From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9222DC4829B for ; Sun, 11 Feb 2024 23:17:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BBE176B006E; Sun, 11 Feb 2024 18:17:13 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id B6D2F6B0072; Sun, 11 Feb 2024 18:17:13 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A35896B0074; Sun, 11 Feb 2024 18:17:13 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 8FCF56B006E for ; Sun, 11 Feb 2024 18:17:13 -0500 (EST) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 328AE1C10E0 for ; Sun, 11 Feb 2024 23:17:13 +0000 (UTC) X-FDA: 81781085946.04.E9AA154 Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by imf04.hostedemail.com (Postfix) with ESMTP id 667394000F for ; Sun, 11 Feb 2024 23:17:11 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=LxZmz6za; spf=pass (imf04.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.128.54 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1707693431; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8BelCqyqaTU+jGU/MDi1SS3yrhgj8pP4yG8n+9l1MNk=; b=oQ2jO394Y9baWfIhOkRoV0UDaDHeyGFu6fiphR65vyc6uwkqn/ys1kAAHZFSmcmiFbkZi1 sqYcBiqvzOC4PGNU0p2hX5KTiXaPcUpKypfoI2Z8HcGK8tODViDv8/wCFsqRGgG4OjGo7x sx74zimDsQem1E663rQcb0e2eIQKBk0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1707693431; a=rsa-sha256; cv=none; b=qVT9Ukrdv7a5SfXffT1IfLssTd5oRH35g+kyi4YvvjPm4Q7yPwhejcZCcR+Tkm5H7XDhlB FwypccXE6X8/QI1vfkRifKWafwmdTGnu45TDL+W4U0Am5Pv7pKkQza4Ox5PDn54yaTo7N6 X4PRy4KZBosZUXF2JfRWPfEpesvK/z8= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=LxZmz6za; spf=pass (imf04.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.128.54 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-41061f0a243so20974015e9.0 for ; Sun, 11 Feb 2024 15:17:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707693430; x=1708298230; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=8BelCqyqaTU+jGU/MDi1SS3yrhgj8pP4yG8n+9l1MNk=; b=LxZmz6zaL/1PqTljcMDreDNv1QFRSTsSjTNTJ5BuE+jhRHMvvgkFnX9fXgtW3VfTIR GTwyfVzRkCCc8WOsqnJsXBMaWplwSfmqDttrUdi/eCkTuKwtIZLrNcABjitqOo8UC7fl sjVpdwliamwM2iAtxkM3AiSnUhwVbCWBci27oVHMc5UaI5x8zdACg0tkJ9y8MBllDvPz VMEhBrOcyGm3G2zu4Tc3eJghbUHTedLk5qiBX+s2eNVk48alrhTPDZZQX8iYTL5bwXwq Tv1lz/QwedR8eDD/T9QQ5z8ppzqpxFhoFefEnYH8oq65E1tFDUflnd2JsH9Nos03+8pa BT2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707693430; x=1708298230; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8BelCqyqaTU+jGU/MDi1SS3yrhgj8pP4yG8n+9l1MNk=; b=rIb9fkVbFIIdA/oFNdHAQwaPzQlEX59q/VsYI8Y3pCxdmkd+b21OU2pe9Cxw/rNGyS 5AR/8pjHuk/quwNC4ha3QPy5BBaZZ7X17UOvNcI87a6Pd6xXWuZtewfnSYcCs8GZiWHF dqFJfZJNMq62cjhkbWkhNmrj0wpdAQuh8Ucz85ag+MmN628JO9xKD/BVtfybdxsw42Ix pkwnlSjNCTD5EV0OyvwaNML/YIBD8CguWYkn3+CKJQX4T+4mhFPdW+DIBKa8VKcIBtI5 LiHsXMqZdn7r2VmH1edD5dFu1bzApKejxH+0vTK8Txt+hJHG6m5U6spVAZTTYomEkeYj 2lLQ== X-Gm-Message-State: AOJu0YxT1vjtRapQ5OlUBkWn0qYrBSqbdNQgrlI7/kxAnQ6qbpJI2j9E X0hVpjt1IUwsXIfTkI2crudOv6dHXEZdN+HWbFWHHz/TVufjbmnobMHtGX/5pG2n4M7XMr9nt6q og4DR2ExIFnhtUcFK1f7iLu4x2Vs= X-Google-Smtp-Source: AGHT+IFFL/MKwizXOriFDstOkB8SNAUe6UMzjEPg2XrPAtb+ThnWt+digxgGf9Pux0b5RssTvp42Ayek14h5s66PUSw= X-Received: by 2002:adf:f812:0:b0:33b:66a1:d3d5 with SMTP id s18-20020adff812000000b0033b66a1d3d5mr3951831wrp.19.1707693429624; Sun, 11 Feb 2024 15:17:09 -0800 (PST) MIME-Version: 1.0 References: <20240202113259.3045705-1-paul.heidekrueger@tum.de> <20240211091720.145235-1-paul.heidekrueger@tum.de> In-Reply-To: <20240211091720.145235-1-paul.heidekrueger@tum.de> From: Andrey Konovalov Date: Mon, 12 Feb 2024 00:16:58 +0100 Message-ID: Subject: Re: [PATCH v2] kasan: add atomic tests To: =?UTF-8?Q?Paul_Heidekr=C3=BCger?