From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35DBCC43460 for ; Thu, 6 May 2021 23:47:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 12E8B610FB for ; Thu, 6 May 2021 23:47:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233113AbhEFXsS (ORCPT ); Thu, 6 May 2021 19:48:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59114 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233085AbhEFXsR (ORCPT ); Thu, 6 May 2021 19:48:17 -0400 Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3CA64C061574 for ; Thu, 6 May 2021 16:47:18 -0700 (PDT) Received: by mail-yb1-xb31.google.com with SMTP id h202so9634443ybg.11 for ; Thu, 06 May 2021 16:47:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VrYk6rK4qAMSWl4b3WT+Zawp/taVXn+29RbPDW3crfA=; b=OBbIGA1B+Wfnspr+21R8l0QW+JbPYM3kzvXGIQ1MCRQDC7gJ6gnhM0YSpUPeQ81fwx hvSUuEWNQlvSd7GmuymhSaRDWhjKCHhs1ct0PJguqBjIfzDBxOMR0ULDlT4zrfEaIDvv v0favtC2idEj8uAmYr5X+Bkpbl7fbHCBgrOALthuaUyw/TfFrLK8biCpeNiUTVAdU2ZQ 96UOpW2rr52lXs/oUMTonQVrG/pwoKvY6qFe7RMqpsCni3EKIspjfW8EuaBqNfkQrpcL AjUTbSC9w0SxDd1AWH7dbnQ0fMmUUl7CDKD0vCJePU1PXsfUsSeByihUGsoROHoGMgM2 hA+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VrYk6rK4qAMSWl4b3WT+Zawp/taVXn+29RbPDW3crfA=; b=VT+dul2Qfy8jpEkVUD9TbE0gxCeFmrbN5z5WZrvcu6RWZyzuMwLdrbpsdkP93oSLm0 +ZaYHRhfJlB5Z/rbcOwjTm3c8u6N2A4OMjXIv1wIBHT4s7q+4MR9N2YiG9RDp+t/HbzH doGdPFlBJctoLsT6HPmXtiGE/gyxhXxn6o0hC3aD+ZtPx8Pryjgx3jUY9U95XAbFyWuS +DF3vOm3gnatie30ZQDO7EjK5C2r9F6IHODSTYOvOuRVYEyGM2BUPtvlYgBApURpxHBE QeEpqQZKHNhziK2Wceni8cut02JfBX8ZUKJjoQQQ1jW2jbnyhIg9olP+MHL/FWxiosdK GeZw== X-Gm-Message-State: AOAM531YWz+PJY9LFvjZ2YraDGR/n694CxdNkBJqeSK9nIrLHhE3kSE4 K7bKkUeiB201yV3W1aHdx+V5hKWN3o5L4AQNYJJDhQ== X-Google-Smtp-Source: ABdhPJwXaOsYBHETHFNI5QAD9BI62aHyeFKeRfKB2S0TG9XZ8294bWhQHvq7ecMTeQQ6A8Dwc6bEnHMf+vR7gGngF4Q= X-Received: by 2002:a25:5743:: with SMTP id l64mr9276769ybb.314.1620344837199; Thu, 06 May 2021 16:47:17 -0700 (PDT) MIME-Version: 1.0 References: <20210506212025.815380-1-pcc@google.com> In-Reply-To: From: Peter Collingbourne Date: Thu, 6 May 2021 16:47:06 -0700 Message-ID: Subject: Re: [PATCH] kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled To: Andrey Konovalov Cc: Alexander Potapenko , George Popescu , Elena Petrova , Evgenii Stepanov , Andrew Morton , Linux Memory Management List , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org On Thu, May 6, 2021 at 3:12 PM Andrey Konovalov wrote: > > On Thu, May 6, 2021 at 11:20 PM Peter Collingbourne wrote: > > > > These tests deliberately access these arrays out of bounds, > > which will cause the dynamic local bounds checks inserted by > > CONFIG_UBSAN_LOCAL_BOUNDS to fail and panic the kernel. To avoid this > > problem, access the arrays via volatile pointers, which will prevent > > the compiler from being able to determine the array bounds. > > > > Signed-off-by: Peter Collingbourne > > Cc: stable@vger.kernel.org > > Link: https://linux-review.googlesource.com/id/I90b1713fbfa1bf68ff895aef099ea77b98a7c3b9 > > --- > > lib/test_kasan.c | 14 ++++++++------ > > 1 file changed, 8 insertions(+), 6 deletions(-) > > > > diff --git a/lib/test_kasan.c b/lib/test_kasan.c > > index dc05cfc2d12f..2a078e8e7b8e 100644 > > --- a/lib/test_kasan.c > > +++ b/lib/test_kasan.c > > @@ -654,8 +654,8 @@ static char global_array[10]; > > > > static void kasan_global_oob(struct kunit *test) > > { > > - volatile int i = 3; > > - char *p = &global_array[ARRAY_SIZE(global_array) + i]; > > + char *volatile array = global_array; > > + char *p = &array[ARRAY_SIZE(global_array) + 3]; > > Nit: in the kernel, "volatile" usually comes before the pointer type. That would refer to a different type. "volatile char *" is a pointer to volatile char, while "char *volatile" is a volatile pointer to char. The latter is what we want here, because we want to prevent the compiler from inferring things about the pointer itself (i.e. its array bounds), not the data that it refers to. Peter From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B1A6C433B4 for ; Thu, 6 May 2021 23:47:20 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 9BCF2610CE for ; Thu, 6 May 2021 23:47:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9BCF2610CE Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id F316D6B0070; Thu, 6 May 2021 19:47:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id F08E56B0071; Thu, 6 May 2021 19:47:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D95816B0072; Thu, 6 May 2021 19:47:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0126.hostedemail.com [216.40.44.126]) by kanga.kvack.org (Postfix) with ESMTP id BF9626B0070 for ; Thu, 6 May 2021 19:47:18 -0400 (EDT) Received: from smtpin28.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 7992C181AEF30 for ; Thu, 6 May 2021 23:47:18 +0000 (UTC) X-FDA: 78112444956.28.D816E2F Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179]) by imf02.hostedemail.com (Postfix) with ESMTP id B2E2F40002E8 for ; Thu, 6 May 2021 23:46:45 +0000 (UTC) Received: by mail-yb1-f179.google.com with SMTP id v39so9673053ybd.4 for ; Thu, 06 May 2021 16:47:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VrYk6rK4qAMSWl4b3WT+Zawp/taVXn+29RbPDW3crfA=; b=OBbIGA1B+Wfnspr+21R8l0QW+JbPYM3kzvXGIQ1MCRQDC7gJ6gnhM0YSpUPeQ81fwx hvSUuEWNQlvSd7GmuymhSaRDWhjKCHhs1ct0PJguqBjIfzDBxOMR0ULDlT4zrfEaIDvv v0favtC2idEj8uAmYr5X+Bkpbl7fbHCBgrOALthuaUyw/TfFrLK8biCpeNiUTVAdU2ZQ 96UOpW2rr52lXs/oUMTonQVrG/pwoKvY6qFe7RMqpsCni3EKIspjfW8EuaBqNfkQrpcL AjUTbSC9w0SxDd1AWH7dbnQ0fMmUUl7CDKD0vCJePU1PXsfUsSeByihUGsoROHoGMgM2 hA+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VrYk6rK4qAMSWl4b3WT+Zawp/taVXn+29RbPDW3crfA=; b=ipGi4IlUN1X0MaT0yaKbCu1XFWZXyTcxLuHq0s3LPj8kB8/nnTySGjzfVOIzzoIvbO chwTGkrz0MjITwQP3rxxVd+meSIQV79BNBBwQYOKKfVRfnRvxeEuT57ar8dC14StKW8k ipU8eUad75PeblvWIgoA/8o48ivEpLeAzomkqvMxGG6thawJLzhL0rCpcdKuNuEbUgBb jDMH/9QOL++R6iwryAINqOuOwuLY+GKGB0GdLbJE/+wkYNP7XV/Dv4FWdgy0+onpxFaX WKZu22Imi2gn4R7CnIV02VmnPJc190JcYcGgi5W8t1CMLl72ka+3I9Ga4M8F+7U8lcJe deIA== X-Gm-Message-State: