On Thu, Apr 19, 2018 at 10:24 AM, Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote: > Currently STRUCTLEAK inserts initialization out of live scope of > variables from KASAN point of view. This leads to KASAN false > positive reports. Prohibit this combination for now. > > Signed-off-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx> > Cc: linux-mm@xxxxxxxxx > Cc: kasan-dev@xxxxxxxxxxxxxxxx > Cc: Fengguang Wu <fengguang.wu@xxxxxxxxx> > Cc: Sergey Senozhatsky <sergey.senozhatsky.work@xxxxxxxxx> > Cc: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx> > Cc: Kees Cook <keescook@xxxxxxxxxx> Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> I prefer this change over moving the plugin earlier since that ends up creating redundant initializers... Andrew, can you carry this (and possibly include it in bug-fixes for v4.17)? Thanks! -Kees > > --- > > This combination leads to periodic confusion > and pointless debugging: > > https://marc.info/?l=linux-kernel&m=151991367323082 > https://marc.info/?l=linux-kernel&m=151992229326243 > https://lkml.org/lkml/2017/11/30/33 > > Changes since v1: > - replace KASAN with KASAN_EXTRA > Only KASAN_EXTRA enables variable scope checking > --- > arch/Kconfig | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/arch/Kconfig b/arch/Kconfig > index 8e0d665c8d53..75dd23acf133 100644 > --- a/arch/Kconfig > +++ b/arch/Kconfig > @@ -464,6 +464,10 @@ config GCC_PLUGIN_LATENT_ENTROPY > config GCC_PLUGIN_STRUCTLEAK > bool "Force initialization of variables containing userspace addresses" > depends on GCC_PLUGINS > + # Currently STRUCTLEAK inserts initialization out of live scope of > + # variables from KASAN point of view. This leads to KASAN false > + # positive reports. Prohibit this combination for now. > + depends on !KASAN_EXTRA > help > This plugin zero-initializes any structures containing a > __user attribute. This can prevent some classes of information > -- > 2.17.0.484.g0c8726318c-goog > -- Kees Cook Pixel Security
