static code checking in the linux kernel
play

Static code checking In the Linux kernel Presented by Arnd - PowerPoint PPT Presentation

Nov 15, 2022 •105 likes •586 views

Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event Embedded Linux Conference Static code checking in the Linux kernel 1. Overview 2. Randconfig issues 3. Checking tools 4. Automated checking

  1. Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event Embedded Linux Conference

  2. Static code checking in the Linux kernel 1. Overview 2. Randconfig issues 3. Checking tools 4. Automated checking

  3. Motivation ● Testing arm-soc pull requests ● Testing code refactoring

  4. Approaches to build testing 1. Record all known warnings, email about new ones 2. Eliminate all known warnings

  5. Timeline for ARM fixes defconfig failures clang failures allmodconfig failures defconfig warnings randconfig errors allmodconfig warnings randconfig warnings 2011 2012 2013 2014 2015 2016

  6. Randconfig issues

  7. Kconfig dependencies ● netfilter ● I2C ● ALSA Codecs ● module, modules, modules

  8. --- a/net/openvswitch/Kconfig +++ b/net/openvswitch/Kconfig @@ -7,7 +7,9 @@ config OPENVSWITCH depends on INET depends on !NF_CONNTRACK || \ (NF_CONNTRACK && ((!NF_DEFRAG_IPV6 || NF_DEFRAG_IPV6) && \ - (!NF_NAT || NF_NAT))) + (!NF_NAT || NF_NAT) && \ + (!NF_NAT_IPV4 || NF_NAT_IPV4) && \ + (!NF_NAT_IPV6 || NF_NAT_IPV6))) select LIBCRC32C select MPLS select NET_MPLS_GSO

  9. Uninitialized variables ● The Power of Undefined Values: http://rusty.ozlabs.org/?p=232 ● Problems: gcc -Os -fprofile-arcs CONFIG_UBSAN_SANITIZE_ALL CONFIG_PROFILE_ALL_BRANCHES

  10. /* * "Define 'is'", Bill Clinton * "Define 'if'", Steven Rostedt */ #define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) ) #define __trace_if(cond) \ if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ({ \ int ______r; \ static struct ftrace_branch_data \ __attribute__((__aligned__(4))) \ __attribute__((section("_ftrace_branch"))) \ ______f = { \ .func = __func__, \ .file = __FILE__, \ .line = __LINE__, \ }; \ ______r = !!(cond); \ ______f.miss_hit[______r]++; \ ______r; \ }))

  11. if (cm_node->ipv4) arpindex = i40iw_addr_resolve_neigh(iwdev, cm_info->loc_addr[0], cm_info->rem_addr[0], oldarpindex); #if IS_ENABLED(CONFIG_IPV6) else arpindex = i40iw_addr_resolve_neigh_ipv6(iwdev, cm_info->loc_addr, cm_info->rem_addr, oldarpindex); #endif ether_addr_copy(cm_node->rem_mac, iwdev->arp_table[arpindex].mac_addr);

  12. if (cm_node->ipv4) arpindex = i40iw_addr_resolve_neigh(iwdev, cm_info->loc_addr[0], cm_info->rem_addr[0], oldarpindex); else if (CONFIG_IPV6) arpindex = i40iw_addr_resolve_neigh_ipv6(iwdev, cm_info->loc_addr, cm_info->rem_addr, oldarpindex); else arpindex = -EINVAL; ether_addr_copy(cm_node->rem_mac, iwdev->arp_table[arpindex].mac_addr);

  13. @@ -425,8 +425,8 @@ static int br_mdb_add_group(struct net_bridge *br, struct net_bridge_port *port, mp = br_mdb_ip_get(mdb, group); if (!mp) { mp = br_multicast_new_group(br, port, group); - err = PTR_ERR(mp); - if (IS_ERR(mp)) + err = PTR_ERR_OR_ZERO(mp); + if (err) return err; }

  14. Checking tools

  15. scripts/checkpatch.pl ● Written by Andy Whitcroft, Joe Perches ● String matching ● Checks for basic coding style issues ● Good for checking new submissions, less so for existing code

  16. WARNING: line over 80 characters #56: FILE: kernel/sched/sched.h:56: +#if 0 /* BITS_PER_LONG > 32 -- currently broken: it increases power usage under light load */ WARNING: Unnecessary space before function pointer arguments #1187: FILE: kernel/sched/sched.h:1187: + void (*enqueue_task) (struct rq *rq, struct task_struct *p, int flags); WARNING: please, no spaces at the start of a line #1252: FILE: kernel/sched/sched.h:1252: + for (class = sched_class_highest; class; class = class->next)$ WARNING: Prefer 'unsigned int' to bare use of 'unsigned' #1346: FILE: kernel/sched/sched.h:1346: +static inline void add_nr_running(struct rq *rq, unsigned count) WARNING: please, no spaces at the start of a line #1816: FILE: kernel/sched/sched.h:1816: + if (data)$ WARNING: suspect code indent for conditional statements (7, 15) #1816: FILE: kernel/sched/sched.h:1816: + if (data) + data->func(data, time, util, max);

