Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp3839img; Thu, 28 Feb 2019 13:56:01 -0800 (PST) X-Google-Smtp-Source: APXvYqxGGXJUCAxgcxrBpwo0/ySGMUwszpW60a81BYGV7NAk01NYn8lEZ9YaOFYzJXjZ8vzs85e3 X-Received: by 2002:a63:144:: with SMTP id 65mr1409166pgb.38.1551390961591; Thu, 28 Feb 2019 13:56:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551390961; cv=none; d=google.com; s=arc-20160816; b=SfMGE7kv2bXPcPmns0AvS2GTdBvZi6g88BAmnhtmw6V3MmL+18Q2Pq6l5KjQVLfa0G GzKhDsaUQCkqJ9j0oLDlPJFLzmsPf21949n6PsjAY5lKLOneqY7AOP5bZQG6y5IjXzwJ Mlg0kDhefTmnivbBrYyzGsAWWXd0DSsv909+O0egQS4zvj8WQSQ6xraAD0pe97P8sHys +z5qDnxPg2l36h28IQM9fRsTLhaVXMssq5iBKA859JCEIjwJOwbQkZWMPiHVgqE/Kiov 7X2eU0fsQQW1fZsqUKpYHdgKVrzkW0K0yVadjLBI8sK74cu1hQV2NyhpN8O389gmQOby mD/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=stBWwMqpBSCGcZFqSFF0JHMo+oJlyyG8lS4bB2+/gWU=; b=gC0yA6DwrKLEe66IPn9ejE7oBLelW1p1oAbJrBq+D7fn9UgbGtrR2LTKRWd+zWZMBE tvFJMK5KI6iugDbuN2okkrdzT3cpmuzX1cMlVvMAu1MHdnUeXCvx5SyFlMAXTwmyT9k1 LXWATXZVaVSepHIjz48gAO4+t7O2H6tZOe6fcFXgr5Zo52qIrhAEMHZ4fAoWlKti9kcu O+Gp1gi8U4EBbvZhfjmL5eWoVuGuO6eiF1FsS8Cd8u4hEj0h55Q3vCG9XJktPjGhI4SD YqJpLlqwTQuimNtki9J/AFS8CQwsX+cRXLNyfuQj4xxt8qzhpz0/2AOVXpHlEAorQuba Mx/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b20si18556633pls.193.2019.02.28.13.55.46; Thu, 28 Feb 2019 13:56:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387691AbfB1U1b (ORCPT + 99 others); Thu, 28 Feb 2019 15:27:31 -0500 Received: from mail-qt1-f193.google.com ([209.85.160.193]:42123 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732602AbfB1U11 (ORCPT ); Thu, 28 Feb 2019 15:27:27 -0500 Received: by mail-qt1-f193.google.com with SMTP id u7so15936999qtg.9 for ; Thu, 28 Feb 2019 12:27:26 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=stBWwMqpBSCGcZFqSFF0JHMo+oJlyyG8lS4bB2+/gWU=; b=JU+n5rg/1u1JPT0PbELcIA6tpA6P1/uPlDiLo2YLCWvzSB5lVik/IATH2rIwBTSinR 0TTizO5mPjEeh72WM9+kdMz/v8t+4SArm99IgH/Rfaab1AtBvA/oDjT6QQTFlGVeLSGc azRiuRGAPM+EMxlYHiaaLQiKsQBS+rvYpxJCNEX3vRtz/Fr4Ys7BSO5vorqI7MvZbibg VIAwEUOIUbW6PACwgr6EbSxT1kgraiRVeE7yWO8Qingd8g5+5fgK//HCApOnAVU5U5AG wRCxAoMuxn/y7y5AjxLjsbcPV4C5eSCojlzvwGmY9WriiMTJB3EaV73JA55OStg5oCZw lOyw== X-Gm-Message-State: APjAAAVm3ICwJTdPpooiF8BdyH5Ou4+Tn2GmkkxQdLlEJ4GWA16tjsd2 GP8BE2MYK+fQvR+sdOqy0RCOxMdPotfIN3lNS9w= X-Received: by 2002:a0c:81ee:: with SMTP id 43mr876035qve.180.1551385646079; Thu, 28 Feb 2019 12:27:26 -0800 (PST) MIME-Version: 1.0 References: <20190212180441.15340-1-keescook@chromium.org> <20190212180441.15340-2-keescook@chromium.org> In-Reply-To: <20190212180441.15340-2-keescook@chromium.org> From: Arnd Bergmann Date: Thu, 28 Feb 2019 21:27:08 +0100 Message-ID: Subject: Re: [PATCH 1/2] gcc-plugins: structleak: Generalize to all variable types To: Kees Cook Cc: Linux Kernel Mailing List , Emese Revfy , Alexander Popov , Ard Biesheuvel , Laura Abbott , Jann Horn , Alexander Potapenko , Kernel Hardening Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 12, 2019 at 7:08 PM Kees Cook wrote: > > This adjusts structleak to also work with non-struct types when they > are passed by reference, since those variables may leak just like > anything else. This is exposed via an improved set of Kconfig options. > (This does mean structleak is slightly misnamed now.) > > Building with CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL should give the > kernel complete initialization coverage of all stack variables passed > by reference, including padding (see lib/test_stackinit.c). > > Using CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE to count added initializations > under defconfig: > > ..._BYREF: 5945 added initializations > ..._BYREF_ALL: 16606 added initializations > > There is virtually no change to text+data size (both have less than 0.05% > growth): I just resumed my randconfig build testing after a longer break, and found a regression for stack usage that I bisected to your change. It shows up in a variety of files depending on the configuration, so far the worst one is the configuration at https://pastebin.com/UK54qbKa that leads to ../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_start_search': ../drivers/media/dvb-frontends/stv090x.c:1595:1: error: the frame size of 5320 bytes is larger than 2048 bytes [-Werror=frame-larger-than=] ../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_optimize_track': ../drivers/media/dvb-frontends/stv090x.c:3090:1: error: the frame size of 5872 bytes is larger than 2048 bytes [-Werror=frame-larger-than=] ../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_algo': ../drivers/media/dvb-frontends/stv090x.c:3431:1: error: the frame size of 5144 bytes is larger than 2048 bytes [-Werror=frame-larger-than=] } At least for this specific file, I also see a significant (though not alarming) increase in code size: text data bss dec hex filename 179196 4632 256 184084 2cf14 obj-x86/drivers/media/dvb-frontends/stv090x-before.o 216740 4632 256 221628 361bc obj-x86/drivers/media/dvb-frontends/stv090x-after.o Part of the problem here is definitely interaction with the asan-stack sanitizer. Changing asan-stack=1 to asan-stack=0, it looks a lot better: ../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_start_search': ../drivers/media/dvb-frontends/stv090x.c:1595:1: warning: the frame size of 120 bytes is larger than 20 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_optimize_track': ../drivers/media/dvb-frontends/stv090x.c:3090:1: warning: the frame size of 168 bytes is larger than 20 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c: In function 'stv090x_algo': ../drivers/media/dvb-frontends/stv090x.c:3431:1: warning: the frame size of 192 bytes is larger than 20 bytes [-Wframe-larger-than=] text data bss dec hex filename 184061 4632 256 188949 2e215 obj-x86/drivers/media/dvb-frontends/stv090x.o I get similar results with asan-stack=1 but without your plugin, only the combination of the two has the explosive stack size growth. I can help analyze this further, but maybe you can have a look first, there might be something obvious when you read the input to the plugin. Arnd