Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1328113pxk; Thu, 10 Sep 2020 12:37:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwuKa/LP5gSW/f0jjQOZvoSB3TS2gcWCfXcdQXuNUBrWNdq6pcuKTNN8fv8L685+Po0g+Pm X-Received: by 2002:a17:906:4c89:: with SMTP id q9mr10992110eju.290.1599766632869; Thu, 10 Sep 2020 12:37:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599766632; cv=none; d=google.com; s=arc-20160816; b=xWKdPMlVOzR0PJtpyP+N6JmRj9Zl91BF/ley41lXLRjKfs3M1fjTsnr73Jwj/z+TlL hKEGX/xh0eNyjdMgjR4iamTpFIjByxweDF3ZQOrXKduHyheyvAV80nc95d7dKxsNyRJs XDfol+BlS9kUaBhaE9deKwuYr62aTsxfeGqv5dY6PYgg8RJA2H64mJng7x0g8ix3AbaG 60d17wzBRQ1DHILb6qt0BVxS+RA+ycU/qVWJMExtdwck039xlwjeCtSVkwnh8pMnLmMa Zi+OTF94+r9bBlyypAl/qTWFby2Nvh9GgOEKBJlPRChIdLDUHOlhq/KvNJ8PCRct3wHG pVQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=n5g2VKT0NX2V9vUtFME4ZGEhrr3w5KhEAQNj+WuBjkQ=; b=ECESUjob2rr/GvulvNK6k/isVhzP7WYos0Cyvp3lxvAwgIk59gSaGl0SOGlc9ACEzd IBO/8Or8IAvFWX0Vjk8vvH6enh8qCrAAG0m3j+AFUaRcSOjF2A44hjiRjO7A0uM8Ue8W 5h3/EBxDmxe7uxybn3d+9cWKItvh5pcT7AlecaoTIPt9JM4AUsNXrLDdVmRsPtFjB5zV KunoJNvjCQ9hShWbjqNTjb8sqsL1ZjPVE/EFO+qKZnL74bCaJDZYzIta39oa4C2xrfp9 9jPthSB5h1EKMUS5BmYkZOtVRKEgU5la66NgR5PyKg9OtnzseAjpHmj84tDDLVfmFAKW Ld6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=eRaklC5d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y8si4325182edv.438.2020.09.10.12.36.50; Thu, 10 Sep 2020 12:37:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=eRaklC5d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727837AbgIJTgS (ORCPT + 99 others); Thu, 10 Sep 2020 15:36:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47698 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726769AbgIJTgB (ORCPT ); Thu, 10 Sep 2020 15:36:01 -0400 Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com [IPv6:2a00:1450:4864:20::541]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 149E2C061796 for ; Thu, 10 Sep 2020 12:35:50 -0700 (PDT) Received: by mail-ed1-x541.google.com with SMTP id l17so7500327edq.12 for ; Thu, 10 Sep 2020 12:35:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=n5g2VKT0NX2V9vUtFME4ZGEhrr3w5KhEAQNj+WuBjkQ=; b=eRaklC5d1OINOyJjswenVydz4ubWff2ZOHUDzyUYBYlhwIvLhATs7LPbmS8S82Z4lp dBBLs23oLG1A+i+tpvyMGegBDoBUu7NJEunvws8RCEl+p7/XPm3dFQhGLP+zwto9hZ69 aTuANMTAwk4X7SoipEiYWxdEojWxpdVCrajzFV5zC/15j7GkeIt4P6Jdj5IAwzERgxWN ZzLU6B3a+nGAnbO9O6LclWovDfKhopwc3XhQQFjROWvXdnV2bLinzSsSbbGj/O/R6ge8 /TDkuxc9tcNX0yee/XK3UWd/vTfdgi+Ld7e39taLQmlJQPaajw1F4ds4WpnQlTzke6W7 lE1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=n5g2VKT0NX2V9vUtFME4ZGEhrr3w5KhEAQNj+WuBjkQ=; b=HGptNBRK32r90da8CZtu6hoLiIKWHtf+5pRN06cSqdcUXQG4N8xcFDVyX0S43zJdwA qHOFbPHYkTgXyx99NspguLJdIZXWI7+ajOemr+6nC4s91uPblqpogdD8MmV8ZfqEXQNk uUjOzKPuGmblsMmjfHwvmm2g3IgsSO7cU+nW9dWAmuhgsek8XowKLlKoKskX/OFRwDQw AVtI26XVwQpYpiCp5uijfgfgMJ24sLM+x4rMPlErHys5X25Mj8YLsVC/jFquRIybhqpW 4ER7tExnmoVar9I2io7qLTGzAHsHXtFrVYD/k9vxZLZB+1TNwG8+OzRWB/PT9Cy0nHn5 NF8g== X-Gm-Message-State: AOAM532qAGth+ro2vn3gaRjIJupWsr6wZEHbg2ufDqProgKFC3Yv6Sm/ dqhGro9WLD4d+1oB1+wz6eAdkfbuwKjrrBIJeiCXtjUolw8= X-Received: by 2002:aa7:c554:: with SMTP id s20mr11006793edr.230.1599766548307; Thu, 10 Sep 2020 12:35:48 -0700 (PDT) MIME-Version: 1.0 References: <20200910134802.3160311-1-lenaptr@google.com> In-Reply-To: <20200910134802.3160311-1-lenaptr@google.com> From: Jann Horn Date: Thu, 10 Sep 2020 21:35:22 +0200 Message-ID: Subject: Re: [PATCH] sched.h: drop in_ubsan field when UBSAN is in trap mode To: Elena Petrova Cc: Kernel Hardening , kernel list , Kees Cook , Andrew Morton Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 10, 2020 at 3:48 PM Elena Petrova wrote: > in_ubsan field of task_struct is only used in lib/ubsan.c, which in its > turn is used only `ifneq ($(CONFIG_UBSAN_TRAP),y)`. > > Removing unnecessary field from a task_struct will help preserve the > ABI between vanilla and CONFIG_UBSAN_TRAP'ed kernels. In particular, > this will help enabling bounds sanitizer transparently for Android's > GKI. The diff looks reasonable to me, but I'm curious about the justification in the commit message: Is the intent here that you want to be able to build a module without CONFIG_UBSAN and load it into a kernel that is built with CONFIG_UBSAN? Or the inverse? Does this mean that in the future, gating new exported functions, or new struct fields, on CONFIG_UBSAN (independent of whether CONFIG_UBSAN_TRAP is set) will break Android? If you really want to do this, and using alternatives to patch out the ubsan instructions is not an option, I wonder whether it would be more reasonable to at least add a configuration where CONFIG_UBSAN is enabled but the compiler flag is not actually set. Then you could unconditionally build that android kernel and its modules with that config option, and wouldn't have to worry about structure size issues, dependencies on undefined symbols and so on.