Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp1330013ybg; Thu, 4 Jun 2020 07:07:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzFhcAETpXwlj/I5AxVyFymJlSvGIKphYDhWIAJHv8CwTVqr5rk9iq2DoLjypGv6RfOprdM X-Received: by 2002:a50:f087:: with SMTP id v7mr4377719edl.225.1591279626526; Thu, 04 Jun 2020 07:07:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591279626; cv=none; d=google.com; s=arc-20160816; b=aDXPbtE9Su6cik5mht0wO9//ZIFC3C0Ujpx9L0q+mQm0ZJHe4yC3HyTpSco5Eohrxt z0IYd4+AsQjQP0cuwYEeV51awg1LfqelbyU4mwtB3G9qCSZDljeRsPwTGrqDyj/oSVkh pqpSn4GCcvF+GywQbyJwFf4aDl4jGEVKFsgg+HNhRnO/tp6HL9/WOWAmPxSeCj1732B2 U6g92RM2OwU+FGwtvefGFQ6CEMr7URTckbsyUn38lVPtPYLMDbMpC8J3i5H0wcF9s6N9 i1I2cUjUXnvH4G0hIyUdCoPVqE6MXpOkFNCpcOXCHQvyfljUt8G2lI4zA97srQl09Mnq c48A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=RyahCwj7GWFMqqvRbPUi/TlPiAHD4KqpSE60TAEaL9A=; b=JNXI5vfY1+kwmUxVPNjcJuCIejDIvU2b9YTlKMlIdWoqfHVw5mNR6GtxVvM8JWVc1I 8QHGu/SwFYtYX4zSt9Jtw5Z0dY4Qs56DB4Wv9YHlHTph2FaMy51nThFt5ZGbTbGzs/AC b3MPcZnA7lnRf1UdMHzJNz+wcXMy4R3epCSZh8Ubu0f82LW8WKC0P8b0ROd6xJFQWxk6 XvX7KZf5Ye1iue4RD2TA48nQ1GAAkYkznu6QTMGClHZNlUuwHln0qbwEfrjVe9EQZzsB sTxMJSyyrWVKM4pEBWsx+z7dDaaZFvQwlcHnOkas36aTCb69cxhq/oid9pxfVvWiWYSV TKcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=gjHkdzUM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b19si1531982edr.258.2020.06.04.07.06.43; Thu, 04 Jun 2020 07:07:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=gjHkdzUM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728747AbgFDOCA (ORCPT + 99 others); Thu, 4 Jun 2020 10:02:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728679AbgFDOCA (ORCPT ); Thu, 4 Jun 2020 10:02:00 -0400 Received: from mail-lf1-x144.google.com (mail-lf1-x144.google.com [IPv6:2a00:1450:4864:20::144]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 547D6C08C5C1 for ; Thu, 4 Jun 2020 07:02:00 -0700 (PDT) Received: by mail-lf1-x144.google.com with SMTP id 82so3669139lfh.2 for ; Thu, 04 Jun 2020 07:02:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RyahCwj7GWFMqqvRbPUi/TlPiAHD4KqpSE60TAEaL9A=; b=gjHkdzUMhdyHJkapNYoxi9E/bvX0FBFiSvfqIhYHEmYQTT7TsTNlVhAesWRAL7isYP lsna+Fr7cHbRtH48eiLL8jfUvf8a5+6nuqcuxFZt/wGr1wGuhifGi+ylwfCLPZBAO82I Q3OvNuGkRmpIli8heThK0uGKWFAxsAIWwF1U54EWDKNOJlKtVaXqUX+JzWrUVavBKvqB iFXYlKgXAdF4Q95WyKBxD8X1AdyHA5WeZRKC8nk2uz5BDKsKTZl+l3QGpqv+NeShBwcv eMXXQFW75HJDx5wd1ToS/HhRrjtFKP+7hSfuFsfKEYeHvp1RvkiP5BS3ZElqqVJpanMo 9Pig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RyahCwj7GWFMqqvRbPUi/TlPiAHD4KqpSE60TAEaL9A=; b=eZBI9r8RJ0PleUWTa6TNHkiGEuu3dVfvtCeMWDfp64NSPQpyGyzGIxa766GTWRFcmG CIRZfFPjO5kIdYYwau94EyEInZgIl3sfJgW7RKhc3sa8D5E1tQzI31maV3e2zgqkrzd4 SBfO8C836XzGMzoh02tCmam2YJMaep6ovdUFjBEE9C40yL2fAGsctjfUJ+i4cF51+Eog KwaDvqYpE/OZVhaQMYFvgp3emxV1JIeAFFOdWooKZrkDzcavf07bSqRkBApppjw+llvA OVjYQfTw2i43VERTtuFiHPPcReMsoZ4nWRdC4VKrZS2PhzXBG/XcRJmRWXiwcqwmMYLb tUrA== X-Gm-Message-State: AOAM531KVRQQEdzGfBTHzYEfFxVuIwqBOMD317wUXO8j6v+Kw76flPJR vXAonn+JZG70XnRhwyKna88D4JPkMIa094veFZxNxw== X-Received: by 2002:a19:cb92:: with SMTP id b140mr2706702lfg.63.1591279318209; Thu, 04 Jun 2020 07:01:58 -0700 (PDT) MIME-Version: 1.0 References: <20200604134957.505389-1-alex.popov@linux.com> <20200604134957.505389-2-alex.popov@linux.com> In-Reply-To: <20200604134957.505389-2-alex.popov@linux.com> From: Jann Horn Date: Thu, 4 Jun 2020 16:01:30 +0200 Message-ID: Subject: Re: [PATCH 1/5] gcc-plugins/stackleak: Exclude alloca() from the instrumentation logic To: Alexander Popov , Kees Cook , Elena Reshetova Cc: Emese Revfy , Miguel Ojeda , Masahiro Yamada , Michal Marek , Andrew Morton , Masahiro Yamada , Thiago Jung Bauermann , Luis Chamberlain , Jessica Yu , Sven Schnelle , Iurii Zaikin , Catalin Marinas , Will Deacon , Vincenzo Frascino , Thomas Gleixner , Peter Collingbourne , Naohiro Aota , Alexander Monakov , Mathias Krause , PaX Team , Brad Spengler , Laura Abbott , Florian Weimer , Kernel Hardening , linux-kbuild@vger.kernel.org, "the arch/x86 maintainers" , Linux ARM , kernel list , gcc@gcc.gnu.org, notify@kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 4, 2020 at 3:51 PM Alexander Popov wrote: > Some time ago Variable Length Arrays (VLA) were removed from the kernel. > The kernel is built with '-Wvla'. Let's exclude alloca() from the > instrumentation logic and make it simpler. The build-time assertion > against alloca() is added instead. [...] > + /* Variable Length Arrays are forbidden in the kernel */ > + gcc_assert(!is_alloca(stmt)); There is a patch series from Elena and Kees on the kernel-hardening list that deliberately uses __builtin_alloca() in the syscall entry path to randomize the stack pointer per-syscall - see .