  17. sparse ● Domain specific checks ● Written by Linus Torvalds for use with Linux ● Later maintained by Josh Triplett,Chris Li make C=1 CHECK="/usr/bin/sparse" http://git.kernel.org/pub/scm/devel/sparse/chrisl/sparse.git

  18. kernel/sys.c:948:32: warning: incorrect type in argument 1 (different address spaces) kernel/sys.c:948:32: expected struct task_struct *p1 kernel/sys.c:948:32: got struct task_struct [noderef] <asn:4>*real_parent kernel/fork.c:1231:41: warning: implicit cast to nocast type kernel/fork.c:1324:13: warning: dereference of noderef expression kernel/irq/irqdesc.c:567:17: warning: context imbalance in '__irq_get_desc_lock' - wrong count at exit

  19. Extra gcc warnings ● make W=1 Added by Borislav Petkov Generally useful warnings ● make W=12 Possibly useful warnings ● make W=123 overload

  20. arch/arm/mach-tegra/cpuidle-tegra20.c:216:6: warning: no previous prototype for 'tegra20_cpuidle_pcie_irqs_in_use' [-Wmissing-prototypes] mm/vmscan.c: In function 'try_to_free_mem_cgroup_pages': mm/vmscan.c:2907:6: warning: variable 'nid' set but not used [-Wunused-but-set-variable] security/keys/trusted.c: In function 'tpm_unseal': security/keys/trusted.c:589:11: warning: variable 'keyhndl' set but not used [-Wunused-but-set-variable] drivers/pwm/pwm-bcm-kona.c: In function 'kona_pwmc_config': drivers/pwm/pwm-bcm-kona.c:141:35: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]

  21. Extra gcc warnings $ make W=1 2>&1 | cut -f 2 -d[ | sort | uniq -c | cut -f 1 -d] | sort -nr 631 -Woverride-init 280 -Wmissing-prototypes 133 -Wunused-but-set-variable 98 -Wmissing-include-dirs 33 -Wtype-limits 13 -Wsuggest-attribute=format 13 -Wempty-body 7 -Wold-style-declaration 2 -Wignored-qualifiers

  22. Extra gcc warnings $ make W=12 2>&1 | cut -f 2 -d[ | sort | uniq -c | cut -f 1 -d] | sort -nr 94235 -Wnested-externs 93350 -Wcast-align 16694 -Wsign-compare 7594 -Wshadow 1465 -Wmissing-field-initializers 631 -Woverride-init 482 -Waggregate-return 280 -Wmissing-prototypes 133 -Wunused-but-set-variable 98 -Wmissing-include-dirs 33 -Wtype-limits 13 -Wsuggest-attribute=format 13 -Wempty-body ...

  23. Extra gcc warnings $ make W=123 2>&1 | cut -f 2 -d[ | sort | uniq -c | cut -f 1 -d] | sort -nr 782719 -Wsign-conversion 425231 -Wpadded 176825 -Wcast-qual 176553 -Wconversion 94235 -Wnested-externs 93350 -Wcast-align 56153 -Wpointer-arith 45309 -Wredundant-decls 36921 -Wbad-function-cast 27978 -Wattributes 16694 -Wsign-compare 13440 -Wpacked 7594 -Wshadow 6820 -Wswitch-default ...

  24. gcc-6 warnings ● Overall helpful additions ● 32 patches so far, most applied https://gnu.wildebeest.org/blog/mjw/2016/02/15/looking- forward-to-gcc6-many-new-warnings/

  25. @@ -2860,7 +2860,7 @@ lpfc_online(struct lpfc_hba *phba) } vports = lpfc_create_vport_work_array(phba); - if (vports != NULL) + if (vports != NULL) { for (i = 0; i <= phba->max_vports && vports[i] != NULL; i++) { struct Scsi_Host *shost; shost = lpfc_shost_from_vport(vports[i]); @@ -2877,7 +2877,8 @@ lpfc_online(struct lpfc_hba *phba) } spin_unlock_irq(shost->host_lock); } - lpfc_destroy_vport_work_array(phba, vports); + } + lpfc_destroy_vport_work_array(phba, vports); lpfc_unblock_mgmt_io(phba); return 0;

  26. llvmlinux ● Building the kernel with clang ● Patches needed to just compile ● Tons of new warnings some good, some less so ● Lots of work done by Behan Webster http://git.kernel. org/cgit/linux/kernel/git/arnd/playground. git/log/?h=llvmlinux-4.5

  27. static int __init test_static_key_init(void) { #define test_key_func(key, branch) \ {bool func(void) { return branch(key); } func; }) struct test_key static_key_tests[] = { { .init_state = true, .key = &old_true_key, .test_key = test_key_func(&old_true_key, static_key_true), }, { .init_state = false, .key = &old_false_key, .test_key = test_key_func(&old_false_key, static_key_false), }, ... }; ... }

  28. llvmlinux ● Picked up the 3.19 based tree in 2016 ● Ported to v4.5 ● builds ARM randconfig successfully now ● TODO: address warnings

  29. drivers/staging/wilc1000/wilc_spi.c:123:34: warning: tentative definition of variable with internal linkage has incomplete non-array type 'const struct wilc1000_ops' [-Wtentative-definition-incomplete-type] --- a/drivers/staging/wilc1000/wilc_spi.c +++ b/drivers/staging/wilc1000/wilc_spi.c @@ -120,8 +120,6 @@ static u8 crc7(u8 crc, const u8 *buffer, u32 len) #define USE_SPI_DMA 0 -static const struct wilc1000_ops wilc1000_spi_ops; - static int wilc_bus_probe(struct spi_device *spi) { int ret, gpio;

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016

Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016

Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016 Vaishali Thakkar (vaishali.thakkar@oracle.com) 1 Self Introduction Linux Kernel developer at Oracle Working in kernel security engineering group

659 views • 46 slides
Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules Kernel module: code that can be dynamically loaded/unloaded into the kernel at runtime Change the kernel code without needing to reboot

545 views • 13 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
Exploring Linux Kernel Source Code with Eclipse and QTCreator Marcin Bis 2016.10.12 ELCE 2016,

Exploring Linux Kernel Source Code with Eclipse and QTCreator Marcin Bis 2016.10.12 ELCE 2016,

Exploring Linux Kernel Source Code with Eclipse and QTCreator Marcin Bis 2016.10.12 ELCE 2016, Berlin Marcin Bis marcin@bis-linux.com +48 607 075 848 Training ( http://bis-linux.com ): Embedded Linux Yocto Linux Device Drivers Development

770 views • 50 slides
Digitalization of Kernel Diversion from the Upstream T o minimize local code modifications Hisao

Digitalization of Kernel Diversion from the Upstream T o minimize local code modifications Hisao

Did you care for purity of your Linux BSP Computer aided BSP kernel sanity check Yaminabe2 execution and trial result conclusion Digitalization of Kernel Diversion from the Upstream T o minimize local code modifications Hisao Munakata Linux

682 views • 52 slides
Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module Linux is written in C, but does not include all standard libraries And some other idiosyncrasies This lecture will give you a crash

1.35k views • 22 slides
Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Authors Authors Author Defn. Num.* K. Rustan M. Leino MJS 13 Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6 Wolfram Schulte S 3 David Detlefs M 2 Raymie Stata J 2 Mike Barnett S 2

239 views • 5 slides
1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
A couple billion lines of code later: static checking in the real world Andy Chou, Ben Chelf,

A couple billion lines of code later: static checking in the real world Andy Chou, Ben Chelf,

average commo n A couple billion lines of code later: static checking in the real world Andy Chou, Ben Chelf, Seth Hallem Scott McPeak, Bryan Fulton, Charles Henri-Gros, Ken Block, Anuj Goyal, Al Bessey Chris Zak &amp; many others

750 views • 72 slides
Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for

Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for

Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for Women LinuxCon North America 2013 Agenda Introduction What Got Me Interested in OPW Project Overview Xen Block Ring Protocol

922 views • 13 slides
Linux Device Drivers Modules A piece of code that can be added to the kernel at runtime is

Linux Device Drivers Modules A piece of code that can be added to the kernel at runtime is

Linux Device Drivers Modules A piece of code that can be added to the kernel at runtime is called a module A device driver is one kind of module Each module is made up of object code that can be dynamically linked to the running

388 views • 28 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry

Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry

Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry anthony.lineberry@gmail.com Black Hat Europe 2009 Overview What is a rootkit? Why is protec:on difficult? Current protec:on mechanisms/bypasses

638 views • 52 slides
. Kernel The Variability Model of the Linux Extra Conclusions Linux Study Introduction .

. Kernel The Variability Model of the Linux Extra Conclusions Linux Study Introduction .

