From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1D64C48292 for ; Mon, 5 Feb 2024 21:01:09 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 375AA6B0071; Mon, 5 Feb 2024 16:01:09 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 325BA6B0074; Mon, 5 Feb 2024 16:01:09 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1EDB16B0078; Mon, 5 Feb 2024 16:01:09 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 101506B0071 for ; Mon, 5 Feb 2024 16:01:09 -0500 (EST) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 94A19C06EB for ; Mon, 5 Feb 2024 21:01:08 +0000 (UTC) X-FDA: 81758970216.06.ECA0B3F Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by imf19.hostedemail.com (Postfix) with ESMTP id C0F4B1A001F for ; Mon, 5 Feb 2024 21:01:06 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=RpZR865M; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf19.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.128.42 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1707166866; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=X2K15Hg3yhqnl2UBe8X+/YSPQqkoXC0ybPHCaX0Zh/g=; b=oXQqSKVD97QA/ecvWubx0g7y7SKW7gvfq1VqpE30tsOlfRqGflvYGnGbsVvyyWMwwKhYTF 5zJMUbqEcLDKpaB/An5r5FTfCJrbLNhjhGuayDZArb7/Wce8sscP049nnG9EWbCn/y/zGH +UMpTaCbUUuwZsZc2oOCZVSGiDPeMZY= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=RpZR865M; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf19.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.128.42 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1707166866; a=rsa-sha256; cv=none; b=E2eaDmr/COi6ei3x1FuvWRl06VAxR9nBAPYWpsPagVx4kh+9ieiAyIYircWqEkmwUc4MdH WuUFi82JwrBohwHc67Oi0Km5itDZCPMAp29NnEVLiO1kCMHcD2nR4kL9g4OvK6TYQ4Kzb0 xgE42dJ56S0x08SEO9DE0kEUp5MrYu8= Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-40fc52c2ae4so32823205e9.3 for ; Mon, 05 Feb 2024 13:01:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707166865; x=1707771665; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=X2K15Hg3yhqnl2UBe8X+/YSPQqkoXC0ybPHCaX0Zh/g=; b=RpZR865MKDy6u2lBKOguxenrFcmv1q9LvlTeZNQzS0HYE8mhz0wCjYesp84kOEwgEw +0g85ZsfbQ2zSumnO2rfr95+hljzm6UyNGLJU2Rc+WN06LQ9EishQKIGIN5QlOkZl3Mn E0txH4xcpEU9n8YD+TUH8NgRq2VDC8tU8eC/SEw54bWMk/SLv81DgZkwysq3wUBY2FTL 1d+FcohOhFifOjBrP3zigk6q1OEQRmc05nmlva6jkMJonCbkXwPEt+GjAOo4e+TRAOsS XTcjGkHdzNZhMHTokRqp8L/c4q9va814BIKuN8PLaCsDuoB7SsD0rAUw+g8c3+kTACyA XezA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707166865; x=1707771665; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X2K15Hg3yhqnl2UBe8X+/YSPQqkoXC0ybPHCaX0Zh/g=; b=oJLmJjakFBFAK25w0dEF2wDWrfJaj9HwcH9up+C8Fc0klzDa8u4Xo8gdr4VSuWG5IH ZZbj0nR9U09ogDWuTEpOZQMBv0t/c6Dtq9Yuex9/Hx2zMcAmyUN37GzF0WpvMIhwwpKk AVQSpJcxg6sIMP1oklFjPQNiD0iUo6m3lAoxSiX14phACixNiiVKKVP97rzT3WsaM2nh On66q7sVzq0PdkUnyQ5Rnnnwl26BNWJiuuJhq5tzozjROkBMDKznAONKIH0daFHorCPO 3onfXkfDbjOnFNToceMTt9xcP7X0meHIEGeLSWJKDnDoZsMLDh9a1LWXygSVSQcL/H+B q7Bg== X-Gm-Message-State: AOJu0YzkFZ6Ouh8MgEfvjtzLKMhEIkOWgoGnMNNpwmk4m98OTZ10+xyN IzbdLTXlNa3dqD44n/3e5ejOIwaObTN2uROr8MRDk892OlCalycUcaLtogC4cEbmo2ZvE7z8N9q KOYf+F7K341Oc7dMKEeEI/dsuL+U= X-Google-Smtp-Source: AGHT+IHv7CWDrlJc0y95Et/8uxW/u+e33lGEvUS6q5bJN3/r7tYPHSiz//ebwdGTRN968PxNRNmtl7sKxMDYX+zeI0k= X-Received: by 2002:a5d:4b4e:0:b0:33b:1a43:578 with SMTP id w14-20020a5d4b4e000000b0033b1a430578mr484273wrs.25.1707166864881; Mon, 05 Feb 2024 13:01:04 -0800 (PST) MIME-Version: 1.0 References: <20240202113259.3045705-1-paul.heidekrueger@tum.de> In-Reply-To: <20240202113259.3045705-1-paul.heidekrueger@tum.de> From: Andrey Konovalov Date: Mon, 5 Feb 2024 22:00:53 +0100 Message-ID: Subject: Re: [PATCH] kasan: add atomic tests To: =?UTF-8?Q?Paul_Heidekr=C3=BCger?