From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ECACEC4828D for ; Mon, 5 Feb 2024 14:09:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2AAB36B0071; Mon, 5 Feb 2024 09:09:05 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 25A056B0072; Mon, 5 Feb 2024 09:09:05 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0FC936B0078; Mon, 5 Feb 2024 09:09:05 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id E7C0F6B0072 for ; Mon, 5 Feb 2024 09:09:04 -0500 (EST) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 75C85140B08 for ; Mon, 5 Feb 2024 14:09:04 +0000 (UTC) X-FDA: 81757931808.14.9CB66CD Received: from mail-ua1-f53.google.com (mail-ua1-f53.google.com [209.85.222.53]) by imf26.hostedemail.com (Postfix) with ESMTP id A3B2C140005 for ; Mon, 5 Feb 2024 14:09:01 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=y6IhpOTe; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf26.hostedemail.com: domain of elver@google.com designates 209.85.222.53 as permitted sender) smtp.mailfrom=elver@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1707142141; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mzbh1UXzk14eXCXPK6xOaBGhFX+s/GQyOx72L7u65eE=; b=Vc/YmMqcz3fdneW0hbbPLngev8odWnz0my/hYUkcodH1PRUXD9VNf+SK1ZdW8Krtzrty4y IslKw5+aKk3WefkhFDZq4RvT8RvEEysOp3FA4ZSWF0ln05CcOb5EfIN5VyDabIBqmijhmu lvYLFksKtXKUIMLjvGQIRHJy6IZs2gw= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=y6IhpOTe; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf26.hostedemail.com: domain of elver@google.com designates 209.85.222.53 as permitted sender) smtp.mailfrom=elver@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1707142141; a=rsa-sha256; cv=none; b=n6Rog1zvkpLy5/6z7J+OdHU7MGVjMgb5i1XGX0MB8vn38yFTNaUByhlEu8vesOKA9vWOiq McWL7wB/IrARmG020UtchhfkDsN6Cqji65cuQQYyqiNrQ9LPXG0oCI0JdD2zpeKs4y8Ted 895RA7qN18dvvruwmZcRS8r+Lmy/ICo= Received: by mail-ua1-f53.google.com with SMTP id a1e0cc1a2514c-7d2940ad0e1so2129259241.1 for ; Mon, 05 Feb 2024 06:09:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1707142140; x=1707746940; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=mzbh1UXzk14eXCXPK6xOaBGhFX+s/GQyOx72L7u65eE=; b=y6IhpOTe4izjuxJWyqP8lADeaUwQ9jMhPFg6jE3XG6KoA7UWCevDqT2GLamp0J3PPr X9w24vV7urIEmGeiieahS8C4asjHLVWcl9hxHhDOWTGCM9u0TPAN3YMTfxRqKiSghhU3 XL1cQVn5gTmP+5sklYuskI9GEziBnCTqEVDTPINTEoIFrRL7IDBC1mfpkVrDcTROZMJ3 7fbiy/rXb7roI5FcYeRuVAjSwfYBXVTzzEKGY9DqTpSG4QGdCNgk9rXDChOI8biDSqKE +TL522fAQzRaI0p9PCZZ2m5kVgC3rOu0v+X6xm9cGpZ0PHsqalwclE7HnrjytkaWzdJt 9Kpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707142140; x=1707746940; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mzbh1UXzk14eXCXPK6xOaBGhFX+s/GQyOx72L7u65eE=; b=iJOuq8FU9nPIn6IhOk64zD+bnYdFiP+VHevTzpWG/Xf2EveTTcPM9H4FO4QpyAvki8 ovWoVJk0/lbJx+OOSl0G3H8M3fFyfvBwmf7PHPL3vr72REnIU+QhmLovlI+3/vZP9hj2 HHr7lhDVBy/vdfsA6CCAKxxp/WBmmZAqIMjnwUetIBQDqxte86po7CsNf+xtPwUqNgoX fHsiEU22Y0gryGJo8D3soE0WjS2K6OUtdHfmWIydgQmQFe6/z/6+H8UO+Z8OjBMBONIr XhqZIcNh7xJ06ef5jYsitD3YjLzXu/8+nS+8IrcI0bcJ1ylObQiC2cosRfaHUhbYC09X XhaA== X-Gm-Message-State: AOJu0YxLvWPYCJfH5G1Jt1Up7uuD3iwhjJWBS4lWB0JlC2j6xTcpDIDu L5Gh6h5yEC0lhY04UGhRggUmvUM5NJUSvDwiDWDNVht3sXvYG93Pwlxde9+qFR4xRLMBtCOfgaX Ql5lKOUR/Pu1xXK/XFyFWdiV77x34IBf/hBI0 X-Google-Smtp-Source: AGHT+IEfgK2S3itWZnVRcEkyrIv+Myoo9jOJPQuHfD9CwzpcP5LU9a5FYEbCgpwpR9kba4bBMZE/mU2sUa5s6Ce2EBY= X-Received: by 2002:a05:6122:20a9:b0:4c0:3390:7abe with SMTP id i41-20020a05612220a900b004c033907abemr1619708vkd.12.1707142140414; Mon, 05 Feb 2024 06:09:00 -0800 (PST) MIME-Version: 1.0 References: <20240202113259.3045705-1-paul.heidekrueger@tum.de> In-Reply-To: <20240202113259.3045705-1-paul.heidekrueger@tum.de> From: Marco Elver Date: Mon, 5 Feb 2024 15:08:24 +0100 Message-ID: Subject: Re: [PATCH] kasan: add atomic tests To: =?UTF-8?Q?Paul_Heidekr=C3=BCger?