. Krzysztof Czarnecki, Andrzej Wsowski The Variability Model of the Linux Kernel . . January 26, 2010 IT University of Copenhagen University of Leipzig University of Waterloo Steven She, Rafael Lotufo, Thorsten Berger, . Kernel The

928 views • 39 slides
Systematic Testing of Fault Handling Code in Linux Kernel Alexey Khoroshilov Andrey Tsyvarev

Systematic Testing of Fault Handling Code in Linux Kernel Alexey Khoroshilov Andrey Tsyvarev

Systematic Testing of Fault Handling Code in Linux Kernel Alexey Khoroshilov Andrey Tsyvarev Institute for System Programming of the Russian Academy of Sciences Fault Handling Code 821 error =

910 views • 46 slides
Linux Kernel Security &amp; Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux

Linux Kernel Security &amp; Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux

Linux Kernel Security &amp; Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux Kernel Widespread Deployed on: powerful (high performance compute clusters) sensitive (bank, gov. systems, ..) safety critical

995 views • 29 slides
On Windowing as a subsampling method for Distributed Data Mining David Mart nez-Galicia

On Windowing as a subsampling method for Distributed Data Mining David Mart nez-Galicia

On Windowing as a subsampling method for Distributed Data Mining David Mart nez-Galicia Director: Alejandro Guerra-Hern andez Co-directors: Nicandro Cruz-Ram rez, Xavier Lim on Universidad Veracruzana Centro de investigaci on

655 views • 52 slides
Verified translation validation of static analyses Sandrine Blazy joint work with Gilles Barthe,

Verified translation validation of static analyses Sandrine Blazy joint work with Gilles Barthe,

Verified translation validation of static analyses Sandrine Blazy joint work with Gilles Barthe, Vincent Laporte, David Pichardie and Alix Trieu IFIP WG 1.9/2.15, Leuven, 2017-05-11 1 Background: verifying a compiler Compiler + proof that the

446 views • 19 slides
Trying to understand the instability of AdS through toy models Piotr Bizo n AEI and

Trying to understand the instability of AdS through toy models Piotr Bizo n AEI and

Trying to understand the instability of AdS through toy models Piotr Bizo n AEI and Jagiellonian University joint work with Patryk Mach and Maciej Maliborski Cambridge, 24 March 2014 1 / 17 Outline Brief reminder on the conjectured

449 views • 17 slides
Welcome to Fermilab and the 13th annual Fermilab-CERN HCPSS! 13 th annual Fermilab-CERN Hadron

Welcome to Fermilab and the 13th annual Fermilab-CERN HCPSS! 13 th annual Fermilab-CERN Hadron

Welcome to Fermilab and the 13th annual Fermilab-CERN HCPSS! 13 th annual Fermilab-CERN Hadron Collider Physics Summer School August 20-31, 2018 Fermilab hcpss.fnal.gov/hcpss18 Jim Hirschauer and Estia Eichten 20 Aug 2018 Introductions

158 views • 13 slides
Instrumentation for the Energy Frontier Ronald Lipton, Fermilab High Energy Physics has had

Instrumentation for the Energy Frontier Ronald Lipton, Fermilab High Energy Physics has had

Instrumentation for the Energy Frontier Ronald Lipton, Fermilab High Energy Physics has had remarkable success at the Frontier culminating with the discovery of the Higgs. This success was enabled by equally remarkable progress in technology

796 views • 48 slides
Scene semantics from long-term observation of people. Jacob Menashe October 5, 2012

Scene semantics from long-term observation of people. Jacob Menashe October 5, 2012

Scene semantics from long-term observation of people. Jacob Menashe October 5, 2012 Introduction Function over form. Introduction Function over form. Form can be unique, function can be descriptive. Introduction Function over

1.77k views • 112 slides
Galaxy formation in SPHS Justin Read ETH Zrich | University of Leicester With: T. Hayfield, A.

Galaxy formation in SPHS Justin Read ETH Zrich | University of Leicester With: T. Hayfield, A.

Galaxy formation in SPHS Justin Read ETH Zrich | University of Leicester With: T. Hayfield, A. Hobbs, C. Power Background | Classic SPH N Integral i = m j W ij ( | r ij | , h i ) ( Continuity j N d v i m j dt = i

706 views • 42 slides
Operating Systems System Design &amp; Structures Maria Hybinette, UGA Review : What is An

Operating Systems System Design &amp; Structures Maria Hybinette, UGA Review : What is An

Operating Systems System Design &amp; Structures Maria Hybinette, UGA Review : What is An Operating System? Key Points Software (kernel) that runs at all times Really, the part of the system that runs in kernel mode (or need

782 views • 39 slides

More recommend