev@googlegroups.com" , "linux-kbuild@vger.kernel.org" , Jakub Jelinek , =?UTF-8?Q?Martin_Li=c5=a1ka?= , "stable@vger.kernel.org" References: <20170922212930.620249-1-arnd@arndb.de> <20170922212930.620249-5-arnd@arndb.de> <063D6719AE5E284EB5DD2968C1650D6DD007F521@AcuExch.aculab.com> From: Andrey Ryabinin Message-ID: Date: Tue, 26 Sep 2017 19:49:48 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Originating-IP: [195.214.232.6] X-ClientProxiedBy: AM5PR0701CA0020.eurprd07.prod.outlook.com (2603:10a6:203:51::30) To DB6PR08MB2824.eurprd08.prod.outlook.com (2603:10a6:6:1d::27) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c3c72870-5b1e-4fa7-246a-08d504fe30cc X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:DB6PR08MB2824; X-Microsoft-Exchange-Diagnostics: 1; DB6PR08MB2824; 3:CfN5z486WiSEWbqOZE9Edy9bORbnpWiwZR4r6gp1Yaa0ZnveTZey4n8ILdDVkrzElx21eTF9+zuUmYoz+aOG6N1VOr2anjwN5wKLOpE1ah22n51c9FQjZm1rka+Mdjm3TDerux+slrBxmFcY0LT8R7JEAAtVzHC+npnIr3xQqq1JLDs9kv4+RMU735QO28WW+4g67aLjVY+4gUwxztIYWVfmFDkxHMHZLbMQc+JYqyMmcw/StV+/xHBSmUCIgOmT; 25:m4hKirLtUXQvzaypD8chp5NuOaooRR9G/SvCTgpbJCWzt+afSWDTWDHnbPIm9O21dgv36n08rcnfV7ApyYjXipjcDa6wDsQT/XTBCZuqBcfhKOLeUyowkKBpGrTRUcPHkqEqvm/JlgYQzp4xEGm6CS1UUxyJAlDKYh0rJTeqXqHbuBKevap5I/lmAKzt2r5AV8pdJ1H6BK1IgGaIzLblFHi/4MTpqS27xXOol6KnG0h+pR8RS1L0WbFI5HUAkZYfyZ25afWJM3SQBcqQzI8oNS+VfUtzRrEh9c2uD9urWF6vRliv/KaCFOIYRNuUzmsxwqRR+5BzvuK5oXzqotd3kA==; 31:4f7RPZxBB2reHNaxkDeQQOVrbPR8koqr40xpHdCs//ptP38aNl1YyAl3AdLIn1r6KijY0qJNHPC0mbohvyhUrTOyyqGRc/Qn9Nvq0aBG3jbWhNTNRhY0AeqkxrSpydHJNZXNeJkLFsGHI2GkkQhdgGYTJyZp2AJqVfbBdeCuNE3NZyVU2wkV5wZPkSHJNT75L0kJ8PMIJA83Vr63lrMDtWTgNV0D73IxMBvljtuXKck= X-MS-TrafficTypeDiagnostic: DB6PR08MB2824: X-Microsoft-Exchange-Diagnostics: 1; DB6PR08MB2824; 20:e8TYPnd+BxPDEviM/Kubbb4hMcH/KlgkHLwBeObl8eW2GQsNhp4ekSiXK3wVZ4GQO5rkJNmaTf8O44OAPXxl0YkmBgNgvxz8pnUqJTMS3zOWpcdC/AH7bXGMRB4YiwZzPWDw8YQhfa02gvWY+BODr8LkaMk2FyHLP5HnIfQzyDqCVlzjX1nsqOe+VGVEiKyuJ1RHNd9WQFYUXohiOOPHfH5wMCm54eo+8ThyGhxGnGOMkYvI5rVN7+GgDcVxUR42ti1QzMCkXS9HbsKETyroZwmVFZjGMlMU+Gj3BG3T8oKVAtLnMmQ2NIH0dwk0RMt5uptWf0XYHRBCYjk5ZZ/W6u7e7zpcM+5ImhWrDThjz/XEXev00FdBaGAueiewSv9FMl7dS1UCa8krbtvbNtNxtOOZXj2/EniFebYgVwQXD1k=; 4:2EQ/XUn6vI4LycLZ9i6UgcQh5DqsnHF+sU7vTZjMsMlTefoEihF3ODvFdZC7+iWJiXwZ+1Mcov42amif3WJ3POMehrQs/GS3l4djoO0FQJ7VoO/iMVIl6xec3gGEdxBaiOboOTBLeO/g6GM86lLn7g2VSnhRcXTp7WMXoG5+VcQRqEagipk68BqBeJ7Rnt2BIuCt56aZYvGCL3UkwF9XvvWyDdlcNGyD5OKS2Bh36IiDmpLbhyJjYVUxfSuInNtE X-Exchange-Antispam-Report-Test: UriScan:; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6041248)(20161123562025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB6PR08MB2824; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB6PR08MB2824; X-Forefront-PRVS: 