= Cc: akpm@linux-foundation.org, andreyknvl@gmail.com, dvyukov@google.com, glider@google.com, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, ryabinin.a.a@gmail.com, vincenzo.frascino@arm.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: A3B2C140005 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: 9bd7wo1aet4f6h9togw8fhi118d1uuk6 X-HE-Tag: 1707142141-918289 X-HE-Meta: U2FsdGVkX18mcg9BdZNEmZYKUmERjrnShWpn2pjTtScd0YII659o922TsKLN8LeDoXIA553mUfAhMzT4v1YWZhcCYEliuZjnfNEchyNrpGyzKq/LTbrULrbzsfcFMC9p709ai3s1GoYX1F2Wh4/iML4FvNUyvKJyR9VxQe1SVX/vWpSEQoafNeJ+/dIvHL5HogI5DHixfJInnIb/2hQzvMlOwiYtaKDDVPVwYcNPQZoAuydft/Q/GTgtkH6/dRJyAjOBkfbvGRF3CvTyQ55k/vHKw7+tZxpAqf9Y8Soih4xOVizWO/fwOe3aO6c54fFRurW2BqbKeH0IsRgOyOxr2cQa5QnQ3rAcG95c/9ea2jW2Hzf9F7Sy0f2SggdseGV021Uzgk67M+dLj5EczykaWTt2g4G743OtH/qK9gNF9heY1K3oXBJRBw3RglQ1la7KIHRDigwS/7WbfqJiAY9LqqmcJ2NVQKLSO2TgSg+oqBUayWJVVaS2H9IidYT4xxpctAAR1vI+Kmg6x1FYr1psrYXtNcqzLKhDQREbB4D9PUJB8e7Tu0asgcbMgodzWxEvm6nLh3z9wi4QiSRQ+ZRRdkxg3mWFz4IZqZC+4dyrspKD9q6nRjgXR6QRsAZXC+FZ/YWXnok+WbHhhBBqLyUegFCbIq/TrC4zkEHIEJuWcdFhtB/g9xOc808zBNc/C7otg/KEQgOCETC7gNTsUZRodLpS81PKxWRtCXj4RFZ1OWToXKHpsK+lhAARyw/49KoMDLxV6RUnT0nmTZ22nlAwwt0vGuhOCgUFs6b0hsKuzl8k5TeNIhtcL7axcE0KZwi/tmJhobAb4chSXnPd282oBpk9aQqPeTMu304MsZjcHwII4nQ4yv0UwwqKvjxnLSR/FtaAMznvKPwYhIRRaub6PflhW6gYDFKeXlEWKPjALKvAH6yDHpSqhGQtpZsfI/UbcCUXWEiYnnnGjHc8Qxq +vEv/IrD wOSdeykvP1TMMugb0hzBFgt+fcOrsrUHP0emTUXj/CmSdjtu/COiLWoUFQSK8VXCmJvdy X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, 2 Feb 2024 at 12:33, Paul Heidekr=C3=BCger wrote: > > Test that KASan can detect some unsafe atomic accesses. > > As discussed in the linked thread below, these tests attempt to cover > the most common uses of atomics and, therefore, aren't exhaustive. > > CC: Marco Elver > CC: Andrey Konovalov > Link: https://lore.kernel.org/all/20240131210041.686657-1-paul.heidekrueg= er@tum.de/T/#u > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=3D214055 > Signed-off-by: Paul Heidekr=C3=BCger Reviewed-by: Marco Elver Tested-by: Marco Elver Thank you. > --- > Changes PATCH RFC v2 -> PATCH v1: > * Remove casts to void* > * Remove i_safe variable > * Add atomic_long_* test cases > * Carry over comment from kasan_bitops_tags() > > Changes PATCH RFC v1 -> PATCH RFC v2: > * Adjust size of allocations to make kasan_atomics() work with all KASan = modes > * Remove comments and move tests closer to the bitops tests > * For functions taking two addresses as an input, test each address in a = separate function call. > * Rename variables for clarity > * Add tests for READ_ONCE(), WRITE_ONCE(), smp_load_acquire() and smp_sto= re_release() > > mm/kasan/kasan_test.c | 79 +++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 79 insertions(+) > > diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c > index 8281eb42464b..4ef2280c322c 100644 > --- a/mm/kasan/kasan_test.c > +++ b/mm/kasan/kasan_test.c > @@ -1150,6 +1150,84 @@ static void kasan_bitops_tags(struct kunit *test) > kfree(bits); > } > > +static void kasan_atomics_helper(struct kunit *test, void *unsafe, void = *safe) > +{ > + int *i_unsafe =3D (int *)unsafe; > + > + KUNIT_EXPECT_KASAN_FAIL(test, READ_ONCE(*i_unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, WRITE_ONCE(*i_unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, smp_load_acquire(i_unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, smp_store_release(i_unsafe, 