From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8268BC4829A for ; Sun, 11 Feb 2024 09:11:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9704A6B0071; Sun, 11 Feb 2024 04:11:45 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 91FEE6B0072; Sun, 11 Feb 2024 04:11:45 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7E7426B0074; Sun, 11 Feb 2024 04:11:45 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 6EF9C6B0071 for ; Sun, 11 Feb 2024 04:11:45 -0500 (EST) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id F250880625 for ; Sun, 11 Feb 2024 09:11:44 +0000 (UTC) X-FDA: 81778955328.01.80CF45D Received: from postout1.mail.lrz.de (postout1.mail.lrz.de [129.187.255.137]) by imf24.hostedemail.com (Postfix) with ESMTP id 44E57180005 for ; Sun, 11 Feb 2024 09:11:41 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=tum.de header.s=tu-postout21 header.b=i5A0RDxK; dmarc=pass (policy=none) header.from=tum.de; spf=pass (imf24.hostedemail.com: domain of paul.heidekrueger@tum.de designates 129.187.255.137 as permitted sender) smtp.mailfrom=paul.heidekrueger@tum.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1707642702; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/1DqfwJGtWRTGRQ6Tc6wLUorqclXo0wzjN29vIwyios=; b=3PAI5EzXtNq9SbRAn/LYSX5dUomhxOCfh0Z+Wi0mXkstyrFXiJ0Oeg0NtnpMY+YWAqJQhf 2DSHUFOkyFac11BVFbE+Nq1ENgkOW9c5t2Yy8uy1RPZA6fD7oSuwe3ll4o5WTlyhgZ1y4s LwDcxQ4PWXmK43wcpfQ36kgxSY1nau8= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=tum.de header.s=tu-postout21 header.b=i5A0RDxK; dmarc=pass (policy=none) header.from=tum.de; spf=pass (imf24.hostedemail.com: domain of paul.heidekrueger@tum.de designates 129.187.255.137 as permitted sender) smtp.mailfrom=paul.heidekrueger@tum.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1707642702; a=rsa-sha256; cv=none; b=OC41VjTGzuX21MNPcA3NeRn10p/KtvsJvQGWOxtkX8iwHPcFIUph2iLSrg3s0QV3wCup+M RV6ZfJG9AjyPZ7qpORVcXNuF4oejERQofH4G8rg6OwG9CFHESJrSsdKVaVZrrukFe23a8x QSxipaVguCoFFucCZ2vCYgbrZTI2cms= Received: from lxmhs51.srv.lrz.de (localhost [127.0.0.1]) by postout1.mail.lrz.de (Postfix) with ESMTP id 4TXhff50PfzyVC; Sun, 11 Feb 2024 10:11:38 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tum.de; h= in-reply-to:content-transfer-encoding:content-disposition :content-type:content-type:mime-version:references:message-id :subject:subject:from:from:date:date:received:received; s= tu-postout21; t=1707642698; bh=Jv4cL9UsVOf4EKlSKubvFmDWNJzxN5n8S oeS8SI0QW8=; b=i5A0RDxKzx4ppzSwsW6lYGG2KiyuqxERPXPGnf7jO3BubUr3Q J0VhSRnZcUgQ9KRFpFRSlMy+wkKUSwx6DJxPFKQuQRKc2r2YbSUcJX81nqRW5i2U 2YZIwbPUXo5gtdsx7/euZD12zQnqviaEaADwkXx0n3m4Cv+c+x4fgnVtfGkry3Jk 5xsCn7Mk+NO7I20GHnLY+X0zBmmO/7FISf/2NcyV3tgdZyoW5Ng8YwmnhdfwY1sm C/+c2LY66nri0rySxbP5emuW6PAa/ZBxi6Qa1mXfNW/2lB5u1bZsjZhJ5wvRCxwg NSIw+toPG5VPTFeayApy62iNk++Ny1oSug2aQ== X-Virus-Scanned: by amavisd-new at lrz.de in lxmhs51.srv.lrz.de Received: from postout1.mail.lrz.de ([127.0.0.1]) by lxmhs51.srv.lrz.de (lxmhs51.srv.lrz.de [127.0.0.1]) (amavisd-new, port 20024) with LMTP id RO5beP05XWcW; Sun, 11 Feb 2024 10:11:38 +0100 (CET) Received: from pine.fritz.box (unknown [IPv6:2001:a61:25e5:2101:6db9:145:ae0a:2a16]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by postout1.mail.lrz.de (Postfix) with ESMTPSA id 4TXhfd1X3yzyS3; Sun, 11 Feb 2024 10:11:37 +0100 (CET) Date: Sun, 11 Feb 2024 10:11:33 +0100 From: Paul =?utf-8?Q?Heidekr=C3=BCger?= To: Andrey Konovalov Cc: elver@google.com, akpm@linux-foundation.org, dvyukov@google.com, glider@google.com, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, ryabinin.a.a@gmail.com, vincenzo.frascino@arm.com Subject: Re: [PATCH] kasan: add atomic tests Message-ID: References: <20240202113259.3045705-1-paul.heidekrueger@tum.