From: Nathan Chancellor <nathan@kernel.org>
To: Kees Cook <keescook@chromium.org>,
Alexander Potapenko <glider@google.com>,
Andrew Morton <akpm@linux-foundation.org>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
llvm@lists.linux.dev, kasan-dev@googlegroups.com,
linux-mm@kvack.org
Subject: -Wmacro-redefined in include/linux/fortify-string.h
Date: Wed, 19 Oct 2022 08:37:19 -0700 [thread overview]
Message-ID: <Y1AZr01X1wvg5Klu@dev-arch.thelio-3990X> (raw)
Hi all,
I am seeing the following set of warnings when building an x86_64
configuration that has CONFIG_FORTIFY_SOURCE=y and CONFIG_KMSAN=y:
In file included from scripts/mod/devicetable-offsets.c:3:
In file included from ./include/linux/mod_devicetable.h:13:
In file included from ./include/linux/uuid.h:12:
In file included from ./include/linux/string.h:253:
./include/linux/fortify-string.h:496:9: error: 'memcpy' macro redefined [-Werror,-Wmacro-redefined]
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^
./arch/x86/include/asm/string_64.h:17:9: note: previous definition is here
#define memcpy __msan_memcpy
^
In file included from scripts/mod/devicetable-offsets.c:3:
In file included from ./include/linux/mod_devicetable.h:13:
In file included from ./include/linux/uuid.h:12:
In file included from ./include/linux/string.h:253:
./include/linux/fortify-string.h:500:9: error: 'memmove' macro redefined [-Werror,-Wmacro-redefined]
#define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \
^
./arch/x86/include/asm/string_64.h:73:9: note: previous definition is here
#define memmove __msan_memmove
^
2 errors generated.
I can see that commit ff901d80fff6 ("x86: kmsan: use __msan_ string
functions where possible.") appears to include a fix up for this warning
with memset() but not memcpy() or memmove(). If I apply a similar fix up
like so:
diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
index 4029fe368a4f..718ee17b31e3 100644
--- a/include/linux/fortify-string.h
+++ b/include/linux/fortify-string.h
@@ -493,6 +493,7 @@ __FORTIFY_INLINE bool fortify_memcpy_chk(__kernel_size_t size,
* __struct_size() vs __member_size() must be captured here to avoid
* evaluating argument side-effects further into the macro layers.
*/
+#ifndef CONFIG_KMSAN
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
__struct_size(p), __struct_size(q), \
__member_size(p), __member_size(q), \
@@ -501,6 +502,7 @@ __FORTIFY_INLINE bool fortify_memcpy_chk(__kernel_size_t size,
__struct_size(p), __struct_size(q), \
__member_size(p), __member_size(q), \
memmove)
+#endif
extern void *__real_memscan(void *, int, __kernel_size_t) __RENAME(memscan);
__FORTIFY_INLINE void *memscan(void * const POS0 p, int c, __kernel_size_t size)
Then the instances of -Wmacro-redefined disappear but the fortify tests
no longer pass for somewhat obvious reasons:
warning: unsafe memcpy() usage lacked '__read_overflow2' symbol in lib/test_fortify/read_overflow2-memcpy.c
warning: unsafe memmove() usage lacked '__read_overflow2' symbol in lib/test_fortify/read_overflow2-memmove.c
warning: unsafe memcpy() usage lacked '__read_overflow2_field' symbol in lib/test_fortify/read_overflow2_field-memcpy.c
warning: unsafe memmove() usage lacked '__read_overflow2_field' symbol in lib/test_fortify/read_overflow2_field-memmove.c
warning: unsafe memcpy() usage lacked '__write_overflow' symbol in lib/test_fortify/write_overflow-memcpy.c
warning: unsafe memmove() usage lacked '__write_overflow' symbol in lib/test_fortify/write_overflow-memmove.c
warning: unsafe memset() usage lacked '__write_overflow' symbol in lib/test_fortify/write_overflow-memset.c
warning: unsafe memcpy() usage lacked '__write_overflow_field' symbol in lib/test_fortify/write_overflow_field-memcpy.c
warning: unsafe memmove() usage lacked '__write_overflow_field' symbol in lib/test_fortify/write_overflow_field-memmove.c
warning: unsafe memset() usage lacked '__write_overflow_field' symbol in lib/test_fortify/write_overflow_field-memset.c
Should CONFIG_KMSAN depend on CONFIG_FORTIFY_SOURCE=n like so? It seems
like the two features are incompatible if I am reading ff901d80fff6
correctly.
diff --git a/lib/Kconfig.kmsan b/lib/Kconfig.kmsan
index b2489dd6503f..6a681621e3c5 100644
--- a/lib/Kconfig.kmsan
+++ b/lib/Kconfig.kmsan
@@ -11,7 +11,7 @@ config HAVE_KMSAN_COMPILER
config KMSAN
bool "KMSAN: detector of uninitialized values use"
depends on HAVE_ARCH_KMSAN && HAVE_KMSAN_COMPILER
- depends on SLUB && DEBUG_KERNEL && !KASAN && !KCSAN
+ depends on SLUB && DEBUG_KERNEL && !KASAN && !KCSAN && !FORTIFY_SOURCE
select STACKDEPOT
select STACKDEPOT_ALWAYS_INIT
help
or is there a different obvious fix that I am missing?
Cheers,
Nathan
next reply other threads:[~2022-10-19 15:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-19 15:37 Nathan Chancellor [this message]
2022-10-19 16:48 ` Alexander Potapenko
2022-10-19 17:30 ` Kees Cook
2022-10-19 17:29 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y1AZr01X1wvg5Klu@dev-arch.thelio-3990X \
--to=nathan@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=llvm@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox