Received: by 10.223.185.116 with SMTP id b49csp6407691wrg;
        Wed, 28 Feb 2018 08:55:43 -0800 (PST)
X-Google-Smtp-Source: AH8x226MWJxpE3IUckc8mC3R1b3gTJAFBl27HLmtsG0NbaHJF3FyIJcTCPLDk4aAQDzVmOFhgAst
X-Received: by 2002:a17:902:7614:: with SMTP id k20-v6mr18626535pll.343.1519836942896;
        Wed, 28 Feb 2018 08:55:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519836942; cv=none;
        d=google.com; s=arc-20160816;
        b=1GoFfbc6Vp+eYZxZSNh7P6SDF7G2e9mG2Ufl68HEZ4LzC8VRx+lZea1iUHwz1w6Flv
         HGED6x8SHu71EBbbJ1aU/pjTaB8Ac+wLM3e+hNMwu29iiqufIZnWaCmhJvbKqhYjewsT
         QR8CWJJpz8YRJIboCjBibCA+Yq/889JjdbbeFjYNtQCaGKUUNMXbOfIIqZLwLQJo8XBo
         Rvng2WDZrqVzqlFzbribK59SJmDHk3O3jfJKDPEiO5iXyf3tvbY1vaodNKX07f1LKPeD
         i0komnG20h1CmAv7peRwCpXqDMDq/X3MvPJ6dCOgegLttbJL34reeF4iTS09R3FVguTH
         p/nA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=lQGQYNjMbStrTjN8r5FD6Rr7Hpoc1lOFNiAIPjronv4=;
        b=LWWQTUBxFqjNAsKBkF5aBNyZ688ELu1bK/D6nFPkMwXm3tHkl/Knn2NRcNEXyoOKbH
         /1dQzFPBRuSyvhILcp+y/ImIe1kjhPsvqE0pIVP8gZbBAteRbxxkgR0d6UenVHiFhrr3
         xXvifbXFnnmcHiA5fe5LcrS3MEA26FbG+TrG3U0bWEQ2on0ellJjjSM6gpdkkQ0e3Cgb
         ef+UKI8V7hVxr8+jpPU+SOoxbPoBdJmG9wJq7VWsF3qzchkmAsA0FzpHm0OoqxzTPFTN
         RTkHiopRA2MPOXG01Qc4sBgu6hikk4WxiRrkSf2SohlRgKRhrWG0Dl/YI3oJCWSanW3j
         Pl4A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=k6+2oB/n;
       dkim=fail header.i=@chromium.org header.s=google header.b=lJ7z/wOa;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v189si1223963pgb.706.2018.02.28.08.55.27;
        Wed, 28 Feb 2018 08:55:42 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=k6+2oB/n;
       dkim=fail header.i=@chromium.org header.s=google header.b=lJ7z/wOa;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932323AbeB1Qyr (ORCPT <rfc822;speed.demon0047@gmail.com>
        + 99 others); Wed, 28 Feb 2018 11:54:47 -0500
Received: from mail-vk0-f65.google.com ([209.85.213.65]:46326 "EHLO
        mail-vk0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751890AbeB1Qyd (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 28 Feb 2018 11:54:33 -0500
Received: by mail-vk0-f65.google.com with SMTP id x125so1875066vkc.13
        for <linux-kernel@vger.kernel.org>; Wed, 28 Feb 2018 08:54:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=lQGQYNjMbStrTjN8r5FD6Rr7Hpoc1lOFNiAIPjronv4=;
        b=k6+2oB/ntQgDyoinFn7AgJebL9kh0E3pO1o+91YlGG93se9PAS9LVc/3Jq+Tov438j
         V4iGwDLS8YjbwB/xP0hLOLe02+IIvAgYFtHhhNXpWosGlKmfuSuA1ALt1Mt2uKMloqMe
         ngt1CbPYDYR3vNzxYzsRNZk1LxH2AGkLh67PNNXGd4sZhdYsogdDLUJj/EG70tRRD5ee
         AZRvCfPHP3V8JpoeDODlYpvfihxC4jAaX3bBgHRkf57pU58DDjZul77FuKMBVJ9VhR+Y
         9eFqUc9Gb1rD2wawEW7lKU2qtAkywvZY5F780YHb436Z2nTOjPZi+ECmXsTrdDKQXKz/
         joEw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=lQGQYNjMbStrTjN8r5FD6Rr7Hpoc1lOFNiAIPjronv4=;
        b=lJ7z/wOagnWXMRQdfRNPYDMsXZgTKeh6+HwplsSO1z2g2xTtIroYY4CK2Vu3Wc8T29
         b2wqY8y2jCdHD3QBeAKob2TBKO/+wj7YKcMjuCZyDRjS5E73JZLDpxQ3VXl1VM6vatuL
         D8VsPboJvRJ0xa9zB2OT4U/kjIAKcZeClZJJg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=lQGQYNjMbStrTjN8r5FD6Rr7Hpoc1lOFNiAIPjronv4=;
        b=TsFTJvlwdRR/Uv95rkyZ1KArD+hAgZsBHhjHb4fbbSthJrtKCHyUW6tgq5b5fSK1Jd
         8UUSIhyx3XCcmvdTRcfEUwxwQgLnJwYdteIzqmFxyqrXP7SehpIXpRK++fXZjsL4/6/j
         2h+YSDeKozSdZIjTq45tqoBYCw9p/W0a0xwdJ9ERqiiFzxOEFSeDLQ/Ga+ts+8mD3X9X
         sCxpBLTao445L+//WBFA5aZet17pIaKZgdDnqe5SwT1UN5Fgx+M2WbnbMV8KbnrZu4RS
         Ha0YeKcWrJOphvjDydAZtxJV1SLLUd+ddIh4OuEAt2qYjcAhV8SJOthk1wrp4F4HmB6C
         WDsg==
X-Gm-Message-State: APf1xPCLMDggHUtxSdaODR2Id01qvZ2NqQRUpN/yyoZasAKtjJ78Vbuu
        frIJirmZaDqqYaxb3ZnhD2aTxcFkwPxXp06MGU0cgw==
X-Received: by 10.31.168.142 with SMTP id r136mr13525797vke.149.1519836872493;
 Wed, 28 Feb 2018 08:54:32 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.242.140 with HTTP; Wed, 28 Feb 2018 08:54:31 -0800 (PST)
In-Reply-To: <20180228142951.GA3136@pjb1027-Latitude-E5410>
References: <20180228142951.GA3136@pjb1027-Latitude-E5410>
From:   Kees Cook <keescook@chromium.org>
Date:   Wed, 28 Feb 2018 08:54:31 -0800
X-Google-Sender-Auth: x_kHSa_GLbZy0dkNEY1ZOvJQxxA
Message-ID: <CAGXu5jKkHAHpzEpmHNJ6iPhXJKXoZH9Wy4mnCnE1=TEgTcHSRw@mail.gmail.com>
Subject: Re: [kernel-hardening] [PATCH 1/2] arm: mm: Define vdso_start,
 vdso_end as array
To:     Jinbum Park <jinb.park7@gmail.com>
Cc:     linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        Philippe Ombredanne <pombredanne@nexb.co>,
        Greg KH <gregkh@linuxfoundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Kate Stewart <kstewart@linuxfoundation.org>,
        Andy Lutomirski <luto@amacapital.net>,
        Dmitry Safonov <dsafonov@virtuozzo.com>,
        Will Deacon <will.deacon@arm.com>,
        Mark Rutland <mark.rutland@arm.com>,
        Daniel Micay <danielmicay@gmail.com>,
        Arnd Bergmann <arnd@arndb.de>,
        Catalin Marinas <catalin.marinas@arm.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Feb 28, 2018 at 6:29 AM, Jinbum Park <jinb.park7@gmail.com> wrote:
> Define vdso_start, vdso_end as array to avoid compile-time analysis error
> for the case of built with CONFIG_FORTIFY_SOURCE.
>
> and, since vdso_start, vdso_end are used in vdso.c only,
> move extern-declaration from vdso.h to vdso.c.
>
> If kernel is built with CONFIG_FORTIFY_SOURCE,
> compile-time error happens at this code.
> - if (memcmp(&vdso_start, "\177ELF", 4))
>
> The size of "&vdso_start" is recognized as 1 byte, but n is 4,
> So that compile-time error is reported.
>
> Signed-off-by: Jinbum Park <jinb.park7@gmail.com>

