Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2965302imu; Sun, 9 Dec 2018 13:48:33 -0800 (PST) X-Google-Smtp-Source: AFSGD/VJYizc2NEdz7lnR6KlvKTzAwMKiGFhbwsoepPsvL/XivGNZ2dG22uj7HjubIFvLxZSnzUx X-Received: by 2002:a62:2f06:: with SMTP id v6mr10176924pfv.216.1544392113758; Sun, 09 Dec 2018 13:48:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544392113; cv=none; d=google.com; s=arc-20160816; b=sXZ16wm1NowfQC3tz1/4I+lt43Yeb9gTsOVHiRO/GxF/W3XvrXXmMVBU9RnJNJFjHV 11pFtBOq+WU9kl2GSB9nLvK5qwSuXwSanjnti443DWje1ZXBVmhMnH7JFZT2RK51XpPC OHigb7GzGMu3C3f3KkpkUe0KZdzIES5qg2X4PIOtFXKMdeT7NFPk+7+QGDc5u5aawd4m sox8tihC3CaFz8qLYUMkA68FsJaD5ZQ/GJoNnIihgm2/1PpSTs3TP96olfXUsx5tjxDt 0L3ns9cEk9fIDe4DGoo2A4urylSxTquHGOSDdDA82GgJndiEs3/S1oyNDUYhjAYdW50T M3ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=i1EW9GYJoDe3ITs0m5JnTv13/K8KdXX7W7EbI3rCi2I=; b=zkDLj/R1FPHfLaJWWx3TdM3JiSMGsUmSWBjd9eGPqaNFmOrdstX5oCoUy4Balui2NI 56P3z/Mk8Z/HvMexrkjiVpcE/qht+/lLmJZK/sEcTtxPMMGMPv0DWyhH3OTTqH1iQIvK NQitfSr9rR+o+/e4aHsuEhL/+DT+Zcd79jVXKE4D+lUFdfZZ4v2fe81pKRjgG2nOMv4q /cI0Z56EeNeRMqsu6Co5Z70kmHUz6z8PC+HVO6+0bg7NbPD9us67Dqprxs24Nf1iZu9O SPuNpQIC3ve1t7wEU1ar3M9a/pmS7sjKUltPiq6qZVeTjpCuvSZ5WDZArYsmEivkuLuV 1ECg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v7si8428130plz.250.2018.12.09.13.48.18; Sun, 09 Dec 2018 13:48:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726295AbeLIVqC (ORCPT + 99 others); Sun, 9 Dec 2018 16:46:02 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:38816 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726194AbeLIVqC (ORCPT ); Sun, 9 Dec 2018 16:46:02 -0500 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.91 #2 (Red Hat Linux)) id 1gW6tk-0000fV-G1; Sun, 09 Dec 2018 21:46:00 +0000 Date: Sun, 9 Dec 2018 21:46:00 +0000 From: Al Viro To: Tycho Andersen Cc: linux-sparse@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org Subject: Re: [RFC v1] copy_{to,from}_user(): only inline when !__CHECKER__ Message-ID: <20181209214600.GC2217@ZenIV.linux.org.uk> References: <20181209204449.18906-1-tycho@tycho.ws> <20181209210220.GB2217@ZenIV.linux.org.uk> <20181209212523.GE30796@cisco> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181209212523.GE30796@cisco> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Dec 09, 2018 at 02:25:23PM -0700, Tycho Andersen wrote: > > Which sparse checks do not trigger? Explain, please - as it is, I had been > > unable to guess what could "specifically looks for a call instruction" refer > > to. > > In sparse.c there's check_call_instruction(), which is triggered when > there's an instruction of OP_CALL type in the basic block. This simply > compares against the name of the call target to determine whether or > not to call check_ctu(). Oh, that Linus' experiment with "look for huge constant size argument to memcpy() et.al."? Frankly, it's not only the wrong place to put the checks, but breaking inlining loses the _real_ "known constant size" checks in there. I don't know if the check_ctu thing has ever caught a bug... What kind of checks do you want to add? Because this place is almost certainly wrong for anything useful... If anything, I would suggest simulating this behaviour with something like if (__builtin_constant_p(size) && size > something) /* something that would trigger a warning */ _inside_ copy_from_user()/copy_to_user() and to hell with name-recognizing magic...