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Queue-Id: 44E57180005 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: jfoxest196az6n3h8j3zuuayofpxfine X-HE-Tag: 1707642701-260518 X-HE-Meta: U2FsdGVkX19C3sPdx95kJTopCOKH0c3rcw2+vleEpzAJBy1iGfMnwIyeNwvRp/a1b+dDbmu8FryhSG3CpH0QqGMUtSoAr3mGn0Wd3mVSicbS91cJ6AVSkl1DvFjZ+TQLAMDE46PmO9duQjOgJCH8VX0av1zjO6iN6B5rcCAJq8r5pGrO+TU02+DIIxKJ1LH6IRULxl+RobLDsdnPNQRQWn7ym8Lbs8mPsvKXAOYkogqaQY1lMCc9Y59FdMwHDK2btk3ZOmEC+2zqsoZ3JpV1fxd9ONTij6C3SBwFyBlmigD/UvoRRuo4vfOB0Oy/s451195XpiMtr5Ve6vkvX2M2X4fwamddjdLo3dTuL7/RnuYl30Awj5LhmWhH6WBq+8Z0SsRN0W8mmOiz0eA3LgSBoJ/q4PGG/e/iZD0RbBwCmDwOkKZZymDkPMMkd70y3tlAkDS5pfd9bxA5gyADB4lwYrhjrl03pmW8UiNECOsrxpyMpPD1ufMHp0dabfCM6zzDJXXiOSy4BL1zllyRof/qZKlTRufp8f8BEWZ0chQQJjMpGr3vILYHq3RUgv4XfkGdRkubjMig3Q2kQq7feYCug2JhrNn+wjfcr2S0dK0dq1Oi+c0wCElIIQNv6cpwpI6HcLkRT9aOBznQ/CngBGMW7fyNNPCK+xJvYQbSD5DO1TqYHdimg0/CHc/sLdbtwOD96/kQr9nbms7ZBh17Wdz0D+i4a1FHgri4n2b20QrtrzInhTZopA4RrzkANLVYaBtbSkpmx4vi6cufT4Nq8pwQDyRqNmyajjbfAEKNQd/L+F2NclXm8VFOaeKmqikuwU67leqffsjpqRF0cxIoUYDXQLKoDwpu9/uVmmFvpPWwDanpDQ827Xw7wZgqjQsQoaMuyw8OQLGfBMoViLmgt1/ME/4K1F74ZOFDS6fHnW3wDKtj0NevT1pjOoUDN3WZYzZYiCLlGLWHYIAu0zkaZKF 10yXYGsL KRiuOPQpCMX05F1IInC/VeJxcbKfkm6Hdxso8wVeKORxkCg5AvmmIgB53zgOMc2pTtDM6yXjF76XZQGnbn/vh6PyxvXMEcC48mq3timxfFbMXBly7+g7sGajyWRwId64SGo+K+yTXEGypzTq5ckAePjZU3y+trls0bDAqc972ZRzaZU3dQ/2gG7RYb3Kz/BuHSv7BcMn/PUbTPBFfMrqARD8h5weOcySJVGEyeDnS7fG504fzKeENjiCrgdpTwFR6MUmkc2ScKAZJO9wqUq5h0qoornygnoSrPYcWzhvgjzZJWZR7F2QSp9dKhl1uV8nwAZFD+mHLedJt5qwgdPKSUoLEvXTzh79tICtbS2nbBcqK1IIQpm3bTtft24OKtJIGnrjGqvkaq8Xfic9AenYBmreg4w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 05.02.2024 22:00, Andrey Konovalov wrote: > On Fri, Feb 2, 2024 at 12:33 PM Paul Heidekrüger > wrote: > > > > Test that KASan can detect some unsafe atomic accesses. > > > > As discussed in the linked thread below, these tests attempt to cover > > the most common uses of atomics and, therefore, aren't exhaustive. > > > > CC: Marco Elver > > CC: Andrey Konovalov > > Link: https://lore.kernel.org/all/20240131210041.686657-1-paul.heidekrueger@tum.de/T/#u > > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=214055 > > Signed-off-by: Paul Heidekrüger > > --- > > Changes PATCH RFC v2 -> PATCH v1: > > * Remove casts to void* > > * Remove i_safe variable > > * Add atomic_long_* test cases > > * Carry over comment from kasan_bitops_tags() > > > > Changes PATCH RFC v1 -> PATCH RFC v2: > > * Adjust size of allocations to make kasan_atomics() work with all KASan modes > > * Remove comments and move tests closer to the bitops tests > > * For functions taking two addresses as an input, test each address in a separate function call. > > * Rename variables for clarity > > * Add tests for READ_ONCE(), WRITE_ONCE(), smp_load_acquire() and smp_store_release() > > > > mm/kasan/kasan_test.c | 79 +++++++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 79 insertions(+) > > > > diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c > > index 8281eb42464b..4ef2280c322c 100644 > > --- a/mm/kasan/kasan_test.c > > +++ b/mm/kasan/kasan_test.c > > @@ -1150,6 +1150,84 @@ static void kasan_bitops_tags(struct kunit *test) > > kfree(bits); > > } > > > > +static void kasan_atomics_helper(struct kunit *test, void *unsafe, void *safe) > > +{ > > + int *i_unsafe = (int *)unsafe; > > + > > + KUNIT_EXPECT_KASAN_FAIL(test, READ_ONCE(*i_unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, WRITE_ONCE(*i_unsafe, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, smp_load_acquire(i_unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, smp_store_release(i_unsafe, 