From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1B7EC433B4 for ; Fri, 7 May 2021 13:42:58 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 01DDB610A5 for ; Fri, 7 May 2021 13:42:57 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 01DDB610A5 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 51D596B00AA; Fri, 7 May 2021 09:42:57 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4CDB16B00AB; Fri, 7 May 2021 09:42:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 347016B00AC; Fri, 7 May 2021 09:42:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0043.hostedemail.com [216.40.44.43]) by kanga.kvack.org (Postfix) with ESMTP id 148A66B00AA for ; Fri, 7 May 2021 09:42:57 -0400 (EDT) Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id B2C0CA76E for ; Fri, 7 May 2021 13:42:56 +0000 (UTC) X-FDA: 78114550752.22.CE59B27 Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42]) by imf27.hostedemail.com (Postfix) with ESMTP id 217BF80192C7 for ; Fri, 7 May 2021 13:42:24 +0000 (UTC) Received: by mail-ej1-f42.google.com with SMTP id zg3so13683187ejb.8 for ; Fri, 07 May 2021 06:42:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wA8Er9sN+NdBzsS6Ly08TOHkeRbO4N8ntYcG2R5kBMM=; b=bXYd3GPOrAvlHEHHQi0+BCw+f7lSDIYnV7sTDWVDLT2U/rr8zyEIPZAOpoLuobJhNp hivXBE5qLzjZ0fKRBFHRpgvHK3PiGD/bkfMip1f6TbwI0XZqhLVu3hSODEqjUT+WKTFS 9y243K6c27ikzYhiwqCkKo7cCatexlfZc+3d2EOnbIUEnd3Tt0NajCe7kfbcD+oeGT7L N01Ri5wJDavVdZnV+opNvvZqx0XcTsEpxOuZw6tgG7uYLxNqd1193RtwI+dBDA5JPh1F e4N3fYNBbu4GD8mXh8OCV5Ytl8sEU59iBuUyq8d5qex0jSQ2WHrLwBLNddgrtW4U+ep9 HycQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wA8Er9sN+NdBzsS6Ly08TOHkeRbO4N8ntYcG2R5kBMM=; b=nt838cgXIXw1Rx4+BgMZ0akp4H1bJGxPKkhlnsb1o6C02+td+93BB5VBzr+0yVwjjP NYzHEdzfHq7KEd8vtPz5a2O9Mvh08wfyBma6YOuP+DeNly37XO6IdGQvyUSUzIfStQlI 4MAWsNUvPhh/tFPFS5YeyE9eGexr8KCYnjZqCp2S+D7goqRh6TrNmq1w0Fz5Xe6DUMJK KjDxfFinOZNAkjJmC2R6rCIlBbisqPPknWaumD3KU1sN5NgNt+EIU1ii1baLUljABb+3 pcXNXR2JhHeicU8KhNw4LiEyjvJ73Xb07gKg1kDmyCQ+MKJqAMmdnI59SYJVYuzUaZwF /5Eg== X-Gm-Message-State: AOAM530kEQFE67c/vaxOlLUcwjUDqeutqFT5HazNoH2p84xU5elblCq/ UdjuV5A3Glj3rWWUgo7Zjqi/WG+A3c++M0A29bQ= X-Google-Smtp-Source: ABdhPJy061vDpchVVDzyyXQONE66x6tLkFrD9OFILubzrSMdTqWpm1vc9fFBBk3sTL6SpxdTS9MNXtSNoHX7vP2xWQM= X-Received: by 2002:a17:906:14c1:: with SMTP id y1mr10382710ejc.481.1620394975101; Fri, 07 May 2021 06:42:55 -0700 (PDT) MIME-Version: 1.0 References: <20210507025915.1464056-1-pcc@google.com> In-Reply-To: <20210507025915.1464056-1-pcc@google.com> From: Andrey Konovalov Date: Fri, 7 May 2021 15:42:44 +0200 Message-ID: Subject: Re: [PATCH v2] kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled To: Peter Collingbourne Cc: Alexander Potapenko , George Popescu , Elena Petrova , Evgenii Stepanov , Andrew Morton , Linux Memory Management List , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=bXYd3GPO; spf=pass (imf27.