From: Peter Collingbourne <pcc@google.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrey Konovalov <andreyknvl@gmail.com>,
Alexander Potapenko <glider@google.com>,
George Popescu <georgepope@android.com>,
Elena Petrova <lenaptr@google.com>,
Evgenii Stepanov <eugenis@google.com>,
Linux Memory Management List <linux-mm@kvack.org>,
stable@vger.kernel.org
Subject: Re: [PATCH] kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled
Date: Mon, 10 May 2021 10:16:37 -0700 [thread overview]
Message-ID: <CAMn1gO6M1tQGx1M6HjZ-5Bw_66zFZFw-xSAOOZjeSo09gYV2qg@mail.gmail.com> (raw)
In-Reply-To: <20210508173009.781b8a401fefc2ab71cb3907@linux-foundation.org>
On Sat, May 8, 2021 at 5:30 PM Andrew Morton <akpm@linux-foundation.org> wrote:
>
> On Thu, 6 May 2021 14:20:25 -0700 Peter Collingbourne <pcc@google.com> wrote:
>
> > These tests deliberately access these arrays out of bounds,
> > which will cause the dynamic local bounds checks inserted by
> > CONFIG_UBSAN_LOCAL_BOUNDS to fail and panic the kernel. To avoid this
> > problem, access the arrays via volatile pointers, which will prevent
> > the compiler from being able to determine the array bounds.
>
> Huh. Is this use of volatile the official way of suppressing the
> generation of the checking code or is it just something which happened
> to work? I'm wondering if this workaround should be formalized in some
> fashion (presumably a wrapper) rather than mysteriously and
> unexplainedly open-coding it like this.
I would consider it the official way in the sense that the compiler
must assume that the pointer that it loads from the address of "array"
has an arbitrary value due to the volatile qualifier, and the array
bounds stuff follows from that. Actually I don't think the compiler is
powerful enough yet to look through the store and load of "array", but
if it were, I think that would be the right way to suppress the
analysis.
Is the comment that I added in v2 not enough here?
Peter
prev parent reply other threads:[~2021-05-10 17:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-06 21:20 Peter Collingbourne
2021-05-06 22:12 ` Andrey Konovalov
2021-05-06 23:47 ` Peter Collingbourne
2021-05-06 23:57 ` Andrey Konovalov
2021-05-07 2:59 ` Peter Collingbourne
2021-05-09 0:30 ` Andrew Morton
2021-05-10 17:16 ` Peter Collingbourne [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMn1gO6M1tQGx1M6HjZ-5Bw_66zFZFw-xSAOOZjeSo09gYV2qg@mail.gmail.com \
--to=pcc@google.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=eugenis@google.com \
--cc=georgepope@android.com \
--cc=glider@google.com \
--cc=lenaptr@google.com \
--cc=linux-mm@kvack.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox