From patchwork Tue Dec 4 18:23:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Hackmann X-Patchwork-Id: 1007784 X-Patchwork-Delegate: petr.vorel@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="cNcWWc21"; dkim-atps=neutral Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 438Vcj6bwsz9sBh for ; Wed, 5 Dec 2018 05:24:05 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 329F03E7687 for ; Tue, 4 Dec 2018 19:24:02 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-4.smtp.seeweb.it (in-4.smtp.seeweb.it [IPv6:2001:4b78:1:20::4]) by picard.linux.it (Postfix) with ESMTP id 4F8C63E717C for ; Tue, 4 Dec 2018 19:24:00 +0100 (CET) Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by in-4.smtp.seeweb.it (Postfix) with ESMTPS id A888010005F3 for ; Tue, 4 Dec 2018 19:23:59 +0100 (CET) Received: by mail-qk1-x74a.google.com with SMTP id j125so17259035qke.12 for ; Tue, 04 Dec 2018 10:23:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=7pUUlNxHlqaRg/25bGWyXW8U6LdmvCHfGtEbSyWIJTI=; b=cNcWWc21IRaF8/Y8CKuhudtpa72ktxYkev8d3sOp4SsQBqCoeby0K0MWPK2gunqfGR ZgG1/NCZnHqQrnIrBzPeHfhY16usqU3L3NMC04AJ3xZlN6N8PC6Y5HRaUzSRExww+jKY +AxZ90uT7DdZg2aEAAjkWdMiuss4WByhQyr481yrD0kL2sNGEA1sPfHlm94fIW773A2i KdN8D/FAp+QHtlysVK7baIO4qoW/Euii/dj/Ghkfq0vqRymUT5YabacBA15chj/PH+XL kAOtcwr7yPqhIDKpydq/Hz8LX70F6saDoe5kvCF4qnc9UgNWUAj7PHOh/860C+b1fwBd 3vjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=7pUUlNxHlqaRg/25bGWyXW8U6LdmvCHfGtEbSyWIJTI=; b=Qh4bE2pM4WT6FagZ1fSzf4sOHCSwZkyK6kvwrcKDRu0yjIvOkYdLkSF25/dOclsEpe CcQB/CfJDC+GVaCcmIjxeGkMKrr8H38oTYtwGE1Cg0n0/w9yr8ST7r76wc8zgMbr5+5c vcp+a7NasTmlDIDCdn6IuLTQH/zP4YlwBDTqW84a9p4clIpIVgVr1H+4anzqKay+g033 ZlGJVoJZKqGxtU0Nk08NyOCNsyLpuk1Y5Xhe1wWc9+S3f9+WfhI7m5eL91LmxmAVpzja KSMOw1fL6i7K8s5Z/aJwayPUULeW0EcjBO7F3YbUSS/67zZPXwcXCNrYhgZXxOi0YNrE sb/w== X-Gm-Message-State: AA+aEWaLITNNvIEj4I9IxvOc4urw3pMkuOI8mcfiMAbMlXCkaXszzqdH +Ww3D63ZwJZDirldL01mO1/c2OKnYgwYaPCQlJUuUyYH7itbe+ufaH/AFfh20BRiB4QB4NA7j87 DnMrsQX3Wc9BS1b/pFuDdmfIrwr6WzIO6yE/3tpHTP+BFznTN+D05YmzXgRmg4fhD X-Google-Smtp-Source: AFSGD/XF9gXPygmJ4Ra1NN7dCUMyd7cjQg4fRent3joM3Ayjcf8/YdFWeE8//iXa2TFt26+wuNk1b2yTGiwFthI= X-Received: by 2002:a0c:add8:: with SMTP id x24mr16483860qvc.16.1543947838150; Tue, 04 Dec 2018 10:23:58 -0800 (PST) Date: Tue, 4 Dec 2018 10:23:53 -0800 Message-Id: <20181204182353.86453-1-ghackmann@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.20.0.rc1.387.gf8505762e3-goog From: Greg Hackmann To: ltp@lists.linux.it X-Virus-Scanned: clamav-milter 0.99.2 at in-4.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=-7.4 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU, SPF_PASS, USER_IN_DEF_DKIM_WL autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-4.smtp.seeweb.it Cc: kernel-team@android.com Subject: [LTP] [PATCH] cve/stack_clash: inhibit test-breaking optimizations X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.18 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" stack_clash relies on the compiler doing fairly specific things with the stack pointer. We've run into a couple of places where clang optimized away the intended behavior: (1) exhaust_stack_into_sigsegv() tries to grow the stack via infinite recursion. Since this happens through a tail call, the compiler may transform this into an iterative equivalent which loops forever without growing the stack. -fno-optimize-sibling-calls explicitly blocks this optimization on both gcc and clang. (2) If preallocate_stack() is inlined, its ~1 MB stack frame may not be released until the parent function returns. This can cause the stack pointer to cross the stack guard in the middle of do_child(), before the SIGSEGV handler has actually been set up. Prevent this by marking the function noinline. Signed-off-by: Greg Hackmann --- testcases/cve/Makefile | 2 ++ testcases/cve/stack_clash.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/testcases/cve/Makefile b/testcases/cve/Makefile index 3a05dd4fe..6dc401cff 100644 --- a/testcases/cve/Makefile +++ b/testcases/cve/Makefile @@ -19,6 +19,8 @@ include $(top_srcdir)/include/mk/testcases.mk CFLAGS += -D_GNU_SOURCE +stack_clash: CFLAGS += -fno-optimize-sibling-calls + cve-2016-7042: LDLIBS += $(KEYUTILS_LIBS) cve-2016-7117: CFLAGS += -pthread diff --git a/testcases/cve/stack_clash.c b/testcases/cve/stack_clash.c index f25e19b3f..ac4a31af6 100644 --- a/testcases/cve/stack_clash.c +++ b/testcases/cve/stack_clash.c @@ -136,7 +136,7 @@ void dump_proc_self_maps(void) tst_run_cmd(cmd, NULL, NULL, 0); } -void preallocate_stack(unsigned long required) +void __attribute__((noinline)) preallocate_stack(unsigned long required) { volatile char *garbage;