From patchwork Mon Jan 24 16:07:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 12722338 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78B15C433EF for ; Mon, 24 Jan 2022 16:07:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A7F296B0087; Mon, 24 Jan 2022 11:07:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A2DED6B0089; Mon, 24 Jan 2022 11:07:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F5D46B008C; Mon, 24 Jan 2022 11:07:54 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0045.hostedemail.com [216.40.44.45]) by kanga.kvack.org (Postfix) with ESMTP id 809DF6B0087 for ; Mon, 24 Jan 2022 11:07:54 -0500 (EST) Received: from smtpin23.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 3C5D592DE9 for ; Mon, 24 Jan 2022 16:07:54 +0000 (UTC) X-FDA: 79065661668.23.7A2D4D2 Received: from mail-ed1-f73.google.com (mail-ed1-f73.google.com [209.85.208.73]) by imf13.hostedemail.com (Postfix) with ESMTP id E68F220038 for ; Mon, 24 Jan 2022 16:07:53 +0000 (UTC) Received: by mail-ed1-f73.google.com with SMTP id eg24-20020a056402289800b00407f95c4c35so2831803edb.10 for ; Mon, 24 Jan 2022 08:07:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=+AGye14zUPVTO5AZFKONKRmJ1sfYnaX/7sKikyozmko=; b=QXGUwCgt1+kK6OcCemwNcuv0PgKoZWFn89I0RX5BwEJuTdfddVOpxolfDA5VFaGqL6 0t7BgDpLEYhLPYW7RjPwR5Bq2kbBosjG3F59mLqDhJ8ia0gHXxs04LrPE7EcjtFhzADK dERxkYpDjulnwu8zDxveSCd7o6LJJKAwwFJU5TVJGKrcigJHP6vrT57tWvOjNz5/xN9T N3/Oug4u8oKXb9t46GjNrrv86zIRqhnzyiCeNZ1XjZrDzhTW6ww0YZBdbmXMUNgKJsd5 nFvnoyQDIhL19F9vA/FzzHLT6pMAvGkepr+EJgtg+5Uvhy5g+Gjy39wGGAmwR5cqLo07 ++9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=+AGye14zUPVTO5AZFKONKRmJ1sfYnaX/7sKikyozmko=; b=xxyHTecsXhPpEo3zoe0gcV6buWymczhhZCVlDWayMJQhC16B6A2cXkoJBgEtF9CNvv 6kNCP2pireS0EP68CuHLc7bSmaGDO45eJP9z6vA3pFg4uk38/0pGZhp3hcURXKhojGCy a76lw98Nx4gXRHZ0tbO+0IG6W9mq+kSSQ7XPykkFE7FmyaS0fPkKofrSbdvqZ801hSNc mi9Lbjxy2ONXQBJ2tnWrhMGtvU9LQ+zauGJGVlwKzN7zruQOaPCxKvx5By9RcRbgM2u8 UeWG8QJI6CLURol6gUsnfEax+/4VVbKa6wW9coxut5jpL0/DLD0d7y5Xmz/kqVxCNalF SuTQ== X-Gm-Message-State: AOAM531hfkkDsZVnW7bSDFKXNCKgaLQ7JkzbfmRSPD+IvMz4miBDt1nT QdWs5z/OuuPI3/ysC8jI+kj/Rja7dw== X-Google-Smtp-Source: ABdhPJw5GaRdp0oIWma4V0SyalPQKMjbqS0Pow6hsewfsqFxweHT8lqeOWm/2zbmbFE/HF62wEOQldin5A== X-Received: from elver.muc.corp.google.com ([2a00:79e0:15:13:88a9:37db:5c27:10e]) (user=elver job=sendgmr) by 2002:a17:906:150c:: with SMTP id b12mr12577805ejd.284.1643040472427; Mon, 24 Jan 2022 08:07:52 -0800 (PST) Date: Mon, 24 Jan 2022 17:07:44 +0100 Message-Id: <20220124160744.1244685-1-elver@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.35.0.rc0.227.g00780c9af4-goog Subject: [PATCH] kasan: test: fix compatibility with FORTIFY_SOURCE From: Marco Elver To: elver@google.com, Andrew Morton Cc: Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Kees Cook , Brendan Higgins , linux-hardening@vger.kernel.org, Nico Pache X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: E68F220038 X-Stat-Signature: 68rxgrsx6use8jecgaa93t1fcypj4q1b Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=QXGUwCgt; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf13.hostedemail.com: domain of 32M7uYQUKCEcnu4n0pxxpun.lxvurw36-vvt4jlt.x0p@flex--elver.bounces.google.com designates 209.85.208.73 as permitted sender) smtp.mailfrom=32M7uYQUKCEcnu4n0pxxpun.lxvurw36-vvt4jlt.x0p@flex--elver.bounces.google.com X-HE-Tag: 1643040473-48136 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: With CONFIG_FORTIFY_SOURCE enabled, string functions will also perform dynamic checks using __builtin_object_size(ptr), which when failed will panic the kernel. Because the KASAN test deliberately performs out-of-bounds operations, the kernel panics with FORITY_SOURCE, for example: | kernel BUG at lib/string_helpers.c:910! | invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI | CPU: 1 PID: 137 Comm: kunit_try_catch Tainted: G B 5.16.0-rc3+ #3 | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 | RIP: 0010:fortify_panic+0x19/0x1b | ... | Call Trace: | | kmalloc_oob_in_memset.cold+0x16/0x16 | ... Fix it by also hiding `ptr` from the optimizer, which will ensure that __builtin_object_size() does not return a valid size, preventing fortified string functions from panicking. Reported-by: Nico Pache Signed-off-by: Marco Elver Reviewed-by: Andrey Konovalov Reviewed-by: Kees Cook Reviewed-by: Nico Pache --- lib/test_kasan.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/test_kasan.c b/lib/test_kasan.c index 847cdbefab46..26a5c9007653 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c @@ -492,6 +492,7 @@ static void kmalloc_oob_in_memset(struct kunit *test) ptr = kmalloc(size, GFP_KERNEL); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); + OPTIMIZER_HIDE_VAR(ptr); OPTIMIZER_HIDE_VAR(size); KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr, 0, size + KASAN_GRANULE_SIZE)); @@ -515,6 +516,7 @@ static void kmalloc_memmove_negative_size(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); memset((char *)ptr, 0, 64); + OPTIMIZER_HIDE_VAR(ptr); OPTIMIZER_HIDE_VAR(invalid_size); KUNIT_EXPECT_KASAN_FAIL(test, memmove((char *)ptr, (char *)ptr + 4, invalid_size)); @@ -531,6 +533,7 @@ static void kmalloc_memmove_invalid_size(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); memset((char *)ptr, 0, 64); + OPTIMIZER_HIDE_VAR(ptr); KUNIT_EXPECT_KASAN_FAIL(test, memmove((char *)ptr, (char *)ptr + 4, invalid_size)); kfree(ptr); @@ -893,6 +896,7 @@ static void kasan_memchr(struct kunit *test) ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); + OPTIMIZER_HIDE_VAR(ptr); OPTIMIZER_HIDE_VAR(size); KUNIT_EXPECT_KASAN_FAIL(test, kasan_ptr_result = memchr(ptr, '1', size + 1)); @@ -919,6 +923,7 @@ static void kasan_memcmp(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); memset(arr, 0, sizeof(arr)); + OPTIMIZER_HIDE_VAR(ptr); OPTIMIZER_HIDE_VAR(size); KUNIT_EXPECT_KASAN_FAIL(test, kasan_int_result = memcmp(ptr, arr, size+1));