From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D857EC3DA4A for ; Tue, 20 Aug 2024 17:38:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6C57E6B0083; Tue, 20 Aug 2024 13:38:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 64CF16B0085; Tue, 20 Aug 2024 13:38:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4C6766B0088; Tue, 20 Aug 2024 13:38:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 2A20A6B0083 for ; Tue, 20 Aug 2024 13:38:14 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id CAD26C03FC for ; Tue, 20 Aug 2024 17:38:13 +0000 (UTC) X-FDA: 82473332466.30.261B59A Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by imf25.hostedemail.com (Postfix) with ESMTP id 0120AA000C for ; Tue, 20 Aug 2024 17:38:11 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=O7vUpIqA; spf=pass (imf25.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.49 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724175429; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uex0Zu5XeJjzbTzovpQP7F+VLtXX34oK2fmnyZ8I8+g=; b=zzm2RhY34bMSAAfyIXJ09YttJoElZeGtJIrhOmOiwSTTENU2yxkgToNC+QkE+kC7dtsEAi vuzO5hvfAZ72GcVowkuLgDtncaIrP5xrPzNOMBKw8qndNCFw9F77HKHydN1FKQLxKtaGxo cmV6XRFlVxgvdEIJ/TGoLDzAOHNfqRE= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=O7vUpIqA; spf=pass (imf25.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.49 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724175429; a=rsa-sha256; cv=none; b=JsR5GFTCu5+uHll5Htq97iwTjc0poqS+V9NG/Zo4cdM/qVOLU0UfUOZQdztuXbOcbyCnm+ UKYYQ845WwosGuLUVa9RwMKR0oUqxG3YBHV34T7UcJQnKbRJhE4GJs/c5NPISZFuYB1k0b qUikhDYyu2hJhkAS0lGhui6jZmwyq5E= Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-371b015572cso2664063f8f.1 for ; Tue, 20 Aug 2024 10:38:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724175490; x=1724780290; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=uex0Zu5XeJjzbTzovpQP7F+VLtXX34oK2fmnyZ8I8+g=; b=O7vUpIqAxiZuAYWjqa9kOI7KQq/wWMFqxDgdXH1aAmW+BXHCtLq5C2rvBVtwV6IjWK i273IvJUnd/ya6yJw1eBEkmXNoJTvUrRTrUX6F1TrG0nVRziZmrwIW9hZALikGgc4R+U esSs1RBC1+/oMxzNc7JqT/r9EU/Z7YSag7/On0UD+Nhu/wG4UjDYhA96xMUVcrnEpe5v GY9cBFZBPUMDwfH220Kiy3jIIJKuJGfWEn8SGZd9Aa2TfpEiK4UFAzPPa9Oqo5eEa/So H5S8FdHTnKG7ob7MVyK/412pzk4Dz7YICzswWIjUGqP2Iu2nd/OEGYLHGaet3I+zm9+M f5NQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724175490; x=1724780290; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uex0Zu5XeJjzbTzovpQP7F+VLtXX34oK2fmnyZ8I8+g=; b=k2+Dt4PYok+iLEoBulFvY4UMpv5lYw2/nb90ErYGxm4Y8yPAQd81Psu6djr6+4jHcg i0t6mT4LicYKO8rm35TVQRD5u70aTMwfqvGcI5ccPqugaO8TZV9o8ahQVPZvMoEQOI0j IlAsK51zpcKm1cNBDXv3WVBnZtTeeGJdPujRIO2k6ZK1iRXPXFf612bmTkjvZsWbt1yt Fkwjuhf4bkpHsOfkq7unSRh5hcqcLHTNGhlWp+Yvi5XEeRJ2BxZB2oJRSGkqWtxrUKmq ccCh7bUhn4QhyrIBWINLstYuYx3tZfwdYHSQSv+Pp4coJnC7YSYXs9oL4Cvwl0ofp2w2 NUKg== X-Forwarded-Encrypted: i=1; AJvYcCUwJUdV5u4YG0RBaU7BH3+e4ZX8wjtIqXYR2/FTXh48xZbBHssQ/73KnUKhjjRMwqu4ZFNcNjIRkP9cPrU3UHjzTc0= X-Gm-Message-State: AOJu0YwHOtCFfrGVlvVgfH1qZmz2R51/leoj/oeupCwx9hd0LbATtZQM +7Wi0ObeDZm/9iAiSf5j9H9F6V1CQ44mJLwOGhoY7lY6p9Y0pdEsAET6P4iuY7nKgcEGu1KsMhi lwuqRT+Mm1Yb3reKThWd1fjujCTA= X-Google-Smtp-Source: AGHT+IHYXYf11BLw6d9wcs7H10GmSDAckOfUEbQqIaMIQOUKiv8CPDwzbrDBMuodE7WHHyCVPpTutzPpNU7CP3ayV5k= X-Received: by 2002:adf:e907:0:b0:371:8e24:1191 with SMTP id ffacd0b85a97d-371946a4455mr11698109f8f.53.1724175490194; Tue, 20 Aug 2024 10:38:10 -0700 (PDT) MIME-Version: 1.0 References: <20240819213534.4080408-1-mmaurer@google.com> <20240819213534.4080408-5-mmaurer@google.com> In-Reply-To: <20240819213534.4080408-5-mmaurer@google.com> From: Andrey Konovalov Date: Tue, 20 Aug 2024 19:37:59 +0200 Message-ID: Subject: Re: [PATCH v3 4/4] kasan: rust: Add KASAN smoke test via UAF To: Matthew Maurer Cc: dvyukov@google.com, ojeda@kernel.org, Andrey Ryabinin , Andrew Morton , Alex Gaynor , Wedson Almeida Filho , aliceryhl@google.com, samitolvanen@google.com, kasan-dev@googlegroups.com, linux-mm@kvack.org, glider@google.com, Vincenzo Frascino , Boqun Feng , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: zxuuqm5d9ursszz3xrne9scwt5surkjj X-Rspam-User: X-Rspamd-Queue-Id: 0120AA000C X-Rspamd-Server: rspam02 X-HE-Tag: 1724175491-276524 X-HE-Meta: U2FsdGVkX19NNEIZ3RsO65d9jYfoq279ymOnwMkFetn5X7UhvQB6IhDuFpj0XmpCm5Ys7UCdx0JXDpqwDO6q5XDG6Dbk5e5EmVIHGKEQ+h+AfYFrSHDXr+tkz/SLnN60WKVG1sH8450v3yMO5dR1vFyVwqs5CEUg+W9FbSO9YAJWR35eHV8Z9z2Dmp6++Zy8UZADXKmRWU36qv7FniyW581sirUZ2cXUUHk7DvyCjarbnxBeJulXsFOLENlQJRDPVcBJu9D7HN/Qh7uSjDw5lJZ586Xv9TpJNA7cgGAMd+qZ7vFSpRENl3NuMkbd/h/oj39z85+A4enpi6OzYMqCM30IwkFcs9klNWtHaRogoYgSAz4XgeKnsB+0jiqSfb8d862vPwIVwV3FJikCzbGjxsw5bXpfe7cyUOM25XcndCyDP48NaYlU/7FBLs+ekiKHrqBQpCg5TpXykNjhiv5cR+wRLo47jd6UwSZItXPaJBpu9U1iqqMRbQ5onuqxpcedXEFrlP34KgAzSw7YXa1KkzQHJbjvqrENokBN8hXJta/T7a3ZjTE3Qe09gNLm7a6hIkub0q1x0xAu1eEHs5imJz9oRy2NXL/Q/etX64EQ1WFiixFBlTPhNIo3fWOtGGazZ09NBLOVjEM/q+PRN30zLYiLCT1nV+YovyK6WS8HfcviCbyuqx2Spl1lqGKse6ApOYE1+d7aPxkGCG5fHrgsG4rdx8G1O3l/vS2URw5zjSqhmeMc7HLMOtAcG3yqaKZAas7DW9XRE+/zr4DcbCAjeL/MLK3XIFFA5Z7+eK0gYSuPy4wnmycRKPeZIMdD35b/mpnQNUTVjqbyRgJYBTiNofNx2Z+EPVTEUBqsu3eM/KM+Ib6QwIh85KGeEPJ5PuPCJCRhps8rtnd1SuTzkBV6DnaKiwRnlI8wvirhunz0A90mh80liU4z9Wrppm16ccFa0pGvQKtBCt9IVr+VT9w Jpt7bd4W EammECtpW7XbOMOzl82tlht7nROOPuZ34cnrtZ/Va9XHi8Ed9X1KuCJ0F9u0bvvkIostxqFezvpqpCEicdB9KA0lY+WrQgNvvqaqjuvIHa6wFX2QT+j/xP1EdYp5hP9cMkm9ZY+w1/MeZYxj3evBIWml/VjmoakmO0vFNnwJj1PlGI6FBk1Wsd2+taU5NpIaCCtZ+5siKoTdf5y6b10oOg4uSVyJgfj1KTBGNbBM/rn87/xOnx6TARblPxzoP4bc6wsWRU6VKiyPXiqDqSMGU7Ziy7bcquKJYhKRyYYzzp23K2QGcuh69b7g9cFOLbNp1YFL9TYw2jcaUAFBOrInfKQDeys1KWgijiyYkZFNOjvtk9Wuins2nT8vj2oR59b2mTRT0gXZd0lT8PSQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000005, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Aug 19, 2024 at 11:35=E2=80=AFPM Matthew Maurer wrote: > > Adds a smoke test to ensure that KASAN in Rust is actually detecting a > Rust-native UAF. There is significant room to expand this test suite, > but this will at least ensure that flags are having the intended effect. > > Signed-off-by: Matthew Maurer > --- > mm/kasan/Makefile | 9 ++++++++- > mm/kasan/kasan.h | 1 + > mm/kasan/{kasan_test.c =3D> kasan_test_c.c} | 11 +++++++++++ > mm/kasan/kasan_test_rust.rs | 19 +++++++++++++++++++ > 4 files changed, 39 insertions(+), 1 deletion(-) > rename mm/kasan/{kasan_test.c =3D> kasan_test_c.c} (99%) > create mode 100644 mm/kasan/kasan_test_rust.rs > > diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile > index 7634dd2a6128..d718b0f72009 100644 > --- a/mm/kasan/Makefile > +++ b/mm/kasan/Makefile > @@ -44,7 +44,8 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX > CFLAGS_KASAN_TEST +=3D -fno-builtin > endif > > -CFLAGS_kasan_test.o :=3D $(CFLAGS_KASAN_TEST) > +CFLAGS_kasan_test_c.o :=3D $(CFLAGS_KASAN_TEST) > +RUSTFLAGS_kasan_test_rust.o :=3D $(RUSTFLAGS_KASAN) > CFLAGS_kasan_test_module.o :=3D $(CFLAGS_KASAN_TEST) > > obj-y :=3D common.o report.o > @@ -54,3 +55,9 @@ obj-$(CONFIG_KASAN_SW_TAGS) +=3D init.o report_sw_tags.