= Cc: akpm@linux-foundation.org, dvyukov@google.com, elver@google.com, glider@google.com, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, ryabinin.a.a@gmail.com, vincenzo.frascino@arm.com, Mark Rutland Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 667394000F X-Rspam-User: X-Stat-Signature: cmxsuoto9htpkxx95bjksgmcdmnoskwe X-Rspamd-Server: rspam03 X-HE-Tag: 1707693431-367772 X-HE-Meta: U2FsdGVkX1+l3wFZrJZY2Sv1+KuM3B7TS2oQ8SN4pyVhYcQjJ02yEpg1ucdKBD2S0NKwOpP2h50HW/Y8J4VHku2bNsiK0Hg8AopEKV6y1W9fCpENkf1iFy+5iMmynryGdju2R1RzvkmpJEGlfjSPmfXLCNHWOvluSUTnjH9H0MSYEY38imtfPnu4boY7K4aIStAQJVhSdBUEMapysaK2xzPJwLrcp6YcqtkZvp8tZbJ/edChuA25zgkqLBhFIY0iDWe79Ga+ROtz+tEpCg12MATgXjA5D/p+9iCCYvaGS3bicSqb06tSq1yV2JtSucvEhTiyxyDP35qTzELyYtr3FQV0pDq12golvs2bM39yysigEaRun1s3VazNJ/ggpwQXMhlM4kZY/Mxxl3URuOnuseAp904G78iRtJVxh4KJ2n8kjZRtn0xwx1+Fs0qnPtEHnoEavtrJgzp9bB2hsgrFm2YwzqSlraYtDINpDYA+uI14i7OTDnJd7Pjy5Ydd3bY8SbT9eQUrIRvoPJRi/Fg+xyjB3FPsz1dzpxVMoje/16LdCel1YVI6Tp0lnGgWc1ev2X3oPqp/1eFv8mv9yeNzAELcgGQQdsA4dSNv1fPO6kQSXNFA0gVwkIuidK8mx/RhQ/lNZ+5tT7jq1lqtfgFZ8D4RafJGhKcvpkqfzjtY2nOHaJeGew+6bu9fq7ChuMsqLksDQ0TcOM+ZdXTqKE/Y0EtLbQEblWl99yLgmNI2A5s+ICV7qLXOvMtxmt9yibsOfPY6MdZzdTL6DbJTQULipYAtl3var+sd2XPRp9RGTWaLwzlzXhJGh3Fv3QkAGCzVlxlOPhwKmaa+4L3SYPZ9jlfKlBRrIuqyhwd8IGh69nl6UwxXoyW72hSrYAt3rMoAUbizdtJ0DqJwJN0aw9HTupfnplH5kJKSDQ74wzkYgc07xDr4+ZQsZE6rSLdzLO7W6CuoBnsjAuLWFg3Oty+ 6ME8cGaz uKLz1GkcFWCO0WnhVoUiKKtXXd/atKEO0jW0ZCyzBThpO8QH7WQOmoVzaLFSMRfKxmGVav+O3FslkVOXB76MdlDpPLYVrTBH4SrVkpGh0pRtXKK+GfCCwtFMJ8GVEiythcbxE/aehw5351zs4P1G4H73SEGrfbInU03xI3NFCkpwwah4EzkYYq4pi5TycHvRry0fELHi1MRUzNQrLs426yrVYVGEpEk7QVu/jySM1bkgwkwsRAbZU4ge6xUKHKL1RrD+hxBsbFQwzOxaWIVfS4JqeFMn4O9S2rbg0ur2UdNCdTGoC3khNPjatgqyoTaTKqvKorzQ6sN3Mb7wRqlmCTwwSxI6ZGOYNDHTZnWHGR7hg8y1q54/4lhTDkN1odYGdEAwh2p+8HW8i/rBK5ECk8dKpWhAlaqCSjH92UL4Zh0GaT6Rdfj5PuymlRlqyTZaE/4hiRmv80fHa+2dQi7R6qItPaxlcZcdEA0vwebwBjoTPakckm4HGVWxMFvHdKnjTip2mbPCi+y9LAug/wf+xrHtytC2mvEMoQDKtvhdhiVow1HI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sun, Feb 11, 2024 at 10:17=E2=80=AFAM Paul Heidekr=C3=BCger wrote: > > Test that KASan can detect some unsafe atomic accesses. > > As discussed in the linked thread below, these tests attempt to cover > the most common uses of atomics and, therefore, aren't exhaustive. > > CC: Marco Elver > CC: Andrey Konovalov > Link: https://lore.kernel.org/all/20240131210041.686657-1-paul.heidekrueg= er@tum.de/T/#u > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=3D214055 > Reviewed-by: Marco Elver > Tested-by: Marco Elver > Acked-by: Mark Rutland > Signed-off-by: Paul Heidekr=C3=BCger > --- > Changes PATCH v1 -> PATCH v2: > * Make explicit cast implicit as per Mark's feedback > * Increase the size of the "a2" allocation as per Andrey's feedback > * Add tags > > Changes PATCH RFC v2 -> PATCH v1: > * Remove casts to void* > * Remove i_safe variable > * Add atomic_long_* test cases > * Carry over comment from kasan_bitops_tags() > > Changes PATCH RFC v1 -> PATCH RFC v2: > * Adjust size of allocations to make kasan_atomics() work with all KASan = modes > * Remove comments and move tests closer to the bitops tests > * For functions taking two addresses as an input, test each address in a = separate function call. > * Rename variables for clarity > * Add tests for READ_ONCE(), WRITE_ONCE(), smp_load_acquire() and smp_sto= re_release() > > mm/kasan/kasan_test.c | 79 +++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 79 insertions(+) > > diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c > index 8281eb42464b..7bf09699b145 100644 > --- a/mm/kasan/kasan_test.c > +++ b/mm/kasan/kasan_test.c > @@ -1150,6 +1150,84 @@ static void kasan_bitops_tags(struct kunit *test) > kfree(bits); > } > > +static void kasan_atomics_helper(struct kunit *test, void *unsafe, void = *safe) > +{ > + int *i_unsafe =3D