AOAM533SYa/E7END2s2rzmSCYrW+ORvqEoDLAr2FxKl4Zn81Njc1zhC/ z35C7HJyMT3krUz2emsz3NS3v7KKyPcp2ktojpqqyw== X-Google-Smtp-Source: ABdhPJwXaOsYBHETHFNI5QAD9BI62aHyeFKeRfKB2S0TG9XZ8294bWhQHvq7ecMTeQQ6A8Dwc6bEnHMf+vR7gGngF4Q= X-Received: by 2002:a25:5743:: with SMTP id l64mr9276769ybb.314.1620344837199; Thu, 06 May 2021 16:47:17 -0700 (PDT) MIME-Version: 1.0 References: <20210506212025.815380-1-pcc@google.com> In-Reply-To: From: Peter Collingbourne Date: Thu, 6 May 2021 16:47:06 -0700 Message-ID: Subject: Re: [PATCH] kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled To: Andrey Konovalov Cc: Alexander Potapenko , George Popescu , Elena Petrova , Evgenii Stepanov , Andrew Morton , Linux Memory Management List , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: B2E2F40002E8 Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=google.com header.s=20161025 header.b=OBbIGA1B; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf02.hostedemail.com: domain of pcc@google.com designates 209.85.219.179 as permitted sender) smtp.mailfrom=pcc@google.com X-Rspamd-Server: rspam04 X-Stat-Signature: 754e1o98d9oc7gnf1ftynrioct81h35p Received-SPF: none (google.com>: No applicable sender policy available) receiver=imf02; identity=mailfrom; envelope-from=""; helo=mail-yb1-f179.google.com; client-ip=209.85.219.179 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1620344805-502526 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, May 6, 2021 at 3:12 PM Andrey Konovalov wrote: > > On Thu, May 6, 2021 at 11:20 PM Peter Collingbourne wrote: > > > > These tests deliberately access these arrays out of bounds, > > which will cause the dynamic local bounds checks inserted by > > CONFIG_UBSAN_LOCAL_BOUNDS to fail and panic the kernel. To avoid this > > problem, access the arrays via volatile pointers, which will prevent > > the compiler from being able to determine the array bounds. > > > > Signed-off-by: Peter Collingbourne > > Cc: stable@vger.kernel.org > > Link: https://linux-review.googlesource.com/id/I90b1713fbfa1bf68ff895aef099ea77b98a7c3b9 > > --- > > lib/test_kasan.c | 14 ++++++++------ > > 1 file changed, 8 insertions(+), 6 deletions(-) > > > > diff --git a/lib/test_kasan.c b/lib/test_kasan.c > > index dc05cfc2d12f..2a078e8e7b8e 100644 > > --- a/lib/test_kasan.c > > +++ b/lib/test_kasan.c > > @@ -654,8 +654,8 @@ static char global_array[10]; > > > > static void kasan_global_oob(struct kunit *test) > > { > > - volatile int i = 3; > > - char *p = &global_array[ARRAY_SIZE(global_array) + i]; > > + char *volatile array = global_array; > > + char *p = &array[ARRAY_SIZE(global_array) + 3]; > > Nit: in the kernel, "volatile" usually comes before the pointer type. That would refer to a different type. "volatile char *" is a pointer to volatile char, while "char *volatile" is a volatile pointer to char. The latter is what we want here, because we want to prevent the compiler from inferring things about the pointer itself (i.e. its array bounds), not the data that it refers to. Peter