= Cc: elver@google.com, akpm@linux-foundation.org, dvyukov@google.com, glider@google.com, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, ryabinin.a.a@gmail.com, vincenzo.frascino@arm.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: C0F4B1A001F X-Stat-Signature: px5hndzxebcou61tx8fuhmx7qf6j9boc X-HE-Tag: 1707166866-734137 X-HE-Meta: U2FsdGVkX19LdaMmpmKEdWev2BWZ384nKZaJ8VUvJIx2hWGAJUlke9Jb7nukzVsG94y59TMPpFj9ipVa4xIqmfzUawYsR4DM2s9DbuSqxHljiiAlCIG8+8wCz0Y8JgVzzlCEh3qNiR6ej+RUEqZO7ovxIIx2QoiYqETBEmhHIh+hGH0IjyNOq+EV/wSJEl0df8ye/JVPvX7UYtc4nvXdNESNNDdPllOREqNPgpKm5Gf454iM/fW5yZe3CYuA7YFE9FWI7jBUm2VMStZ+bpRtbiQl9ONwlXP9x6I5HgmJmUWPa0ClK1vJxvBbrncloSs0aSRulc72UQkTWFE7C45xfGZbRhfMXmsdic8oHa7OUpex+5/Wu20LfX5xeq9G0CbEOcqGjr8b6ISpOYTeA+NtKvlfLNFAjzSl8vbWWjji45wWMvqLJnoJ+ARjScMzMp6tMlDcBk90UKGtapvk8stqgq8nhk5JL7Wni87hqLFRMrCZfuKHVSajQUd9b2oCnHg7BcQZdvZKjTh9EQ1uNlxMsXBlY4a2QwJrHNLmzLb5UVpl5VW8DjZiJ1n+ns2oest9Fst+lAghUtizKgY0kONGv1IQ7zSB3EWhMsZNgvpXFHiMJQM+OGTRurLi+FmW9+5xSZlZEru4hU2mJQ8IktjHLk4AWSCT/ef55wy/1qGZxxXXEpop1izER9rInkQSnwTKObpLFvkydAAXNeSxlwqW3Y9XWuGL/YsxrOLFVlcm/jD5lOxEBpvO9JQ4bfG9mNuUEdQyGOGheDLwkhQUJacvkz+ceN3+AwPtevx0KG9H9y85FZ+jZJsBt55X5n27QMuR99baZpWSftw64qsYQdNRueAsZtOcyTonHwA0J810PyBlTT+c1tP6nig06p+xuHZTaWKLSwSCc2uUtqfMOd8dO2825gBWr0rESdewaJalk/aKEkKOQVUfwXAa765rpczOQhIJiZYXWJLw980Cizb IH8wT1MW RYlfNGR5RZEk8Yj0jeqRDavTSS4tG3jz9aWpn6Zh6ReDHMRCkW8czSJXSC4owUntasjFFBLb73AhwXuBAVm1HW7L+VsnS8JQ3/di6Z+bUKiHHvcXkheQ0LYhsfrB52RGOp/oia4CgM6pdswVQ8xOIFGij/iRSiJ7s8IastQXFBYWOJISn312m/LatXe/3dL2qrwNFmxq+oGIHLJAYQgdZztgi+TZ4nv5vxjoryXio6hiAxtahrm8BQKoh/ASxG7GovXdBGDz9DEVsfWk4Ymg+xZ2bY2GK7i7NMSCDZM2yQ3Fyr9HWaUnvrE+7Qw5QULmKbsPy/KVO/AF0LtNzPJbtJpj1YwBwiHIwP04YvvstKle3R6RHSK1C8o/Jvy+wjguXHtosx9TIKMjMjfq3AfZ7w7tuVAi3LP8SGSqG+6aQKvkz8oQyvWPlU847qDE3L9Yd+0tN5+k3Xyjbst0RQXmXpp9etf5SeWhChK5KFUqqXURDlzyQ0oKkclZRsA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Feb 2, 2024 at 12:33=E2=80=AFPM Paul Heidekr=C3=BCger wrote: > > Test that KASan can detect some unsafe atomic accesses. > > As discussed in the linked thread below, these tests attempt to cover > the most common uses of atomics and, therefore, aren't exhaustive. > > CC: Marco Elver > CC: Andrey Konovalov > Link: https://lore.kernel.org/all/20240131210041.686657-1-paul.heidekrueg= er@tum.de/T/#u > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=3D214055 > Signed-off-by: Paul Heidekr=C3=BCger > --- > Changes PATCH RFC v2 -> PATCH v1: > * Remove casts to void* > * Remove i_safe variable > * Add atomic_long_* test cases > * Carry over comment from kasan_bitops_tags() > > Changes PATCH RFC v1 -> PATCH RFC v2: > * Adjust size of allocations to make kasan_atomics() work with all KASan = modes > * Remove comments and move tests closer to the bitops tests > * For functions taking two addresses as an input, test each address in a = separate function call. > * Rename variables for clarity > * Add tests for READ_ONCE(), WRITE_ONCE(), smp_load_acquire() and smp_sto= re_release() > > mm/kasan/kasan_test.c | 79 +++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 79 insertions(+) > > diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c > index 8281eb42464b..4ef2280c322c 100644 > --- a/mm/kasan/kasan_test.c > +++ b/mm/kasan/kasan_test.c > @@ -1150,6 +1150,84 @@ static void kasan_bitops_tags(struct kunit *test) > kfree(bits); > } > > +static void kasan_atomics_helper(struct kunit *test, void *unsafe, void = *safe) > +{ > + int *i_unsafe =3D (int *)unsafe; > + > + KUNIT_EXPECT_KASAN_FAIL(test, READ_ONCE(*i_unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, WRITE_ONCE(*i_unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, smp_load_acquire(i_unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, smp_store_release(i_unsafe, 