| Message ID | 20241014161100.18034-1-will@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | kasan: Disable Software Tag-Based KASAN with GCC | expand |
On Mon, Oct 14, 2024 at 05:11:00PM +0100, Will Deacon wrote: > Syzbot reports a KASAN failure early during boot on arm64 when building > with GCC 12.2.0 and using the Software Tag-Based KASAN mode: > > | BUG: KASAN: invalid-access in smp_build_mpidr_hash arch/arm64/kernel/setup.c:133 [inline] > | BUG: KASAN: invalid-access in setup_arch+0x984/0xd60 arch/arm64/kernel/setup.c:356 > | Write of size 4 at addr 03ff800086867e00 by task swapper/0 > | Pointer tag: [03], memory tag: [fe] > > Initial triage indicates that the report is a false positive and a > thorough investigation of the crash by Mark Rutland revealed the root > cause to be a bug in GCC: > > > When GCC is passed `-fsanitize=hwaddress` or > > `-fsanitize=kernel-hwaddress` it ignores > > `__attribute__((no_sanitize_address))`, and instruments functions > > we require are not instrumented. > > > > [...] > > > > All versions [of GCC] I tried were broken, from 11.3.0 to 14.2.0 > > inclusive. > > > > I think we have to disable KASAN_SW_TAGS with GCC until this is > > fixed > > Disable Software Tag-Based KASAN when building with GCC by making > CC_HAS_KASAN_SW_TAGS depend on !CC_IS_GCC. > > Cc: Andrey Konovalov <andreyknvl@gmail.com> > Suggested-by: Mark Rutland <mark.rutland@arm.com> > Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com > Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com > Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3 > Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854 > Signed-off-by: Will Deacon <will@kernel.org> Acked-by: Mark Rutland <mark.rutland@arm.com> Thanks for putting a patch together! Mark. > --- > lib/Kconfig.kasan | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > While sweeping up pending fixes and open bug reports, I noticed this one > had slipped through the cracks... > > diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan > index 98016e137b7f..233ab2096924 100644 > --- a/lib/Kconfig.kasan > +++ b/lib/Kconfig.kasan > @@ -22,8 +22,11 @@ config ARCH_DISABLE_KASAN_INLINE > config CC_HAS_KASAN_GENERIC > def_bool $(cc-option, -fsanitize=kernel-address) > > +# GCC appears to ignore no_sanitize_address when -fsanitize=kernel-hwaddress > +# is passed. See https://bugzilla.kernel.org/show_bug.cgi?id=218854 (and > +# the linked LKML thread) for more details. > config CC_HAS_KASAN_SW_TAGS > - def_bool $(cc-option, -fsanitize=kernel-hwaddress) > + def_bool !CC_IS_GCC && $(cc-option, -fsanitize=kernel-hwaddress) > > # This option is only required for software KASAN modes. > # Old GCC versions do not have proper support for no_sanitize_address. > @@ -98,7 +101,7 @@ config KASAN_SW_TAGS > help > Enables Software Tag-Based KASAN. > > - Requires GCC 11+ or Clang. > + Requires Clang. > > Supported only on arm64 CPUs and relies on Top Byte Ignore. > > -- > 2.47.0.rc1.288.g06298d1525-goog >
On Mon, Oct 14, 2024 at 6:11 PM Will Deacon <will@kernel.org> wrote: > > Syzbot reports a KASAN failure early during boot on arm64 when building > with GCC 12.2.0 and using the Software Tag-Based KASAN mode: > > | BUG: KASAN: invalid-access in smp_build_mpidr_hash arch/arm64/kernel/setup.c:133 [inline] > | BUG: KASAN: invalid-access in setup_arch+0x984/0xd60 arch/arm64/kernel/setup.c:356 > | Write of size 4 at addr 03ff800086867e00 by task swapper/0 > | Pointer tag: [03], memory tag: [fe] > > Initial triage indicates that the report is a false positive and a > thorough investigation of the crash by Mark Rutland revealed the root > cause to be a bug in GCC: > > > When GCC is passed `-fsanitize=hwaddress` or > > `-fsanitize=kernel-hwaddress` it ignores > > `__attribute__((no_sanitize_address))`, and instruments functions > > we require are not instrumented. > > > > [...] > > > > All versions [of GCC] I tried were broken, from 11.3.0 to 14.2.0 > > inclusive. > > > > I think we have to disable KASAN_SW_TAGS with GCC until this is > > fixed > > Disable Software Tag-Based KASAN when building with GCC by making > CC_HAS_KASAN_SW_TAGS depend on !CC_IS_GCC. > > Cc: Andrey Konovalov <andreyknvl@gmail.com> > Suggested-by: Mark Rutland <mark.rutland@arm.com> > Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com > Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com > Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3 > Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854 > Signed-off-by: Will Deacon <will@kernel.org> > --- > lib/Kconfig.kasan | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > While sweeping up pending fixes and open bug reports, I noticed this one > had slipped through the cracks... > > diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan > index 98016e137b7f..233ab2096924 100644 > --- a/lib/Kconfig.kasan > +++ b/lib/Kconfig.kasan > @@ -22,8 +22,11 @@ config ARCH_DISABLE_KASAN_INLINE > config CC_HAS_KASAN_GENERIC > def_bool $(cc-option, -fsanitize=kernel-address) > > +# GCC appears to ignore no_sanitize_address when -fsanitize=kernel-hwaddress > +# is passed. See https://bugzilla.kernel.org/show_bug.cgi?id=218854 (and > +# the linked LKML thread) for more details. > config CC_HAS_KASAN_SW_TAGS > - def_bool $(cc-option, -fsanitize=kernel-hwaddress) > + def_bool !CC_IS_GCC && $(cc-option, -fsanitize=kernel-hwaddress) > > # This option is only required for software KASAN modes. > # Old GCC versions do not have proper support for no_sanitize_address. > @@ -98,7 +101,7 @@ config KASAN_SW_TAGS > help > Enables Software Tag-Based KASAN. > > - Requires GCC 11+ or Clang. > + Requires Clang. > > Supported only on arm64 CPUs and relies on Top Byte Ignore. > > -- > 2.47.0.rc1.288.g06298d1525-goog > Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com> Thank you!
On Mon, 14 Oct 2024 17:11:00 +0100, Will Deacon wrote: > Syzbot reports a KASAN failure early during boot on arm64 when building > with GCC 12.2.0 and using the Software Tag-Based KASAN mode: > > | BUG: KASAN: invalid-access in smp_build_mpidr_hash arch/arm64/kernel/setup.c:133 [inline] > | BUG: KASAN: invalid-access in setup_arch+0x984/0xd60 arch/arm64/kernel/setup.c:356 > | Write of size 4 at addr 03ff800086867e00 by task swapper/0 > | Pointer tag: [03], memory tag: [fe] > > [...] Applied to arm64 (for-next/fixes), thanks! [1/1] kasan: Disable Software Tag-Based KASAN with GCC https://git.kernel.org/arm64/c/7aed6a2c51ff Cheers,
On Tue, Oct 15, 2024 at 01:39PM +0100, 'Will Deacon' via kasan-dev wrote: > On Mon, 14 Oct 2024 17:11:00 +0100, Will Deacon wrote: > > Syzbot reports a KASAN failure early during boot on arm64 when building > > with GCC 12.2.0 and using the Software Tag-Based KASAN mode: > > > > | BUG: KASAN: invalid-access in smp_build_mpidr_hash arch/arm64/kernel/setup.c:133 [inline] > > | BUG: KASAN: invalid-access in setup_arch+0x984/0xd60 arch/arm64/kernel/setup.c:356 > > | Write of size 4 at addr 03ff800086867e00 by task swapper/0 > > | Pointer tag: [03], memory tag: [fe] > > > > [...] > > Applied to arm64 (for-next/fixes), thanks! > > [1/1] kasan: Disable Software Tag-Based KASAN with GCC > https://git.kernel.org/arm64/c/7aed6a2c51ff I do not think this is the right fix. Please see alternative below. Please do double-check that the observed splat above is fixed with that. Thanks, -- Marco ------ >8 ------ From 23bd83dbff5a9778f34831ed292d5e52b4b0ee18 Mon Sep 17 00:00:00 2001 From: Marco Elver <elver@google.com> Date: Fri, 18 Oct 2024 10:18:24 +0200 Subject: [PATCH] kasan: Fix Software Tag-Based KASAN with GCC Per [1], -fsanitize=kernel-hwaddress with GCC currently does not disable instrumentation in functions with __attribute__((no_sanitize_address)). However, __attribute__((no_sanitize("hwaddress"))) does correctly disable instrumentation. Use it instead. Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117196 [1] Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3 Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854 Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com Cc: Andrew Pinski <pinskia@gmail.com> Cc: Andrey Konovalov <andreyknvl@gmail.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Will Deacon <will@kernel.org> Signed-off-by: Marco Elver <elver@google.com> --- include/linux/compiler-gcc.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index f805adaa316e..cd6f9aae311f 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -80,7 +80,11 @@ #define __noscs __attribute__((__no_sanitize__("shadow-call-stack"))) #endif +#ifdef __SANITIZE_HWADDRESS__ +#define __no_sanitize_address __attribute__((__no_sanitize__("hwaddress"))) +#else #define __no_sanitize_address __attribute__((__no_sanitize_address__)) +#endif #if defined(__SANITIZE_THREAD__) #define __no_sanitize_thread __attribute__((__no_sanitize_thread__))
On Fri, Oct 18, 2024 at 10:37 AM Marco Elver <elver@google.com> wrote: > > > Applied to arm64 (for-next/fixes), thanks! > > > > [1/1] kasan: Disable Software Tag-Based KASAN with GCC > > https://git.kernel.org/arm64/c/7aed6a2c51ff > > I do not think this is the right fix. Please see alternative below. > Please do double-check that the observed splat above is fixed with that. > > Thanks, > -- Marco > > ------ >8 ------ > > From 23bd83dbff5a9778f34831ed292d5e52b4b0ee18 Mon Sep 17 00:00:00 2001 > From: Marco Elver <elver@google.com> > Date: Fri, 18 Oct 2024 10:18:24 +0200 > Subject: [PATCH] kasan: Fix Software Tag-Based KASAN with GCC > > Per [1], -fsanitize=kernel-hwaddress with GCC currently does not disable > instrumentation in functions with __attribute__((no_sanitize_address)). > > However, __attribute__((no_sanitize("hwaddress"))) does correctly > disable instrumentation. Use it instead. > > Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117196 [1] > Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com > Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3 > Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854 > Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com > Cc: Andrew Pinski <pinskia@gmail.com> > Cc: Andrey Konovalov <andreyknvl@gmail.com> > Cc: Mark Rutland <mark.rutland@arm.com> > Cc: Will Deacon <will@kernel.org> > Signed-off-by: Marco Elver <elver@google.com> > --- > include/linux/compiler-gcc.h | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h > index f805adaa316e..cd6f9aae311f 100644 > --- a/include/linux/compiler-gcc.h > +++ b/include/linux/compiler-gcc.h > @@ -80,7 +80,11 @@ > #define __noscs __attribute__((__no_sanitize__("shadow-call-stack"))) > #endif > > +#ifdef __SANITIZE_HWADDRESS__ > +#define __no_sanitize_address __attribute__((__no_sanitize__("hwaddress"))) > +#else > #define __no_sanitize_address __attribute__((__no_sanitize_address__)) > +#endif > > #if defined(__SANITIZE_THREAD__) > #define __no_sanitize_thread __attribute__((__no_sanitize_thread__)) > -- > 2.47.0.rc1.288.g06298d1525-goog Tested the change, it does fix the boot-time issue #1 from [1], but #2 and #3 still exist. However, perhaps, just fixing #1 is already good enough to do a revert of the Will's patch - at least the kernel will boot without false-positive reports. But I would keep a note that SW_TAGS doesn't work well with GCC until [1] is fully resolved. Thanks! [1] https://bugzilla.kernel.org/show_bug.cgi?id=218854
