Re: [PATCH 4/4] fortify: Use __builtin_dynamic_object_size() when available

From: Siddhesh Poyarekar
Date: Wed Sep 21 2022 - 07:43:50 EST

Next message: Matti Vaittinen: "[RFC PATCH 2/5] regulator: Add devm helpers for get and enable"
Previous message: Matti Vaittinen: "[RFC PATCH 1/5] regulator: Add devm helpers for get and enable"
In reply to: Miguel Ojeda: "Re: [PATCH 4/4] fortify: Use __builtin_dynamic_object_size() when available"
Next in thread: Kees Cook: "Re: [PATCH 4/4] fortify: Use __builtin_dynamic_object_size() when available"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2022-09-20 15:22, Kees Cook wrote:

Since the commits starting with c37495d6254c ("slab: add __alloc_size
attributes for better bounds checking"), the compilers have runtime
allocation size hints available in some places. This was immediately
available to CONFIG_UBSAN_BOUNDS, but CONFIG_FORTIFY_SOURCE needed
updating to explicitly make use the hints via the associated
__builtin_dynamic_object_size() helper. Detect and use the builtin when
it is available, increasing the accuracy of the mitigation. When runtime
sizes are not available, __builtin_dynamic_object_size() falls back to
__builtin_object_size(), leaving the existing bounds checking unchanged.

I don't know yet what the overhead is for __builtin_dynamic_object_size vs __builtin_object_size, were you able to measure it somehow for the kernel? If there's a significant tradeoff, it may make sense to provide a user override.

Thanks,
Sid

Next message: Matti Vaittinen: "[RFC PATCH 2/5] regulator: Add devm helpers for get and enable"
Previous message: Matti Vaittinen: "[RFC PATCH 1/5] regulator: Add devm helpers for get and enable"
In reply to: Miguel Ojeda: "Re: [PATCH 4/4] fortify: Use __builtin_dynamic_object_size() when available"
Next in thread: Kees Cook: "Re: [PATCH 4/4] fortify: Use __builtin_dynamic_object_size() when available"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]