| Message ID | f2ded589eba1597f7360a972226083de9afd86e2.1607537948.git.andreyknvl@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | kasan: a few HW_TAGS fixes | expand |
On Wed, 9 Dec 2020 at 19:24, Andrey Konovalov <andreyknvl@google.com> wrote: > __ro_after_init static keys are incompatible with usage in loadable kernel > modules and cause crashes. Don't use those, use normal static keys. > > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Reviewed-by: Marco Elver <elver@google.com> > --- > > This fix can be squashed into > "kasan: add and integrate kasan boot parameters". > > --- > mm/kasan/hw_tags.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c > index c91f2c06ecb5..55bd6f09c70f 100644 > --- a/mm/kasan/hw_tags.c > +++ b/mm/kasan/hw_tags.c > @@ -43,11 +43,11 @@ static enum kasan_arg_stacktrace kasan_arg_stacktrace __ro_after_init; > static enum kasan_arg_fault kasan_arg_fault __ro_after_init; > > /* Whether KASAN is enabled at all. */ > -DEFINE_STATIC_KEY_FALSE_RO(kasan_flag_enabled); > +DEFINE_STATIC_KEY_FALSE(kasan_flag_enabled); Side-node: This appears to be just a bad interface; I think the macro DEFINE_STATIC_KEY_FALSE_RO() is error-prone, if it can't be guaranteed that this is always safe, since the presence of the macro encourages its use and we'll inevitably run into this problem again. > EXPORT_SYMBOL(kasan_flag_enabled); DEFINE_STATIC_KEY_FALSE_RO() + EXPORT_SYMBOL() is an immediate bug. Given its use has not increased substantially since its introduction, it may be safer to consider its removal. Thanks, -- Marco
On Wed, Dec 09, 2020 at 07:49:36PM +0100, Marco Elver wrote: > On Wed, 9 Dec 2020 at 19:24, Andrey Konovalov <andreyknvl@google.com> wrote: > > __ro_after_init static keys are incompatible with usage in loadable kernel > > modules and cause crashes. Don't use those, use normal static keys. > > > > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> > > Reviewed-by: Marco Elver <elver@google.com> > > > --- > > > > This fix can be squashed into > > "kasan: add and integrate kasan boot parameters". > > > > --- > > mm/kasan/hw_tags.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c > > index c91f2c06ecb5..55bd6f09c70f 100644 > > --- a/mm/kasan/hw_tags.c > > +++ b/mm/kasan/hw_tags.c > > @@ -43,11 +43,11 @@ static enum kasan_arg_stacktrace kasan_arg_stacktrace __ro_after_init; > > static enum kasan_arg_fault kasan_arg_fault __ro_after_init; > > > > /* Whether KASAN is enabled at all. */ > > -DEFINE_STATIC_KEY_FALSE_RO(kasan_flag_enabled); > > +DEFINE_STATIC_KEY_FALSE(kasan_flag_enabled); > > Side-node: This appears to be just a bad interface; I think the macro > DEFINE_STATIC_KEY_FALSE_RO() is error-prone, if it can't be guaranteed > that this is always safe, since the presence of the macro encourages > its use and we'll inevitably run into this problem again. > > > EXPORT_SYMBOL(kasan_flag_enabled); > > DEFINE_STATIC_KEY_FALSE_RO() + EXPORT_SYMBOL() is an immediate bug. > Given its use has not increased substantially since its introduction, > it may be safer to consider its removal. Right -- it seems the export is the problem, not the RO-ness. What is actually trying to change the flag after __init?
On Wed, 9 Dec 2020 at 19:57, Kees Cook <keescook@chromium.org> wrote: > > On Wed, Dec 09, 2020 at 07:49:36PM +0100, Marco Elver wrote: > > On Wed, 9 Dec 2020 at 19:24, Andrey Konovalov <andreyknvl@google.com> wrote: > > > __ro_after_init static keys are incompatible with usage in loadable kernel > > > modules and cause crashes. Don't use those, use normal static keys. > > > > > > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> > > > > Reviewed-by: Marco Elver <elver@google.com> > > > > > --- > > > > > > This fix can be squashed into > > > "kasan: add and integrate kasan boot parameters". > > > > > > --- > > > mm/kasan/hw_tags.c | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c > > > index c91f2c06ecb5..55bd6f09c70f 100644 > > > --- a/mm/kasan/hw_tags.c > > > +++ b/mm/kasan/hw_tags.c > > > @@ -43,11 +43,11 @@ static enum kasan_arg_stacktrace kasan_arg_stacktrace __ro_after_init; > > > static enum kasan_arg_fault kasan_arg_fault __ro_after_init; > > > > > > /* Whether KASAN is enabled at all. */ > > > -DEFINE_STATIC_KEY_FALSE_RO(kasan_flag_enabled); > > > +DEFINE_STATIC_KEY_FALSE(kasan_flag_enabled); > > > > Side-node: This appears to be just a bad interface; I think the macro > > DEFINE_STATIC_KEY_FALSE_RO() is error-prone, if it can't be guaranteed > > that this is always safe, since the presence of the macro encourages > > its use and we'll inevitably run into this problem again. > > > > > EXPORT_SYMBOL(kasan_flag_enabled); > > > > DEFINE_STATIC_KEY_FALSE_RO() + EXPORT_SYMBOL() is an immediate bug. > > Given its use has not increased substantially since its introduction, > > it may be safer to consider its removal. > > Right -- it seems the export is the problem, not the RO-ness. What is > actually trying to change the flag after __init? It seems to want to add it to a list on module loads: https://lore.kernel.org/lkml/20201208125129.GY2414@hirez.programming.kicks-ass.net/ -- Marco
diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index c91f2c06ecb5..55bd6f09c70f 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -43,11 +43,11 @@ static enum kasan_arg_stacktrace kasan_arg_stacktrace __ro_after_init; static enum kasan_arg_fault kasan_arg_fault __ro_after_init; /* Whether KASAN is enabled at all. */ -DEFINE_STATIC_KEY_FALSE_RO(kasan_flag_enabled); +DEFINE_STATIC_KEY_FALSE(kasan_flag_enabled); EXPORT_SYMBOL(kasan_flag_enabled); /* Whether to collect alloc/free stack traces. */ -DEFINE_STATIC_KEY_FALSE_RO(kasan_flag_stacktrace); +DEFINE_STATIC_KEY_FALSE(kasan_flag_stacktrace); /* Whether panic or disable tag checking on fault. */ bool kasan_flag_panic __ro_after_init;
__ro_after_init static keys are incompatible with usage in loadable kernel modules and cause crashes. Don't use those, use normal static keys. Signed-off-by: Andrey Konovalov <andreyknvl@google.com> --- This fix can be squashed into "kasan: add and integrate kasan boot parameters". --- mm/kasan/hw_tags.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)