Re: [GIT PULL] gcc-plugins updates for v4.13-rc1
From: Ard Biesheuvel
Date: Wed Jul 05 2017 - 18:27:43 EST
On 5 July 2017 at 22:56, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Wed, Jul 5, 2017 at 2:48 PM, Arnd Bergmann <arnd@xxxxxxxx> wrote:
>>
>> This particular example should be handled by
>> scripts/gcc-plugins/structleak_plugin.c, right?
>
> .. probably. But we have a ton of other uses that just pass in
> "result" pointers (not structs), which admittedly don't have the
> padding issue, but do have the exact same issue otherwise.
>
> We have those random "initialize to zero by hand", and I wouldn't
> actually worry about most of the common cases. KASAN will find them
> anyway.
>
> It tends to be the random odd ioctl-like things that nobody finds
> because it's only uninitialized for some silly error case that never
> triggers (or some unusual driver that needs to be loaded).
>
So it seems to me that what sets your example apart is that the
address of an automatic variable is taken and passed to a function
whose implementation may live in another compilation unit. So this
goes beyond any inferences the compiler makes from the possible code
flow about undefined behavior etc.
The compiler already keeps track of which auto variables have their
address taken, so it shouldn't be /that/ hard to come up with a plugin
that zero initializes such variables before their address is taken if
no such initialization is included in the code.