From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D933C4828D for ; Mon, 5 Feb 2024 16:01:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F19316B0075; Mon, 5 Feb 2024 11:01:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id EC7E36B0078; Mon, 5 Feb 2024 11:01:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DB7436B007B; Mon, 5 Feb 2024 11:01:43 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id CDB876B0075 for ; Mon, 5 Feb 2024 11:01:43 -0500 (EST) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id CA57C40A5D for ; Mon, 5 Feb 2024 16:01:41 +0000 (UTC) X-FDA: 81758215602.13.E6B2790 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by imf28.hostedemail.com (Postfix) with ESMTP id 0C755C0036 for ; Mon, 5 Feb 2024 16:01:38 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=arm.com; spf=pass (imf28.hostedemail.com: domain of mark.rutland@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=mark.rutland@arm.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1707148899; a=rsa-sha256; cv=none; b=zkRBS9YZcENBgKRWytJNM2UjkdhSCvPxEyzF7EfYhEd2dX7pi73Qpf1s2onCRPGS2p4Dkp 1SOCpC1EGzL5K1Ie5xzgRlZCTq6mVZeKETOM5kLlv5zwf6RyCWlWnJXB7oKHQiHgfGu/yZ +6K8D1RVXlMyyugKeTlEkuiDm9CQbXQ= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=arm.com; spf=pass (imf28.hostedemail.com: domain of mark.rutland@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=mark.rutland@arm.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1707148899; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9PmwAXZzlI/3tKHIRlCPcUPoUA3xllDT3/1Q0y+jEXI=; b=OxL7437zhTAFhINQ9rZJZcMAnkQC4+2yKe0/2vNoDgc9d/a0acMdCu0T5JUUf9U1dNuMzk z2oFSqnDOXW0ttPLlstZj4Yx+xrzlN8h7dthQNKg+a5WAYWfm0U++Jcz4QqS7yWFrbmlDp lpU0xvQGvMo6FIR1s8FSZcM3369N4jQ= Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CFE801FB; Mon, 5 Feb 2024 08:02:20 -0800 (PST) Received: from FVFF77S0Q05N (unknown [10.57.66.84]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 777FE3F5A1; Mon, 5 Feb 2024 08:01:36 -0800 (PST) Date: Mon, 5 Feb 2024 16:01:30 +0000 From: Mark Rutland To: "Paul Heidekr\"uger" Cc: elver@google.com, akpm@linux-foundation.org, andreyknvl@gmail.com, dvyukov@google.com, glider@google.com, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, ryabinin.a.a@gmail.com, vincenzo.frascino@arm.com Subject: Re: [PATCH] kasan: add atomic tests Message-ID: References: <20240202113259.3045705-1-paul.heidekrueger@tum.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240202113259.3045705-1-paul.heidekrueger@tum.de> X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 0C755C0036 X-Stat-Signature: y3mne9jk4do7h7utzo9zggc3ge7z89te X-Rspam-User: X-HE-Tag: 1707148898-222222 X-HE-Meta: U2FsdGVkX194GBGq1AcDPm2zpRzMaNvGz3tpoekTrNgRH/2Cu+GjxguAwmEm1lnxNpuyo1EFQMv8DSV0f85UsV4JEc2qOJSyf8Jxy8DwPKsjb5FWIZOj61XopIZm8K/Dmibty6XE9Y5Lyy922VdMXAf3VYv1R+1V7xqzjR7FLHgAcDmlFTdDr4+WgmcolNgQEJAC0XbNgY3JLhhM3fDMeVIfDznapQb2ji4PmlwVSpLHzY+JdFQAodCTK82Ovd2PwE+9ORiRoWPpM30a9k2haK6ogN7JpnKdO3CeKo3w2rMCmfT6vjBE2lhdWMgO5btytm0hlK+uliYmij6ysYb2e3LX+gRss5cO/Vv3twcq/G95OOWiAvRx0ZGuhT61hfIpimllhUhuhxnIyj1NhI6l92ang0ns1NA9s9ytr3x/a8kvVb3S6QWPx0W5zHrcTMjPaW2XL95wVEGtHeZYZWOvJ+3i8GBV49e6U4Jy4t/G76laQnCLqxwaiRnNJF7euzUw9qv5oRLULspi+O335sVGfKtcYTCP/0PbdNnuMN7J/4usVcXtzpklzSvHzApEpR2UyQ9zj+KavdlOxjJzdLzNqFB5wkpcMpXgcPR6zndSxBhzUKE3XC+zuXRkOXzwLfT9MzOfZGN2lQ/rkBGY1zt1GtStXwuhmZ66iF7nOmJxgusnEh/08nj2aZCqz4L3O3L9hIK8jRHZagnJaImXw1aR60ZM8tzXrkAAaftt8/4DoZrKs1pUtZyGfxYNwtmvkqx+KZ0xspxCaEkoiAm+FnH00MSSF7eyc3pRgyjX0NNHGy0amZtxXznO21HXVbOmbgmwlclMJUCmbnKRsHfhhO3ayZQNIOBn4FqvOgXH0dZ9Wl8qoaemgtgNIZXDu8l0fAiPyrWs+mBv2yCPd0RZ6q+32caq7Kv9yElhue6whY05/8AX8ZzqVUlm9Ud42CQa5xLCVxtUh0rQQqfxShK4abB jU66H4Vn 4F/KWG0WCwstlu2Wsn4aTL0Ufr4Piykem6Q7Q7OvVixoxPoQfYL6Y1lQ5GB2VwD9UmdN7jz1w2/mZh4fFtg3PYCMo2bw4grtqoslHie+8gQwPCsIVpL42wQJAlFp7ZcAs8mMjYiOog/1eEfRbIj6HiG4LFhTqjMxPO2COzi/rHSFZkLLpRZhgzcpzRYqFxCvAc6IsWmLUjxl53tbWJHcfUXVNYuCTIHAInLaRkcJYFcnrWrkYe9TRqxAHBxYj6O9uuQ6iWArJQ+bRJJygs/uassU+Ju8m/1Ch4cedlZjshpgEG5k0S52plXkzKMd8udOlhQNQB6r1/4J2LUVmP/7RieFeJw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Feb 02, 2024 at 11:32:59AM +0000, Paul Heidekr"uger wrote: > Test that KASan can detect some unsafe atomic accesses. > > As discussed in the linked thread below, these tests attempt to cover > the most common uses of atomics and, therefore, aren't exhaustive. > > CC: Marco Elver > CC: Andrey Konovalov > Link: https://lore.kernel.org/all/20240131210041.686657-1-paul.heidekrueger@tum.de/T/#u > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=214055 > Signed-off-by: Paul Heidekr"uger > --- > Changes PATCH RFC v2 -> PATCH v1: > * Remove casts to void* > * Remove i_safe variable > * Add atomic_long_* test cases > * Carry over comment