I wrote a post: "Case study: Searching for a vulnerability pattern in the Linux kernel".
It's a funny story about #syzkaller, @Semmle @LGTM, Coccinelle and a "public 0day".https://a13xp0p0v.github.io/2019/08/10/cfu.html …
-
-
I double-checked and I was surprised to see that Coverity didn't see this issue. As
@tehjh pointed out, sparse has been warning about it for a while since it's a argument type violation (but with a constructed type). I wonder if we could trick gcc or clang into seeing it too.2 replies 0 retweets 1 like -
Replying to @kees_cook @a13xp0p0v and
It seems that gcc(version 6.5.0) ignore address_space attribute. And the kernel compiled without this attribute. So the types or decls do not have the information for compiler to do more check.
1 reply 0 retweets 0 likes -
Replying to @zerons_ @a13xp0p0v and
Actually, it seems Clang supports it! https://clang.llvm.org/docs/LanguageExtensions.html#memory-references-to-specified-segments … But it seems GCC does not. :( Comparison:https://godbolt.org/z/lYzuIJ
1 reply 0 retweets 0 likes -
Replying to @kees_cook @zerons_ and
yeah, clang actually has address space numbers intended for segment-based addressing, but IIRC if you try to actually build a clang x86 kernel with address_space attributes, stuff blows up in the kernel's percpu accessors
1 reply 0 retweets 0 likes -
Replying to @tehjh @kees_cook and
tools/clang/docs/LanguageExtensions.rst says that the GS segment is address space 256 and the FS segment is address space 257, so it should be possible to define __percpu to be __attribute__((address_space(...))) in the kernel's compiler header.
3 replies 0 retweets 3 likes -
Replying to @tehjh @kees_cook and
But clang doesn't seem to have a way to write something like "__attribute__((address_space(0))) typeof(blah)" where "blah" has a type with a different explicit address space (it errors out because of the conflicting address spaces), and some stuff like that.
2 replies 0 retweets 0 likes
so things like percpu_from_op() are messy to fix up
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.