0442E569BC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6009001)(6049001)(346002)(376002)(189002)(377454003)(199003)(24454002)(54906003)(25786009)(6246003)(316002)(8936002)(65826007)(7736002)(189998001)(76176999)(6666003)(54356999)(229853002)(16526017)(16576012)(50986999)(64126003)(101416001)(53936002)(7416002)(58126008)(6116002)(23676002)(8676002)(305945005)(36756003)(33646002)(93886005)(68736007)(106356001)(5660300001)(97736004)(3846002)(105586002)(47776003)(50466002)(83506001)(2906002)(2950100002)(31696002)(81156014)(230700001)(4326008)(81166006)(65806001)(66066001)(65956001)(110136005)(478600001)(77096006)(31686004)(53546010)(86362001)(6486002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB6PR08MB2824; H:[172.16.25.12]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: virtuozzo.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQjZQUjA4TUIyODI0OzIzOktRcDNXUHVEdUZwV1drSDBROFVGUmY4Ym5n?= =?utf-8?B?NVJJZnVlZVFROEtQaGlkOVFHeDJ5RVVRSUhGVkFDQ3FJSzdLb3lFY0o4VVhQ?= =?utf-8?B?MHJodTBBVkdSWkNqYmNKNi95aHVqUS9aVzJJTnpVMnoxUERyZXhvKzFvN2Nt?= =?utf-8?B?aXRmSUFoRUZNdTU0aWp0Mi9FUjNlOHpvcjJZZWF1N1hnL1p5ejZhaWhmVnB0?= =?utf-8?B?N1p1dGFJTVNQWkFCam9Wc0tQN2pYdlhEbVE0Zi9QUkhNUzErRFlwZlc5Z3Ru?= =?utf-8?B?eWJtU3hUckIxKys0d2pRbDBGS0dPRlZtM3NXMEgyT1E3YjFvd1JEbXRaeXVH?= =?utf-8?B?VFFHTHhzeGhKRnVGTDdJUU0xSDN3eU1KVm1qcmxVdm40RzJqcWZWMk1Sc3ZD?= =?utf-8?B?R0RUandQcVluSUJtSUVoQVJKYkxQZXpXdVF0RXBJa1BMZkgzRDl1THRqbDM0?= =?utf-8?B?dXFzdVNFOE5TVDVINjZFT2M3YWJ1VXlCSlBpTG9IMzRYd0d5L1cxVjl4OXM4?= =?utf-8?B?c2tyNkw4dy8rNjVKRlFkVlhkUXFUWndoNjRqUzdpcHpXdHlMcUJBaHlQSFIy?= =?utf-8?B?K29zazc2c0E5N0NJSThZT1ZzUCt4cjJYKzZ3SmkzT0hXb0JFSWpJQmNSY1NB?= =?utf-8?B?UHF5VTZRQ1ZYKzR1K3AvYkZwTERadlNwWTFuTFgwRys2WE9OU2JUSkFFVjlZ?= =?utf-8?B?TmdaeTBHTUNkNzJhelNyQ2lOVk43VHNTbHc2RXEyUDIxb2RjdU1qYStHUUFH?= =?utf-8?B?WjludDh4NzhMWTJGc3E5dFlTMDhhS2JPakdoYWRjQ0VpQm9iWlFTSWdXVVRo?= =?utf-8?B?UlRlUkNxd0t5cUNWSjhZNWg1T3pIaThKU2hIRUVlRy9PQ0tWeGozVXVLaUFl?= =?utf-8?B?YSt6QTIvRFRYWGMycVEvOTM1SzR3WGNwRkxNdUZaUDFZK3BmUXFBSVlVakJR?= =?utf-8?B?dTUzUmFHVlB2V2pUdVZyMjN6WE56SmxucGtJUjc2c2pyaEZsMXN1SXpjWGRy?= =?utf-8?B?OTllRUhYQlZmeDlhK1lyYS9Wd0ZRMHlFMjdIS2U3czgvV2NITXlqYlp1Uzg0?= =?utf-8?B?ZWdITzJWcC9zTVNIM1M1WE84WFJiMmtiRU9DTHZSYjczbXplTDhZT2Eyd2lP?= =?utf-8?B?bnlNRExabWdaUTkxa1FZU2tXcElmbndGTUU5a09laXowekx4MEhhWVJQVC9l?= =?utf-8?B?cTl1cTlwalVjSW9UcVRUTUV4MEpUSm1JSUF2ZkNKb0llMUdjRlRiYWRNZlU4?= =?utf-8?B?QVRZQVEyZ0lIdDdUVVlLb1E4dEVuY3JqUlBoSzUzS2laNFRNNFYxUXJMa055?= =?utf-8?B?UU0xeHZZV0VBOTRxYjhyVHBQaGFPQ3JWcDA4Wm5JVUdQYncwQVdmSkY2bFlq?= =?utf-8?B?bkhLaThZSFhUeDV1VGZFL0FPRUNsQmZIQ2lra2l5a1Y0NFQwbGtWSHNGeXEr?