linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: David Gow <davidgow@google.com>
To: Daniel Axtens <dja@axtens.net>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	linux-mm@kvack.org,  Andrew Morton <akpm@linux-foundation.org>,
	kasan-dev <kasan-dev@googlegroups.com>,
	 Dmitry Vyukov <dvyukov@google.com>,
	christophe.leroy@c-s.fr
Subject: Re: [PATCH v3 0/3] Fix some incompatibilites between KASAN and FORTIFY_SOURCE
Date: Fri, 24 Apr 2020 14:54:43 +0800	[thread overview]
Message-ID: <CABVgOSkwn2Y0khsWw4xLASj5e-m7hng6Z+5wCMYomZbZGn_N2Q@mail.gmail.com> (raw)
In-Reply-To: <20200423154503.5103-1-dja@axtens.net>

On Thu, Apr 23, 2020 at 11:45 PM Daniel Axtens <dja@axtens.net> wrote:
>
> 3 KASAN self-tests fail on a kernel with both KASAN and FORTIFY_SOURCE:
> memchr, memcmp and strlen. I have observed this on x86 and powerpc.
>
> When FORTIFY_SOURCE is on, a number of functions are replaced with
> fortified versions, which attempt to check the sizes of the
> operands. However, these functions often directly invoke __builtin_foo()
> once they have performed the fortify check.
>
> This breaks things in 2 ways:
>
>  - the three function calls are technically dead code, and can be
>    eliminated. When __builtin_ versions are used, the compiler can detect
>    this.
>
>  - Using __builtins may bypass KASAN checks if the compiler decides to
>    inline it's own implementation as sequence of instructions, rather than
>    emit a function call that goes out to a KASAN-instrumented
>    implementation.
>
> The patches address each reason in turn. Finally, test_memcmp used a
> stack array without explicit initialisation, which can sometimes break
> too, so fix that up.
>
> v3: resend with Reviewed-bys, hopefully for inclusion in 5.8.
>
> v2: - some cleanups, don't mess with arch code as I missed some wrinkles.
>     - add stack array init (patch 3)
>
> Daniel Axtens (3):
>   kasan: stop tests being eliminated as dead code with FORTIFY_SOURCE
>   string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
>   kasan: initialise array in kasan_memcmp test
>
>  include/linux/string.h | 60 +++++++++++++++++++++++++++++++++---------
>  lib/test_kasan.c       | 32 +++++++++++++---------
>  2 files changed, 68 insertions(+), 24 deletions(-)
>
> --
> 2.20.1
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20200423154503.5103-1-dja%40axtens.net.

Thanks, Daniel!

For the series:
Tested-by: David Gow <davidgow@google.com>

(Though I will mirror Dmitry's comment[1] on patch 3 -- I also have a
memset() already present in my branch...)

I'd been digging into what turns out to be this issue, which we were
seeing sporadically[2] with the KUnit port of these tests. v7 of the
KUnit port[3] includes your changes, and fixes the issues.

Cheers,
-- David

[1]: https://lkml.org/lkml/2020/4/23/838
[2]: https://lkml.org/lkml/2020/4/18/570
[3]: https://lkml.org/lkml/2020/4/24/80


      parent reply	other threads:[~2020-04-24  6:54 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-23 15:45 Daniel Axtens
2020-04-23 15:45 ` [PATCH v3 1/3] kasan: stop tests being eliminated as dead code with FORTIFY_SOURCE Daniel Axtens
2020-04-23 15:45 ` [PATCH v3 2/3] string.h: fix incompatibility between FORTIFY_SOURCE and KASAN Daniel Axtens
2020-04-23 15:45 ` [PATCH v3 3/3] kasan: initialise array in kasan_memcmp test Daniel Axtens
2020-04-23 17:25   ` Dmitry Vyukov
2020-04-24 14:37     ` Daniel Axtens
2020-04-24  6:54 ` David Gow [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CABVgOSkwn2Y0khsWw4xLASj5e-m7hng6Z+5wCMYomZbZGn_N2Q@mail.gmail.com \
    --to=davidgow@google.com \
    --cc=akpm@linux-foundation.org \
    --cc=christophe.leroy@c-s.fr \
    --cc=dja@axtens.net \
    --cc=dvyukov@google.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --subject='Re: [PATCH v3 0/3] Fix some incompatibilites between KASAN and FORTIFY_SOURCE' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).