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.218.42 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 217BF80192C7 X-Stat-Signature: 5wdd3dhgmi1mqwgoq1tfijs5gmexg5ac Received-SPF: none (gmail.com>: No applicable sender policy available) receiver=imf27; identity=mailfrom; envelope-from=""; helo=mail-ej1-f42.google.com; client-ip=209.85.218.42 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1620394944-75670 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, May 7, 2021 at 4:59 AM Peter Collingbourne wrote: > > These tests deliberately access these arrays out of bounds, > which will cause the dynamic local bounds checks inserted by > CONFIG_UBSAN_LOCAL_BOUNDS to fail and panic the kernel. To avoid this > problem, access the arrays via volatile pointers, which will prevent > the compiler from being able to determine the array bounds. > > These accesses use volatile pointers to char (char *volatile) rather > than the more conventional pointers to volatile char (volatile char *) > because we want to prevent the compiler from making inferences about > the pointer itself (i.e. its array bounds), not the data that it > refers to. > > Signed-off-by: Peter Collingbourne > Cc: stable@vger.kernel.org > Link: https://linux-review.googlesource.com/id/I90b1713fbfa1bf68ff895aef099ea77b98a7c3b9 > --- > lib/test_kasan.c | 29 +++++++++++++++++++++++------ > 1 file changed, 23 insertions(+), 6 deletions(-) > > diff --git a/lib/test_kasan.c b/lib/test_kasan.c > index dc05cfc2d12f..cacbbbdef768 100644 > --- a/lib/test_kasan.c > +++ b/lib/test_kasan.c > @@ -654,8 +654,20 @@ static char global_array[10]; > > static void kasan_global_oob(struct kunit *test) > { > - volatile int i = 3; > - char *p = &global_array[ARRAY_SIZE(global_array) + i]; > + /* > + * Deliberate out-of-bounds access. To prevent CONFIG_UBSAN_LOCAL_BOUNDS > + * from failing here and panicing the kernel, access the array via a > + * volatile pointer, which will prevent the compiler from being able to > + * determine the array bounds. > + * > + * This access uses a volatile pointer to char (char *volatile) rather > + * than the more conventional pointer to volatile char (volatile char *) > + * because we want to prevent the compiler from making inferences about > + * the pointer itself (i.e. its array bounds), not the data that it > + * refers to. > + */ > + char *volatile array = global_array; > + char *p = &array[ARRAY_SIZE(global_array) + 3]; > > /* Only generic mode instruments globals. */ > KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC); > @@ -703,8 +715,9 @@ static void ksize_uaf(struct kunit *test) > static void kasan_stack_oob(struct kunit *test) > { > char stack_array[10]; > - volatile int i = OOB_TAG_OFF; > - char *p = &stack_array[ARRAY_SIZE(stack_array) + i]; > + /* See comment in kasan_global_oob. */ > + char *volatile array = stack_array; > + char *p = &array[ARRAY_SIZE(stack_array) + OOB_TAG_OFF]; > > KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_STACK); > > @@ -715,7 +728,9 @@ static void kasan_alloca_oob_left(struct kunit *test) > { > volatile int i = 10; > char alloca_array[i]; > - char *p = alloca_array - 1; > + /* See comment in kasan_global_oob. */ > + char *volatile array = alloca_array; > + char *p = array - 1; > > /* Only generic mode instruments dynamic allocas. */ > KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC); > @@ -728,7 +743,9 @@ static void kasan_alloca_oob_right(struct kunit *test) > { > volatile int i = 10; > char alloca_array[i]; > - char *p = alloca_array + i; > + /* See comment in kasan_global_oob. */ > + char *volatile array = alloca_array; > + char *p = array + i; > > /* Only generic mode instruments dynamic allocas. */ > KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC); > -- > 2.31.1.607.g51e8a6a459-goog > Reviewed-by: Andrey Konovalov Thanks!