42)); > + > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_read(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_set(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_sub(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_and(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_andnot(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_or(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_xor(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_xchg(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_cmpxchg(unsafe, 21, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_try_cmpxchg(unsafe, safe, 42= )); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_try_cmpxchg(safe, unsafe, 42= )); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_sub_and_test(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add_negative(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add_unless(unsafe, 21, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_not_zero(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_unless_negative(unsafe))= ; > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_unless_positive(unsafe))= ; > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_if_positive(unsafe)); > + > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_read(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_set(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_sub(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_and(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_andnot(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_or(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_xor(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_xchg(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_cmpxchg(unsafe, 21, 42)= ); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_try_cmpxchg(unsafe, saf= e, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_try_cmpxchg(safe, unsaf= e, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_sub_and_test(42, unsafe= )); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add_negative(42, unsafe= )); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add_unless(unsafe, 21, = 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_not_zero(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_unless_negative(uns= afe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_unless_positive(uns= afe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_if_positive(unsafe)= ); > +} > + > +static void kasan_atomics(struct kunit *test) > +{ > + void *a1, *a2; > + > + /* > + * Just as with kasan_bitops_tags(), we allocate 48 bytes of memo= ry such > + * that the following 16 bytes will make up the redzone. > + */ > + a1 =3D kzalloc(48, GFP_KERNEL); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, a1); > + a2 =3D kzalloc(sizeof(int), GFP_KERNEL); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, a1); > + > + /* Use atomics to access the redzone. */ > + kasan_atomics_helper(test, a1 + 48, a2); > + > + kfree(a1); > + kfree(a2); > +} > + > static void kmalloc_double_kzfree(struct kunit *test) > { > char *ptr; > @@ -1553,6 +1631,7 @@ static struct kunit_case kasan_kunit_test_cases[] = =3D { > KUNIT_CASE(kasan_strings), > KUNIT_CASE(kasan_bitops_generic), > KUNIT_CASE(kasan_bitops_tags), > + KUNIT_CASE(kasan_atomics), > KUNIT_CASE(kmalloc_double_kzfree), > KUNIT_CASE(rcu_uaf), > KUNIT_CASE(workqueue_uaf), > -- > 2.40.1 >