On Fri, 18 Oct 2024 at 22:25, Andrey Konovalov <andreyknvl@gmail.com> wrote: > > On Fri, Oct 18, 2024 at 10:37 AM Marco Elver <elver@google.com> wrote: > > > > > Applied to arm64 (for-next/fixes), thanks! > > > > > > [1/1] kasan: Disable Software Tag-Based KASAN with GCC > > > https://git.kernel.org/arm64/c/7aed6a2c51ff > > > > I do not think this is the right fix. Please see alternative below. > > Please do double-check that the observed splat above is fixed with that. > > > > Thanks, > > -- Marco > > > > ------ >8 ------ > > > > From 23bd83dbff5a9778f34831ed292d5e52b4b0ee18 Mon Sep 17 00:00:00 2001 > > From: Marco Elver <elver@google.com> > > Date: Fri, 18 Oct 2024 10:18:24 +0200 > > Subject: [PATCH] kasan: Fix Software Tag-Based KASAN with GCC > > > > Per [1], -fsanitize=kernel-hwaddress with GCC currently does not disable > > instrumentation in functions with __attribute__((no_sanitize_address)). > > > > However, __attribute__((no_sanitize("hwaddress"))) does correctly > > disable instrumentation. Use it instead. > > > > Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117196 [1] > > Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com > > Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3 > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854 > > Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com > > Cc: Andrew Pinski <pinskia@gmail.com> > > Cc: Andrey Konovalov <andreyknvl@gmail.com> > > Cc: Mark Rutland <mark.rutland@arm.com> > > Cc: Will Deacon <will@kernel.org> > > Signed-off-by: Marco Elver <elver@google.com> > > --- > > include/linux/compiler-gcc.h | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h > > index f805adaa316e..cd6f9aae311f 100644 > > --- a/include/linux/compiler-gcc.h > > +++ b/include/linux/compiler-gcc.h > > @@ -80,7 +80,11 @@ > > #define __noscs __attribute__((__no_sanitize__("shadow-call-stack"))) > > #endif > > > > +#ifdef __SANITIZE_HWADDRESS__ > > +#define __no_sanitize_address __attribute__((__no_sanitize__("hwaddress"))) > > +#else > > #define __no_sanitize_address __attribute__((__no_sanitize_address__)) > > +#endif > > > > #if defined(__SANITIZE_THREAD__) > > #define __no_sanitize_thread __attribute__((__no_sanitize_thread__)) > > -- > > 2.47.0.rc1.288.g06298d1525-goog > > Tested the change, it does fix the boot-time issue #1 from [1], but #2 > and #3 still exist. Thanks for testing. AFAIK #2 and #3 look like false negatives, which are tolerable (not great, but it does not cause serious issues). > However, perhaps, just fixing #1 is already good enough to do a revert > of the Will's patch - at least the kernel will boot without > false-positive reports. > > But I would keep a note that SW_TAGS doesn't work well with GCC until > [1] is fully resolved. > > Thanks! > > [1] https://bugzilla.kernel.org/show_bug.cgi?id=218854
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan index 98016e137b7f..233ab2096924 100644 --- a/lib/Kconfig.kasan +++ b/lib/Kconfig.kasan @@ -22,8 +22,11 @@ config ARCH_DISABLE_KASAN_INLINE config CC_HAS_KASAN_GENERIC def_bool $(cc-option, -fsanitize=kernel-address) +# GCC appears to ignore no_sanitize_address when -fsanitize=kernel-hwaddress +# is passed. See https://bugzilla.kernel.org/show_bug.cgi?id=218854 (and +# the linked LKML thread) for more details. config CC_HAS_KASAN_SW_TAGS - def_bool $(cc-option, -fsanitize=kernel-hwaddress) + def_bool !CC_IS_GCC && $(cc-option, -fsanitize=kernel-hwaddress) # This option is only required for software KASAN modes. # Old GCC versions do not have proper support for no_sanitize_address. @@ -98,7 +101,7 @@ config KASAN_SW_TAGS help Enables Software Tag-Based KASAN. - Requires GCC 11+ or Clang. + Requires Clang. Supported only on arm64 CPUs and relies on Top Byte Ignore.