42)); > > + > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_read(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_set(unsafe, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_sub(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_and(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_andnot(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_or(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_xor(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_xchg(unsafe, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_cmpxchg(unsafe, 21, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_try_cmpxchg(unsafe, safe, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_try_cmpxchg(safe, unsafe, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_sub_and_test(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_and_test(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_and_test(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add_negative(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add_unless(unsafe, 21, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_not_zero(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_unless_negative(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_unless_positive(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_if_positive(unsafe)); > > + > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_read(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_set(unsafe, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_sub(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_and(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_andnot(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_or(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_xor(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_xchg(unsafe, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_cmpxchg(unsafe, 21, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_try_cmpxchg(unsafe, safe, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_try_cmpxchg(safe, unsafe, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_sub_and_test(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_and_test(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_and_test(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add_negative(42, unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_add_unless(unsafe, 21, 42)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_not_zero(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_inc_unless_negative(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_unless_positive(unsafe)); > > + KUNIT_EXPECT_KASAN_FAIL(test, atomic_long_dec_if_positive(unsafe)); > > +} > > + > > +static void kasan_atomics(struct kunit *test) > > +{ > > + void *a1, *a2; > > + > > + /* > > + * Just as with kasan_bitops_tags(), we allocate 48 bytes of memory such > > + * that the following 16 bytes will make up the redzone. > > + */ > > + a1 = kzalloc(48, GFP_KERNEL); > > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, a1); > > + a2 = kzalloc(sizeof(int), GFP_KERNEL); > > I think this should be sizeof(atomic_long_t) or sizeof(long), > otherwise a2 will not work as the safe argument for > atomic_long_try_cmpxchg on 64-bit architectures. Ah, good catch! > > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, a1); > > + > > + /* Use atomics to access the redzone. */ > > + kasan_atomics_helper(test, a1 + 48, a2); > > + > > + kfree(a1); > > + kfree(a2); > > +} > > + > > static void kmalloc_double_kzfree(struct kunit *test) > > { > > char *ptr; > > @@ -1553,6 +1631,7 @@ static struct kunit_case kasan_kunit_test_cases[] = { > > KUNIT_CASE(kasan_strings), > > KUNIT_CASE(kasan_bitops_generic), > > KUNIT_CASE(kasan_bitops_tags), > > + KUNIT_CASE(kasan_atomics), > > KUNIT_CASE(kmalloc_double_kzfree), > > KUNIT_CASE(rcu_uaf), > > KUNIT_CASE(workqueue_uaf), > > -- > > 2.40.1 > > I'll be sending a v2 patch right away. Thank you Marco, Mark, and Andrey! Paul