from kasan_bitops_tags() > > Changes PATCH RFC v1 -> PATCH RFC v2: > * Adjust size of allocations to make kasan_atomics() work with all KASan modes > * Remove comments and move tests closer to the bitops tests > * For functions taking two addresses as an input, test each address in a separate function call. > * Rename variables for clarity > * Add tests for READ_ONCE(), WRITE_ONCE(), smp_load_acquire() and smp_store_release() > > mm/kasan/kasan_test.c | 79 +++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 79 insertions(+) > > diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c > index 8281eb42464b..4ef2280c322c 100644 > --- a/mm/kasan/kasan_test.c > +++ b/mm/kasan/kasan_test.c > @@ -1150,6 +1150,84 @@ static void kasan_bitops_tags(struct kunit *test) > kfree(bits); > } > > +static void kasan_atomics_helper(struct kunit *test, void *unsafe, void *safe) > +{ > + int *i_unsafe = (int *)unsafe; Minor nit: you don't need the cast here either. Regardless: Acked-by: Mark Rutland Mark. > + > + KUNIT_EXPECT_KASAN_FAIL(test, READ_ONCE(*i_unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, WRITE_ONCE(*i_unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, smp_load_acquire(i_unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, smp_store_release(i_unsafe, 42)); > + > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_read(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_set(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_sub(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_and(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_andnot(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_or(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_xor(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_xchg(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_cmpxchg(unsafe, 21, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_try_cmpxchg(unsafe, safe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_try_cmpxchg(safe, unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_sub_and_test(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add_negative(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add_unless(unsafe, 21, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_not_zero(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_unless_negative(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_unless_positive(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_if_positive(unsafe)); > + > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_read(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_set(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_sub(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_and(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_andnot(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_or(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_xor(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_xchg(unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_cmpxchg(unsafe, 21, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_try_cmpxchg(unsafe, safe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_try_cmpxchg(safe, unsafe, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_sub_and_test(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_and_test(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add_negative(42, unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add_unless(unsafe, 21, 42)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_not_zero(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_unless_negative(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_unless_positive(unsafe)); > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_if_positive(unsafe)); > +} > + > +static void kasan_atomics(struct kunit *test) > +{ > + void *a1, *a2; > + > + /* > + * Just as with kasan_bitops_tags(), we allocate 48 bytes of memory such > + * that the following 16 bytes will make up the redzone. > + */ > + a1 = kzalloc(48, GFP_KERNEL); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, a1); > + a2 = kzalloc(sizeof(int), GFP_KERNEL); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, a1); > + > + /* Use atomics to access the redzone. */ > + kasan_atomics_helper(test, a1 + 48, a2); > + > + kfree(a1); > + kfree(a2); > +} > + > static void kmalloc_double_kzfree(struct kunit *test) > { > char *ptr; > @@ -1553,6 +1631,7 @@ static struct kunit_case kasan_kunit_test_cases[] = { > KUNIT_CASE(kasan_strings), > KUNIT_CASE(kasan_bitops_generic), > KUNIT_CASE(kasan_bitops_tags), > + KUNIT_CASE(kasan_atomics), > KUNIT_CASE(kmalloc_double_kzfree), > KUNIT_CASE(rcu_uaf), > KUNIT_CASE(workqueue_uaf), > -- > 2.40.1 > >