= o shadow.o sw_tags.o tags.o > > obj-$(CONFIG_KASAN_KUNIT_TEST) +=3D kasan_test.o > obj-$(CONFIG_KASAN_MODULE_TEST) +=3D kasan_test_module.o > + > +kasan_test-objs :=3D kasan_test_c.o > + > +ifdef CONFIG_RUST > +kasan_test-objs +=3D kasan_test_rust.o > +endif Let's put the kasan_test-objs directives before obj-$(CONFIG_KASAN_KUNIT_TEST): they come first logically. Also, I wonder, if something like kasan_test-objs-$(CONFIG_RUST) +=3D kasan_test_rust.o would work to make this shorter? > diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h > index fb2b9ac0659a..e5205746cc85 100644 > --- a/mm/kasan/kasan.h > +++ b/mm/kasan/kasan.h > @@ -566,6 +566,7 @@ static inline void kasan_kunit_test_suite_end(void) {= } > > bool kasan_save_enable_multi_shot(void); > void kasan_restore_multi_shot(bool enabled); > +char kasan_test_rust_uaf(void); You need ifdef CONFIG_RUST checks here and an empty definition when !CONFIG_RUST. Please build-test and run the KASAN test suite without CONFIG_RUST before sending the patches. Also, I think it's better to put this declaration next to kasan_kunit_test_suite_end: CONFIG_KASAN_MODULE_TEST is not tied to the added KASAN test. > > #endif > > diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test_c.c > similarity index 99% > rename from mm/kasan/kasan_test.c > rename to mm/kasan/kasan_test_c.c > index 7b32be2a3cf0..3a81e85a083f 100644 > --- a/mm/kasan/kasan_test.c > +++ b/mm/kasan/kasan_test_c.c > @@ -1899,6 +1899,16 @@ static void match_all_mem_tag(struct kunit *test) > kfree(ptr); > } > > +/* > + * Check that Rust performing a use-after-free using `unsafe` is detecte= d. > + * This is a smoke test to make sure that Rust is being sanitized proper= ly. > + */ > +static void rust_uaf(struct kunit *test) > +{ KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_RUST); > + KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf()); > +} > + > + > static struct kunit_case kasan_kunit_test_cases[] =3D { > KUNIT_CASE(kmalloc_oob_right), > KUNIT_CASE(kmalloc_oob_left), > @@ -1971,6 +1981,7 @@ static struct kunit_case kasan_kunit_test_cases[] = =3D { > KUNIT_CASE(match_all_not_assigned), > KUNIT_CASE(match_all_ptr_tag), > KUNIT_CASE(match_all_mem_tag), > + KUNIT_CASE(rust_uaf), > {} > }; > > diff --git a/mm/kasan/kasan_test_rust.rs b/mm/kasan/kasan_test_rust.rs > new file mode 100644 > index 000000000000..7239303b232c > --- /dev/null > +++ b/mm/kasan/kasan_test_rust.rs > @@ -0,0 +1,19 @@ > +// SPDX-License-Identifier: GPL-2.0 > + > +//! Helper crate for KASAN testing > +//! Provides behavior to check the sanitization of Rust code. > +use kernel::prelude::*; > +use core::ptr::addr_of_mut; > + > +/// Trivial UAF - allocate a big vector, grab a pointer partway through, > +/// drop the vector, and touch it. > +#[no_mangle] > +pub extern "C" fn kasan_test_rust_uaf() -> u8 { > + let mut v: Vec =3D Vec::new(); > + for _ in 0..4096 { > + v.push(0x42, GFP_KERNEL).unwrap(); > + } > + let ptr: *mut u8 =3D addr_of_mut!(v[2048]); > + drop(v); > + unsafe { *ptr } > +} > -- > 2.46.0.184.g6999bdac58-goog >