= =?utf-8?B?b25HMUQ5VnNJenZUTWRsdmFUTXNoZG5pa2g5MkJ1bXpDenhVNHdDYzNHQkRE?= =?utf-8?B?U1liamhnbmw5bUlreU10MzRkTjNYWENZQUpMWld5NkYvWWsxM0h1ZXlZeXh1?= =?utf-8?B?ZlpndEM5Mkx2ZjFuNjNSWUF4L01ybXN2S2M1cTFXcnNmc1JsVFpDMmUwVXBl?= =?utf-8?B?YWNwd0cwS250RERxZjFlOFgvNkMyVDZFbkxheGdONXcyOXhJRVp6ZXpEUGRt?= =?utf-8?B?VmZiVnBGRG4wclhheHZmeWM3SFhaNjBZcjl6WHh1b2oxa1FnVXMvYm51MWJQ?= =?utf-8?B?TjdXVFg5MG1MdThqd2xSL2JadTdXM3VYMUNOdVBKQThKY0ROdVhPUjFRbVBZ?= =?utf-8?B?WlozQkhXZW9PMTJCaWxreWxrOGdseTBrWG4rc1JUYThPb0lDc04rRFlQU0Jn?= =?utf-8?Q?Bt+24bXslGCNXMBr3rsm2Or5cOe/artw?= X-Microsoft-Exchange-Diagnostics: 1; DB6PR08MB2824; 6:ujp5yLHtl8a7qVfNZBCdQj1/fXASyfNdxEHXDNJOyA6fCd5nw7zK2eNwYIuL3Yi1ghokO/c5YxPpIQGm7vVBFDQyjdd6+WQqlESfDIFrjP3kSI2JmVzMVBxkTkodn0mGUkP5tmHsKkmSLmSegO2JjqOz+U9P36oMipb0Yze04cgf58y1BUftxE0npujxOnrZ8/GlNmvBaVFttJbIRkDWmMhcMC4iuKq2gngwUORltfx0KE2FsmWHVx2xi4nITF57+zmbyI3H9j4JKsgxNLtdQWuJFCevFeCPQg6DYxRBGC0WU7fIMYSAJuoNhJ7LvlRZr9QrptZYGnMWuPZnu27OYw==; 5:v11jrcdNDy3Kn/plB4t2MbX7khtE1ZFUCLpWDruFX7oLYqpUrCFxAwim+EFBTeVR/BIt5P8atN8/H4kIa0v7978iSg+/pXKkvvPkL8pY7VZ68Dt7SQHhun2xFLjvcInQTgtnTAADHzO8KeSEJtQHNw==; 24:cZKQES2mNrdJ4pInJxkVw0mJUeq71lAbTmHbP/cSDIqWm0O88bVNoDhW/ffAWM6wqkOK7P45M70Y3F9YBQG+6Ewnnv2tuIhHp1Z6OorYY/A=; 7:a4lxO9TICJPNfuXIkkfim9C5qGzEo49yZrBdtkNtWTBgLiEq9LggLmUeA61qHmyokvB1EpWxwmPtxvKIfvIMgUrMoQIFvgHQtPFMZRgSeMRWAqw+xp3RItDY69d/b61tDQjyaTNnrysrPcGTNJzqA1hVmRZkURof3pxUEdGG9JQfLKg2y+BwxYXUJUsvftd97ZH14qVs02dZ0yueqYwjSg0I/EiTjY3+PHMFHVGI/AE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DB6PR08MB2824; 20:5GJtSwDKXT2vJDAB+4wKjmJB5OFue5dQvkVkCV4sKxC7BU4w6UpvyzbQXxOPLoS4FmUuD2nLSnYpHYK5/1a1DyLO/lVsyJlMaWT7pUc7G8i5WXLopixgRl9RYRsIZhpeSSQeIspNUh50M2O/nfNggs3+gBbvjrYIlOfIW54beYw= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Sep 2017 16:46:51.0153 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR08MB2824 Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On 09/26/2017 09:47 AM, Arnd Bergmann wrote: > On Mon, Sep 25, 2017 at 11:32 PM, Arnd Bergmann wrote: >> On Mon, Sep 25, 2017 at 7:41 AM, David Laight wrote: >>> From: Arnd Bergmann >>>> Sent: 22 September 2017 22:29 >>> ... >>>> It seems that this is triggered in part by using strlcpy(), which the >>>> compiler doesn't recognize as copying at most 'len' bytes, since strlcpy >>>> is not part of the C standard. >>> >>> Neither is strncpy(). >>> >>> It'll almost certainly be a marker in a header file somewhere, >>> so it should be possibly to teach it about other functions. >> >> I'm currently travelling and haven't investigated in detail, but from >> taking a closer look here, I found that the hardened 'strlcpy()' >> in include/linux/string.h triggers it. There is also