Received: by 10.192.165.148 with SMTP id m20csp3390878imm; Mon, 23 Apr 2018 05:55:23 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/HuUj8t5CrobOufeQWoeCddMESl5jH7WW2OgzzmyskRHdDw0t1dRxojP4pLzWijkf3fQHq X-Received: by 2002:a17:902:5ac1:: with SMTP id g1-v6mr8397980plm.43.1524488123636; Mon, 23 Apr 2018 05:55:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524488123; cv=none; d=google.com; s=arc-20160816; b=OlOHrv0RqF4KrQelGTi2DVQ0sbwk5AKUn/kG84iZLj6AtckerzZG2iM4Nczj76N2YL fFP8Ul227FEq9c+dobQqXvgmxjOJEU2tPOdQcMkKAxbiLmcuZsO513HL61mbZqcHD43Z opDxDGQ+Fz6CPoAGHpBb9HR6wcwGGt2Oal8KvDjpMDMasuN+kTIlARPjjSv5vXoBAEB4 ULuw+SgI1vR2gmBzo+LMlYzuX8sxo7qGFqC5ivfyN08B3Gdq+xrAon0gMRD9uzoVBFNb XF3y5rNwH0tWiEfIdPCMxfgb5eFM9e+3B5MPuADVCQIipUc72eBGUYvorBzO4cFKxDKw 8jXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=VeadtYhrWk1PZvFaQOEhr0vGPTxPNSPHbzMvlKQs4/I=; b=y3UpA+3seCRU3m8+8NJeGBi5cjWIhEsXqm9nXSQLQGH281QDk4o4hlECtgenGztnOE jgkgQxKaSI5rp7HE0HABYfZwgq3E9lPUoTQb/4Ce/tXC5IzGLIphWr1vr1PfIs5d07j5 DhvAA3VQs4aG3gLnvnuUsSa4LDNG/T1U4NtXUoUhzFMUxXR3iPlpQKjVYZp/nbtxcclp jlEX61wkI+dsGRdzEOpcIjP/pDU1fWjERChBmvr5j1Ubx+dhy8dU4gcf5v2Zvl+61yN5 EJo307Bdub2hyjt7wIopwTiuA5b/UeemWp+xabBKfCr/dFQGAWcDc1Lyo3sjZ6xyX+Jn L6CQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=hZvQBzjq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k2-v6si11622827plt.406.2018.04.23.05.55.09; Mon, 23 Apr 2018 05:55:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=hZvQBzjq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754977AbeDWMx6 (ORCPT + 99 others); Mon, 23 Apr 2018 08:53:58 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:37398 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754931AbeDWMx5 (ORCPT ); Mon, 23 Apr 2018 08:53:57 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w3NCkZoE096094; Mon, 23 Apr 2018 12:53:22 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=corp-2017-10-26; bh=VeadtYhrWk1PZvFaQOEhr0vGPTxPNSPHbzMvlKQs4/I=; b=hZvQBzjqHnslgFCcync2ms/qwuvyGgx1rT60amxjqU9CfxANLLT4FLRzSD1YdmVB8QVj r/kKi7m4mz9xB6AKcTAg/h/eT1ELZTkj7j2Lc/QyQ71kTb/Fp2+ZyfMI11RpSFfEZs9r jFOH5IbXLU95SnzD46Vy5pTUfdUOdyN62pCgK076g44Dyc+8Yd/tbjS19xX2I3mjBMxP yckYVNpV7Yvs9RUguyix71brPkHqyAbOo+MdlWB7TuGUXwRVj434Ta8hnmZsAFNhx/U5 IpuzHlMEkWmILx7U1NcpwmYoS1J0tEeB7wAB5++lwg4ikWE97zLpc/OkaHobmXa9moZc ww== Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp2130.oracle.com with ESMTP id 2hfvrbn2jj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Apr 2018 12:53:22 +0000 Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w3NCrMIF019509 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Apr 2018 12:53:22 GMT Received: from abhmp0011.oracle.com (abhmp0011.oracle.com [141.146.116.17]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w3NCrLeD016249; Mon, 23 Apr 2018 12:53:21 GMT Received: from mwanda (/197.254.35.146) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 23 Apr 2018 05:53:20 -0700 Date: Mon, 23 Apr 2018 15:53:07 +0300 From: Dan Carpenter To: Mark Rutland Cc: linux-kernel@vger.kernel.org, Peter Zijlstra , "Gustavo A. R. Silva" Subject: Re: Smatch check for Spectre stuff Message-ID: <20180423125307.fpqn5shjq3rpsyx3@mwanda> References: <20180419051510.GA21898@mwanda> <20180420124750.fgwrsyhuqd26mj34@lakrids.cambridge.arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180420124750.fgwrsyhuqd26mj34@lakrids.cambridge.arm.com> User-Agent: NeoMutt/20170609 (1.8.3) X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8871 signatures=668698 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1804230133 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 20, 2018 at 01:47:51PM +0100, Mark Rutland wrote: > > What the test does is it looks at array accesses where the user controls > > the offset. It asks "is this a read?" and have we used the > > array_index_nospec() macro? If the answers are yes, and no respectively > > then print a warning. > > > > http://repo.or.cz/smatch.git/blob/HEAD:/check_spectre.c > > I just built this and threw it at v4.17-rc1, but I'm having problems > with the