Thanks!

Acked-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
>  arch/arm/include/asm/vdso.h |  2 --
>  arch/arm/kernel/vdso.c      | 12 +++++++-----
>  2 files changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/arch/arm/include/asm/vdso.h b/arch/arm/include/asm/vdso.h
> index 9c99e81..5b85889 100644
> --- a/arch/arm/include/asm/vdso.h
> +++ b/arch/arm/include/asm/vdso.h
> @@ -12,8 +12,6 @@
>
>  void arm_install_vdso(struct mm_struct *mm, unsigned long addr);
>
> -extern char vdso_start, vdso_end;
> -
>  extern unsigned int vdso_total_pages;
>
>  #else /* CONFIG_VDSO */
> diff --git a/arch/arm/kernel/vdso.c b/arch/arm/kernel/vdso.c
> index a4d6dc0..f4dd7f9 100644
> --- a/arch/arm/kernel/vdso.c
> +++ b/arch/arm/kernel/vdso.c
> @@ -39,6 +39,8 @@
>
>  static struct page **vdso_text_pagelist;
>
> +extern char vdso_start[], vdso_end[];
> +
>  /* Total number of pages needed for the data and text portions of the VDSO. */
>  unsigned int vdso_total_pages __ro_after_init;
>
> @@ -197,13 +199,13 @@ static int __init vdso_init(void)
>         unsigned int text_pages;
>         int i;
>
> -       if (memcmp(&vdso_start, "\177ELF", 4)) {
> +       if (memcmp(vdso_start, "\177ELF", 4)) {
>                 pr_err("VDSO is not a valid ELF object!\n");
>                 return -ENOEXEC;
>         }
>
> -       text_pages = (&vdso_end - &vdso_start) >> PAGE_SHIFT;
> -       pr_debug("vdso: %i text pages at base %p\n", text_pages, &vdso_start);
> +       text_pages = (vdso_end - vdso_start) >> PAGE_SHIFT;
> +       pr_debug("vdso: %i text pages at base %p\n", text_pages, vdso_start);
>
>         /* Allocate the VDSO text pagelist */
>         vdso_text_pagelist = kcalloc(text_pages, sizeof(struct page *),
> @@ -218,7 +220,7 @@ static int __init vdso_init(void)
>         for (i = 0; i < text_pages; i++) {
>                 struct page *page;
>
> -               page = virt_to_page(&vdso_start + i * PAGE_SIZE);
> +               page = virt_to_page(vdso_start + i * PAGE_SIZE);
>                 vdso_text_pagelist[i] = page;
>         }
>
> @@ -229,7 +231,7 @@ static int __init vdso_init(void)
>
>         cntvct_ok = cntvct_functional();
>
> -       patch_vdso(&vdso_start);
> +       patch_vdso(vdso_start);
>
>         return 0;
>  }
> --
> 1.9.1
>



-- 
Kees Cook
Pixel Security