unsafe; > + > + KUNIT_EXPECT_KASAN_FAIL(test, READ_ONCE(*i_unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, WRITE_ONCE(*i_unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, smp_load_acquire(i_unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, smp_store_release(i_unsafe, 42)); > + > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_read(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_set(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_sub(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_and(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_andnot(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_or(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_xor(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_xchg(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_cmpxchg(unsafe, 21, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_try_cmpxchg(unsafe, safe, 42= )); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_try_cmpxchg(safe, unsafe, 42= )); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_sub_and_test(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add_negative(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add_unless(unsafe, 21, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_not_zero(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_unless_negative(unsafe))= ; > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_unless_positive(unsafe))= ; > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_if_positive(unsafe)); > + > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_read(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_set(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_sub(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_and(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_andnot(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_or(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_xor(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_xchg(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_cmpxchg(unsafe, 21, 42)= ); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_try_cmpxchg(unsafe, saf= e, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_try_cmpxchg(safe, unsaf= e, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_sub_and_test(42, unsafe= )); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add_negative(42, unsafe= )); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add_unless(unsafe, 21, = 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_not_zero(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_unless_negative(uns= afe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_unless_positive(uns= afe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_if_positive(unsafe)= ); > +} > + > +static void kasan_atomics(struct kunit *test) > +{ > + void *a1, *a2; > + > + /* > + * Just as with kasan_bitops_tags(), we allocate 48 bytes of memo= ry such > + * that the following 16 bytes will make up the redzone. > + */ > + a1 =3D kzalloc(48, GFP_KERNEL); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, a1); > + a2 =3D kzalloc(sizeof(atomic_long_t), GFP_KERNEL); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, a1); This should check for a2, not a1. Sorry for not spotting this before. > + > + /* Use atomics to access the redzone. */ > + kasan_atomics_helper(test, a1 + 48, a2); > + > + kfree(a1); > + kfree(a2); > +} > + > static void kmalloc_double_kzfree(struct kunit *test) > { > char *ptr; > @@ -1553,6 +1631,7 @@ static struct kunit_case kasan_kunit_test_cases[] = =3D { > KUNIT_CASE(kasan_strings), > KUNIT_CASE(kasan_bitops_generic), > KUNIT_CASE(kasan_bitops_tags), > + KUNIT_CASE(kasan_atomics), > KUNIT_CASE(kmalloc_double_kzfree), > KUNIT_CASE(rcu_uaf), > KUNIT_CASE(workqueue_uaf), > -- > 2.40.1 > With the mentioned change: Reviewed-by: Andrey Konovalov Thank you!