build_kernel_data.sh step. > > I get an error: > > DBD::SQLite::db do failed: unrecognized token: "'end + strlen(" > " at ../smatch/smatch_scripts/../smatch_data/db/fill_db_sql.pl line 32, line 294127. > > ... in my smatch_warns.txt I see that I have the lines: > > net/netfilter/nf_conntrack_sip.c:1524 sip_help_tcp() SQL: insert or ignore into constraints (str) values('end + strlen("^M > ^M > ")'); > > ... and the corresponding line in that file is: > > for (; end + strlen("\r\n\r\n") <= dptr + datalen; end++) { > > ... so I guess there's some dodgy escaping somewhere? > > I only see a small number of potential spectre issues reported: Yeah... Sorry. I will fix that. It doesn't affect anything unless someone starts to add SQL injection strings to the kernel but it's not the right thing. > > [mark@lakrids:~/src/linux]% grep 'potential spectre' smatch_warns.txt > block/scsi_ioctl.c:460 sg_scsi_ioctl() warn: potential spectre issue 'scsi_command_size_tbl' > kernel/sys.c:1474 __do_compat_sys_old_getrlimit() warn: potential spectre issue 'get_current()->signal->rlim' (local cap) > kernel/sys.c:1455 __do_sys_old_getrlimit() warn: potential spectre issue 'get_current()->signal->rlim' (local cap) > sound/core/pcm.c:140 snd_pcm_control_ioctl() warn: potential spectre issue 'pcm->streams' (local cap) > net/compat.c:851 __do_compat_sys_socketcall() warn: potential spectre issue 'nas' (local cap) > net/ipv6/syncookies.c:129 __cookie_v6_check() warn: potential spectre issue 'msstab' > net/ipv6/udp.c:214 __udp6_lib_lookup() warn: potential spectre issue 'udptable->hash2' > net/socket.c:2518 __do_sys_socketcall() warn: potential spectre issue 'nargs' (local cap) > net/netfilter/nfnetlink.c:386 nfnetlink_rcv_batch() warn: potential spectre issue 'ss->cb' > net/netfilter/nf_nat_sip.c:371 nf_nat_sip_expect() warn: potential spectre issue 'ct->tuplehash' > net/core/net-procfs.c:262 ptype_seq_next() warn: potential spectre issue 'ptype_base' > net/core/dev.c:392 ptype_head() warn: potential spectre issue 'ptype_base' > net/ipv4/ipmr.c:1608 ipmr_ioctl() warn: potential spectre issue 'mrt->vif_table' (local cap) > net/ipv4/ipmr.c:1682 ipmr_compat_ioctl() warn: potential spectre issue 'mrt->vif_table' (local cap) > net/ipv4/syncookies.c:201 __cookie_v4_check() warn: potential spectre issue 'msstab' > net/ipv4/udp.c:478 __udp4_lib_lookup() warn: potential spectre issue 'udptable->hash2' > ipc/sem.c:2075 do_semtimedop() warn: potential spectre issue 'sma->sems' > drivers/ata/libahci.c:1146 ahci_led_store() warn: potential spectre issue 'pp->em_priv' (local cap) > drivers/ptp/ptp_chardev.c:252 ptp_ioctl() warn: potential spectre issue 'ops->pin_config' (local cap) > drivers/gpu/drm/drm_bufs.c:1420 drm_legacy_freebufs() warn: potential spectre issue 'dma->buflist' (local cap) > drivers/gpu/drm/i915/i915_query.c:115 i915_query_ioctl() warn: potential spectre issue 'i915_query_funcs' > drivers/hid/usbhid/hiddev.c:473 hiddev_ioctl_usage() warn: potential spectre issue 'report->field' (local cap) > drivers/hid/usbhid/hiddev.c:477 hiddev_ioctl_usage() warn: potential spectre issue 'field->usage' (local cap) > drivers/hid/usbhid/hiddev.c:519 hiddev_ioctl_usage() warn: potential spectre issue 'field->value' (local cap) > drivers/hid/usbhid/hiddev.c:757 hiddev_ioctl() warn: potential spectre issue 'report->field' (local cap) > drivers/hid/usbhid/hiddev.c:801 hiddev_ioctl() warn: potential spectre issue 'hid->collection' (local cap) > drivers/tty/vt/keyboard.c:1871 vt_do_kdsk_ioctl() warn: potential spectre issue 'key_map' > drivers/tty/vt/vt_ioctl.c:711 vt_ioctl() warn: potential spectre issue 'vc_cons' > > ... so I assume I've misunderstood how to use smatch. :) > The thing is say we get user data in one function then pass it to the next and the next down the call tree... Smatch is only building one layer of the call tree when you build the DB. So you have to rebuild a bunch of time (like 3 or maybe 5) each time you rebuild the DB. Normally, I rebuild the DB every day so it just accretes. regards, dan carpenter