42)); > + > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_read(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_set(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_sub(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_and(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_andnot(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_or(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_xor(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_xchg(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_cmpxchg(unsafe, 21, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_try_cmpxchg(unsafe, safe, 42= )); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_try_cmpxchg(safe, unsafe, 42= )); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_sub_and_test(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add_negative(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add_unless(unsafe, 21, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_not_zero(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_unless_negative(unsafe))= ; > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_unless_positive(unsafe))= ; > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_if_positive(unsafe)); > + > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_read(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_set(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_sub(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_and(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_andnot(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_or(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_xor(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_xchg(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_cmpxchg(unsafe, 21, 42)= ); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_try_cmpxchg(unsafe, saf= e, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_try_cmpxchg(safe, unsaf= e, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_sub_and_test(42, unsafe= )); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add_negative(42, unsafe= )); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add_unless(unsafe, 21, = 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_not_zero(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_unless_negative(uns= afe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_unless_positive(uns= afe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_if_positive(unsafe)= ); > +} > + > +static void kasan_atomics(struct kunit *test) > +{ > + void *a1, *a2; > + > + /* > + * Just as with kasan_bitops_tags(), we allocate 48 bytes of memo= ry such > + * that the following 16 bytes will make up the redzone. > + */ > + a1 =3D kzalloc(48, GFP_KERNEL); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, a1); > + a2 =3D kzalloc(sizeof(int), GFP_KERNEL); I think this should be sizeof(atomic_long_t) or sizeof(long), otherwise a2 will not work as the safe argument for atomic_long_try_cmpxchg on 64-bit architectures. > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, a1); > + > + /* Use atomics to access the redzone. */ > + kasan_atomics_helper(test, a1 + 48, a2); > + > + kfree(a1); > + kfree(a2); > +} > + > static void kmalloc_double_kzfree(struct kunit *test) > { > char *ptr; > @@ -1553,6 +1631,7 @@ static struct kunit_case kasan_kunit_test_cases[] = =3D { > KUNIT_CASE(kasan_strings), > KUNIT_CASE(kasan_bitops_generic), > KUNIT_CASE(kasan_bitops_tags), > + KUNIT_CASE(kasan_atomics), > KUNIT_CASE(kmalloc_double_kzfree), > KUNIT_CASE(rcu_uaf), > KUNIT_CASE(workqueue_uaf), > -- > 2.40.1 >