security: fortify source and format string check #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"-O2 -D_FORTIFY_SOURCE=2": GCC C-Compiler can analyze the source code to be compiled and detect certain insecure sections, that might create a security problem. The compiler will replace the insecure function calls with special hardened code that will perform extra runtime checks while the process is executed. "-Wformat -Wformat-security": It warns about calls to "printf" and "scanf" functions where the format string is not a string literal and there are no format arguments, as in "printf (foo);". This may be a security hole if the format string came from untrusted input and contains %n. Change-Id: I3e6f5f48e308a52790b2fb654444b3c9acd9b434 Tracked-On: 224003 Signed-off-by: wenshelx <[email protected]> Reviewed-on: https://android.intel.com/618888
This was referenced Jan 6, 2020
Closed
This was referenced Aug 19, 2021
yonghuah
added a commit
to yonghuah/acrn-hypervisor
that referenced
this pull request
Feb 21, 2022
'mevent_lmutex' is initialized as default type attempting to recursively lock on this kind of mutext results in undefined behaviour. Recursively lock on 'mevent_lmutex' can be detected in mevent thread when user tries to trigger system reset from user VM, in this case, user VM reboot hang. The backtrace for this issue: projectacrn#1 in mevent_qlock () at core/mevent.c:93 projectacrn#2 in mevent_delete_even at core/mevent.c:357 ===>Recursively LOCK projectacrn#3 in mevent_delete_close at core/mevent.c:387 projectacrn#4 in acrn_timer_deinit at core/timer.c:106 projectacrn#5 in virtio_reset_dev at hw/pci/virtio/virtio.c:171 projectacrn#6 in virtio_console_reset at hw/pci/virtio/virtio_console.c:196 projectacrn#7 in virtio_console_destroy at hw/pci/virtio/virtio_console.c:1015 projectacrn#8 in virtio_console_teardown_backend at hw/pci/virtio/virtio_console.c:1042 projectacrn#9 in mevent_drain_del_list () at core/mevent.c:348 ===> 1st LOCK projectacrn#10 in mevent_dispatch () at core/mevent.c:472 projectacrn#11 in main at core/main.c:1110 So the root cause is: mevent_mutex lock is recursively locked by mevent thread itself (projectacrn#9 for this first lock and projectacrn#2 for recursively lock), which is not allowed for mutex with default attribute. This patch changes the mutex type of 'mevent_lmutex' from default to "PTHREAD_MUTEX_RECURSIVE", because recrusively lock shall be allowed as user of mevent may call mevent functions (where mutex lock maybe required) in teardown callbacks. Tracked-On: projectacrn#7133 Signed-off-by: Yonghua Huang <[email protected]> Acked-by: Yu Wang <[email protected]>
yonghuah
added a commit
to yonghuah/acrn-hypervisor
that referenced
this pull request
Feb 21, 2022
'mevent_lmutex' is initialized as default type, while attempting to recursively lock on this kind of mutext results in undefined behaviour. Recursively lock on 'mevent_lmutex' can be detected in mevent thread when user tries to trigger system reset from user VM, in this case, user VM reboot hang. The backtrace for this issue: projectacrn#1 in mevent_qlock () at core/mevent.c:93 projectacrn#2 in mevent_delete_even at core/mevent.c:357 ===>Recursively LOCK projectacrn#3 in mevent_delete_close at core/mevent.c:387 projectacrn#4 in acrn_timer_deinit at core/timer.c:106 projectacrn#5 in virtio_reset_dev at hw/pci/virtio/virtio.c:171 projectacrn#6 in virtio_console_reset at hw/pci/virtio/virtio_console.c:196 projectacrn#7 in virtio_console_destroy at hw/pci/virtio/virtio_console.c:1015 projectacrn#8 in virtio_console_teardown_backend at hw/pci/virtio/virtio_console.c:1042 projectacrn#9 in mevent_drain_del_list () at core/mevent.c:348 ===> 1st LOCK projectacrn#10 in mevent_dispatch () at core/mevent.c:472 projectacrn#11 in main at core/main.c:1110 So the root cause is: mevent_mutex lock is recursively locked by mevent thread itself (projectacrn#9 for this first lock and projectacrn#2 for recursively lock), which is not allowed for mutex with default attribute. This patch changes the mutex type of 'mevent_lmutex' from default to "PTHREAD_MUTEX_RECURSIVE", because recrusively lock shall be allowed as user of mevent may call mevent functions (where mutex lock maybe required) in teardown callbacks. Tracked-On: projectacrn#7133 Signed-off-by: Yonghua Huang <[email protected]> Acked-by: Yu Wang <[email protected]>
acrnsi-robot
pushed a commit
that referenced
this pull request
Feb 21, 2022
'mevent_lmutex' is initialized as default type, while attempting to recursively lock on this kind of mutext results in undefined behaviour. Recursively lock on 'mevent_lmutex' can be detected in mevent thread when user tries to trigger system reset from user VM, in this case, user VM reboot hang. The backtrace for this issue: #1 in mevent_qlock () at core/mevent.c:93 #2 in mevent_delete_even at core/mevent.c:357 ===>Recursively LOCK #3 in mevent_delete_close at core/mevent.c:387 #4 in acrn_timer_deinit at core/timer.c:106 #5 in virtio_reset_dev at hw/pci/virtio/virtio.c:171 #6 in virtio_console_reset at hw/pci/virtio/virtio_console.c:196 #7 in virtio_console_destroy at hw/pci/virtio/virtio_console.c:1015 #8 in virtio_console_teardown_backend at hw/pci/virtio/virtio_console.c:1042 #9 in mevent_drain_del_list () at core/mevent.c:348 ===> 1st LOCK #10 in mevent_dispatch () at core/mevent.c:472 #11 in main at core/main.c:1110 So the root cause is: mevent_mutex lock is recursively locked by mevent thread itself (#9 for this first lock and #2 for recursively lock), which is not allowed for mutex with default attribute. This patch changes the mutex type of 'mevent_lmutex' from default to "PTHREAD_MUTEX_RECURSIVE", because recrusively lock shall be allowed as user of mevent may call mevent functions (where mutex lock maybe required) in teardown callbacks. Tracked-On: #7133 Signed-off-by: Yonghua Huang <[email protected]> Acked-by: Yu Wang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
"-O2 -D_FORTIFY_SOURCE=2":
GCC C-Compiler can analyze the source code to be compiled and detect
certain insecure sections, that might create a security problem. The
compiler will replace the insecure function calls with special hardened
code that will perform extra runtime checks while the process is
executed.
"-Wformat -Wformat-security":
It warns about calls to "printf" and "scanf" functions where the format
string is not a string literal and there are no format arguments, as in
"printf (foo);". This may be a security hole if the format string came
from untrusted input and contains %n.
Tracked-On: 224003
Signed-off-by: wenshelx [email protected]