a hardened >> (much shorted) 'strncpy()' that doesn't trigger it in the same file, >> and having only the extern declaration of strncpy also doesn't. > > And a little more experimenting leads to this simple patch that fixes > the problem: > > --- a/include/linux/string.h > +++ b/include/linux/string.h > @@ -254,7 +254,7 @@ __FORTIFY_INLINE size_t strlcpy(char *p, const > char *q, size_t size) > size_t q_size = __builtin_object_size(q, 0); > if (p_size == (size_t)-1 && q_size == (size_t)-1) > return __real_strlcpy(p, q, size); > - ret = strlen(q); > + ret = __builtin_strlen(q); I think this is not correct. Fortified strlen called here on purpose. If sizeof q is known at compile time and 'q' contains not-null fortified strlen() will panic. > if (size) { > size_t len = (ret >= size) ? size - 1 : ret; > if (__builtin_constant_p(len) && len >= p_size) > > The problem is apparently that the fortified strlcpy calls the fortified strlen, > which in turn calls strnlen and that ends up calling the extern '__real_strnlen' > that gcc cannot reduce to a constant expression for a constant input. Per my observation, it's the code like this: if () fortify_panic(__func__); somehow prevent gcc to merge several "struct i2c_board_info info;" into one stack slot. With the hack bellow, stack usage reduced to ~1,6K: --- include/linux/string.h | 4 ---- 1 file changed, 4 deletions(-) > Not sure if that change is the best fix, but it seems to address the problem in > this driver and probably leads to better code in other places as well. > Probably it would be better to solve this on the strlcpy side, but I haven't found the way to do this right. Alternative solutions: - use memcpy() instead of strlcpy(). All source strings are smaller than I2C_NAME_SIZE, so we could do something like this - memcpy(info.type, "si2168", sizeof("si2168")); Also this should be faster. - Move code under different "case:" in the switch(dev->model) to the separate function should help as well. But it might be harder to backport into stables. diff --git a/include/linux/string.h b/include/linux/string.h index 54d21783e18d..9a96ff3ebf94 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -261,8 +261,6 @@ __FORTIFY_INLINE __kernel_size_t strlen(const char *p) if (p_size == (size_t)-1) return __builtin_strlen(p); ret = strnlen(p, p_size); - if (p_size <= ret) - fortify_panic(__func__); return ret; } @@ -271,8 +269,6 @@ __FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen) { size_t p_size = __builtin_object_size(p, 0); __kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size); - if (p_size <= ret && maxlen != ret) - fortify_panic(__func__); return ret; }