Re: [PATCH v2 07/10] fortify: Split reporting and avoid passing string pointer
From: Alexander Lobakin
Date: Thu Apr 20 2023 - 11:54:10 EST
From: Kees Cook <keescook@xxxxxxxxxxxx>
Date: Fri, 7 Apr 2023 12:27:13 -0700
> In preparation for KUnit testing and further improvements in fortify
> failure reporting, split out the report and encode the function and
> access failure (read or write overflow) into a single u8 argument. This
> mainly ends up saving some space in the data segment. For a defconfig
> with FORTIFY_SOURCE enabled:
[...]
> diff --git a/lib/string_helpers.c b/lib/string_helpers.c
> index 230020a2e076..96d502e1e578 100644
> --- a/lib/string_helpers.c
> +++ b/lib/string_helpers.c
> @@ -1021,10 +1021,27 @@ EXPORT_SYMBOL(__read_overflow2_field);
> void __write_overflow_field(size_t avail, size_t wanted) { }
> EXPORT_SYMBOL(__write_overflow_field);
>
> -void fortify_panic(const char *name)
> +#define MAKE_FORTIFY_FUNC_NAME(func) [MAKE_FORTIFY_FUNC(func)] = #func
> +
> +static const char * const fortify_func_name[] = {
> + EACH_FORTIFY_FUNC(MAKE_FORTIFY_FUNC_NAME)
> +};
> +
> +void __fortify_report(const u8 reason)
> +{
> + const u8 func = FORTIFY_REASON_FUNC(reason);
> + const bool write = FORTIFY_REASON_DIR(reason);
Nano-nit: RCT style here :s
> + const char *name;
> +
> + name = fortify_func_name[min_t(u8, func, FORTIFY_FUNC_UNKNOWN)];
> + WARN(1, "%s: detected buffer %s overflow\n", name, str_read_write(!write));
> +}
> +EXPORT_SYMBOL(__fortify_report);
> +
> +void __fortify_panic(const u8 reason)
> {
> - pr_emerg("detected buffer overflow in %s\n", name);
> + __fortify_report(reason);
> BUG();
> }
> -EXPORT_SYMBOL(fortify_panic);
> +EXPORT_SYMBOL(__fortify_panic);
> #endif /* CONFIG_FORTIFY_SOURCE */
[...]
There's also a small build warning issue. Apart from that, I like how it
does look now, thanks!
Reviewed-by: Alexander Lobakin <aleksander.lobakin@xxxxxxxxx>
Thanks,
Olek