From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5873CC52D7B for ; Tue, 13 Aug 2024 22:53:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A808C6B0082; Tue, 13 Aug 2024 18:53:57 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A09BF6B0083; Tue, 13 Aug 2024 18:53:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8AB016B0085; Tue, 13 Aug 2024 18:53:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 698956B0082 for ; Tue, 13 Aug 2024 18:53:57 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 0F6941C3994 for ; Tue, 13 Aug 2024 22:53:57 +0000 (UTC) X-FDA: 82448726514.21.0B2B9AE Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) by imf29.hostedemail.com (Postfix) with ESMTP id 3257312002E for ; Tue, 13 Aug 2024 22:53:54 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=UsSqC3Fk; spf=pass (imf29.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.47 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1723589623; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4cttOyHmXr3Ka8gJTh+VvrIxgAB9wJeCTQuXopG67ZQ=; b=3xJ9yxqtKq8oOSLubUPXRvgWeAh6M2jcKLd+YPlkm81N+qtZtWFriQeEcKApRv+qgwCeOo jkANkx+Me6lcnV2TTd2LlMR91AkyDRI0S5+dhSZSvS/GfDyDr9MqHw1cmFu3ueyWlr7YNI ahO8wYjibmNx1OByFeOY25TOUMiHuWU= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=UsSqC3Fk; spf=pass (imf29.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.47 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1723589623; a=rsa-sha256; cv=none; b=vVcSzCQdquplw87i8BoDxttjp7+8F4s+BXkTyB294tl4jFsf+MQAC15pVgVE9EzJbfDQ5J vzYrP5Qj/LmKVCtHOfmlUQtIyZae2dLMmXT3HzLjWWSMCIu+tLC6H7UW11KPYQITql+XtG 04FkMyjJ8g+IOpdjmuvbqo5NmntcrKs= Received: by mail-wr1-f47.google.com with SMTP id ffacd0b85a97d-369f68f63b1so3489428f8f.2 for ; Tue, 13 Aug 2024 15:53:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723589633; x=1724194433; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=4cttOyHmXr3Ka8gJTh+VvrIxgAB9wJeCTQuXopG67ZQ=; b=UsSqC3FkaUUzajjlsNufAKzMxq3Kzkw9Rsnt4dwOofszWJQNXA1seKlAfyEdUdF65D R0ue26ZYrN3coHW8t3dAuxAD+yTJTtDttzk8pJrhpG7avumfxgLt5GKJ+2qtaLKzHFKs +cSMEPDLWpfZeMKczeXry2Us2AUz2mI7ouX/vSKPj/Z0Evj9HxzJF5/npEiNVW0pNA4m RAd1R1zdc6F3o5gVh1lg7THAcQWrMrH7R1tFYHaOxEmeq/560y1I+TgVEShzZPStHBCN b4G6UQ5/9kj56jKPH46LlwA+hyTsgm3B/9QIiPZq3jsdZwFawY8AEg+F398DzwkAWkEk 2JgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723589633; x=1724194433; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4cttOyHmXr3Ka8gJTh+VvrIxgAB9wJeCTQuXopG67ZQ=; b=qKv/waXvOaotK687D6rJ6Qic/8SHrFpIH2jzhnMmyXsL3bSwJj7hvpVNdNWQ/y8DCR +Yo/4R/RGEOHvoWy96q4JcFeW6odHXPeHs/5LMCAty8yIkLlulLnD4s61zySxKEybyRV cnnsrmlHoVJS9vGQvZSXtmAMkAsaTTZqyx9mN3G2azB8RjFwNAZ42Au4i/+0KkTd8iUH i5+sEDTgfE6eHXrtxRWIzjbrgtW4VbsS9nYb+BmFiqJhWHY1xARjQQOxK1urQhabMIGJ Htn352J04mIhhqf8FjFrtCVWAnRleAd2nKH3Xfr/L9XB3yOMPDvWCuLvS//P2sdUOXcP 7/xw== X-Forwarded-Encrypted: i=1; AJvYcCXIafSS4ATkMXYyiyZVuRkJsDpx9efXSpxlZR/C+laX+d/52lxTOInkqDhdYtn6tDBP3NQRr/5QPAvJFbku7AcKx9o= X-Gm-Message-State: AOJu0Yz2gED/Y8B2FDeOnc64Su0xBRK4ZS3Y379lEN/JHG7QYDo/3RY9 y4ho4qcFe+SAPjygc2hBeo73jXI5JfEGqyxjAduafd0i3TeTGsr0BhzVqNSjanA5NUpd4M4jFfG h7rlac8H5BnP2tWcezd4aJltYEo8= X-Google-Smtp-Source: AGHT+IEECoJkMB9xURSOa56jikc44tbEryXp3UYu/nA3WhLVRxfXsGIxnjB/vwMfYCeY+GbiIy7NPDu+RIwHan2qhMs= X-Received: by 2002:a5d:5223:0:b0:367:99d8:70 with SMTP id ffacd0b85a97d-3717782761emr565874f8f.61.1723589633180; Tue, 13 Aug 2024 15:53:53 -0700 (PDT) MIME-Version: 1.0 References: <20240812232910.2026387-1-mmaurer@google.com> <20240812232910.2026387-4-mmaurer@google.com> In-Reply-To: <20240812232910.2026387-4-mmaurer@google.com> From: Andrey Konovalov Date: Wed, 14 Aug 2024 00:53:42 +0200 Message-ID: Subject: Re: [PATCH v2 3/3] kasan: rust: Add KASAN smoke test via UAF To: Matthew Maurer Cc: dvyukov@google.com, ojeda@kernel.org, Andrey Ryabinin , Andrew Morton , Alex Gaynor , Wedson Almeida Filho , aliceryhl@google.com, samitolvanen@google.com, Alexander Potapenko , Vincenzo Frascino , Boqun Feng , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, rust-for-linux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Stat-Signature: qh4e7xdwg8jwpgueta4hsuu4wswn56ub X-Rspamd-Queue-Id: 3257312002E X-Rspamd-Server: rspam11 X-HE-Tag: 1723589634-497502 X-HE-Meta: U2FsdGVkX19HKiOsHFEK7bVYITn6JzQz0jjsbmPsyyefvOeCm6bWFzGUmyKogHYYNByCV4+gVNokIaktWAC2h+Gjac5m2fNZ9aBVswpS+e6bdhVEWOp4CkyEQhBc8Tpc6LJFKWpK9G3dAfhvOPkKpPvV9LmucJ/ocsabKug5jZxUG9EJJmKs8zDVvKfnkc0bLwqXxv9I1aJiXSWX7exYOKEMw491phpR1TUt4ABOC1ivhLMEHFk+H+y8pXLM4F5Qj1ShrmO3NV/Uc0ZRg1iVPwY9WMPK6gFCGwt4AK6Ez5Tua/QtyQ47gkSgT9LPn/UWoeVaL1wq9j3vGrzPMy+waAeVzCrX/yt08XY53h4HzfvOPw13gRj1gwd+hzqe2RqfYol/9Pw5ezp/wyQlwp7HlmNf4Y1CBZC/akg+vQZaC8Bw7s5RDencWHEVn/J3Wgp7WoxyZtD8hxnDsGppjhYicqQu7YpAeJ7KzGSw+v0ML+jFZfVdSVwPGmKpuPliSHxWT9qWhbVwhyXvIotClGr7d3SGP2PAVyCd3+gXvAGyyVMwa22iTNNhqaE8Q0zKbPe9DXEu1UThDzeT3pB1+KmjihyCiqYgDE3QCuOpPe5uyzsCcad4Wo/5QIaY3sqUNdb1eUDacsm7GpVWwC6yL/J/LoJRFPg2TgMuDTsCTyKf/OY1QHHBvcyHYVqcgAKs30Wg06es9tSE7BOPjkWXJr9Ty3N0d2loSQ9bbWe+mkS81sBEDTo+PEfrFnM/2d9VWl2nt1vVK3cLjQ5fnWDnT7GE7tEM4yEyWI/cSNG/C/6U3MP/bohXzE4lHfDa67dhOGb3fKjQkc+19so+Sx0vJLANFUWggqUBMV0zF4YqmWyyHS4bKVYyVVNpjPvTSUAFguGIfWlw16b/aTth36PHtZtOes1M9x+xLqO4pOJVEFrIs0GBA4hQEtHQ2uEsKcIceiXznXbt2Sy7gFwyEjr/tAV xAwxjtN6 PIs64n9XUD6cz6dtl3oUoSc7VlmUJXbM/CaKoIRxUxECS+ESKL+kXSH3GHN3yYhkFwJhFZHklErDI5LhlCeQkqV9f2AGGgMefbLdgCIxJyrakqGDbAfPc3sGxrnoj1NHC4p6iRTa60r34np/Um+02hpJknzA0RI+dLQy9qWzWBUM0yB6tCz05+lXBu+I7KlsNRmnoavaUKJHrppfjX+z6OWl/rHJs2q/0LIN1YGnG//QjO2TvcZF6UuuOqUhZCOE3ohhKD1fpkvVcqsl0P36Mhkvrrz1fKpYshzBLCeY7jDaR3LSMxKp194sxpkSv7FrhfiDu6YbF7TNNMC8wEJN1SHU5mvr890cn7ukGUePo2Bld2F+85Sqpubxm6XE5Y0sTPiZK+YllnvB46W8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Aug 13, 2024 at 1:29=E2=80=AFAM Matthew Maurer = wrote: > > Adds a smoke test to ensure that KASAN in Rust is actually detecting a > Rust-native UAF. There is significant room to expand this test suite, > but this will at least ensure that flags are having the intended effect. > > Signed-off-by: Matthew Maurer > --- > mm/kasan/Makefile | 9 ++++++++- > mm/kasan/{kasan_test.c =3D> kasan_test_c.c} | 13 +++++++++++++ > mm/kasan/kasan_test_rust.rs | 17 +++++++++++++++++ > 3 files changed, 38 insertions(+), 1 deletion(-) > rename mm/kasan/{kasan_test.c =3D> kasan_test_c.c} (99%) > create mode 100644 mm/kasan/kasan_test_rust.rs > > diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile > index 7634dd2a6128..d718b0f72009 100644 > --- a/mm/kasan/Makefile > +++ b/mm/kasan/Makefile > @@ -44,7 +44,8 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX > CFLAGS_KASAN_TEST +=3D -fno-builtin > endif > > -CFLAGS_kasan_test.o :=3D $(CFLAGS_KASAN_TEST) > +CFLAGS_kasan_test_c.o :=3D $(CFLAGS_KASAN_TEST) Let's keep the kasan_test.c name for the C tests to avoid changing the module name. Naming Rust tests as kasan_test_rust.rs seems to be sufficient. > +RUSTFLAGS_kasan_test_rust.o :=3D $(RUSTFLAGS_KASAN) > CFLAGS_kasan_test_module.o :=3D $(CFLAGS_KASAN_TEST) > > obj-y :=3D common.o report.o > @@ -54,3 +55,9 @@ obj-$(CONFIG_KASAN_SW_TAGS) +=3D init.o report_sw_tags.= o shadow.o sw_tags.o tags.o > > obj-$(CONFIG_KASAN_KUNIT_TEST) +=3D kasan_test.o > obj-$(CONFIG_KASAN_MODULE_TEST) +=3D kasan_test_module.o > + > +kasan_test-objs :=3D kasan_test_c.o > + > +ifdef CONFIG_RUST > +kasan_test-objs +=3D kasan_test_rust.o > +endif > diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test_c.c > similarity index 99% > rename from mm/kasan/kasan_test.c > rename to mm/kasan/kasan_test_c.c > index 7b32be2a3cf0..28821c90840e 100644 > --- a/mm/kasan/kasan_test.c > +++ b/mm/kasan/kasan_test_c.c > @@ -30,6 +30,7 @@ > #include > > #include "kasan.h" > +#include "kasan_test_rust.h" You forgot to include this file into the patch. But I don't think you even need to create a new include file: just put the new test function's declaration to kasan.h next to the other test-related functions (e.g. after the part with kasan_restore_multi_shot). > > #define OOB_TAG_OFF (IS_ENABLED(CONFIG_KASAN_GENERIC) ? 0 : KASAN_GRANUL= E_SIZE) > > @@ -1899,6 +1900,17 @@ static void match_all_mem_tag(struct kunit *test) > kfree(ptr); > } > > +/* > + * Check that Rust performing a uaf using `unsafe` is detected. uaf -> use-after-free or UAF > + * This is an undirected smoke test to make sure that Rust is being sani= tized > + * appropriately. What is an undirected test? Let's drop this word, it is confusing. > + */ > +static void rust_uaf(struct kunit *test) > +{ > + KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf()); > +} > + > + > static struct kunit_case kasan_kunit_test_cases[] =3D { > KUNIT_CASE(kmalloc_oob_right), > KUNIT_CASE(kmalloc_oob_left), > @@ -1971,6 +1983,7 @@ static struct kunit_case kasan_kunit_test_cases[] = =3D { > KUNIT_CASE(match_all_not_assigned), > KUNIT_CASE(match_all_ptr_tag), > KUNIT_CASE(match_all_mem_tag), > + KUNIT_CASE(rust_uaf), > {} > }; > > diff --git a/mm/kasan/kasan_test_rust.rs b/mm/kasan/kasan_test_rust.rs > new file mode 100644 > index 000000000000..6f4b43ea488c > --- /dev/null > +++ b/mm/kasan/kasan_test_rust.rs > @@ -0,0 +1,17 @@ > +//! Helper crate for KASAN testing > +//! Provides behavior to check the sanitization of Rust code. > +use kernel::prelude::*; > +use core::ptr::addr_of_mut; > + > +/// Trivial UAF - allocate a big vector, grab a pointer partway through, > +/// drop the vector, and touch it. > +#[no_mangle] > +pub extern "C" fn kasan_test_rust_uaf() -> u8 { > + let mut v: Vec =3D Vec::new(); > + for _ in 0..4096 { > + v.push(0x42, GFP_KERNEL).unwrap(); > + } > + let ptr: *mut u8 =3D addr_of_mut!(v[2048]); > + drop(v); > + unsafe { *ptr } > +} > -- > 2.46.0.76.ge559c4bf1a-goog >