From patchwork Wed Jan 31 21:00:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Paul_Heidekr=C3=BCger?= X-Patchwork-Id: 13539953 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1433BC47258 for ; Wed, 31 Jan 2024 21:01:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 800CD6B0080; Wed, 31 Jan 2024 16:01:16 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 7B0786B0081; Wed, 31 Jan 2024 16:01:16 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 678098D0001; Wed, 31 Jan 2024 16:01:16 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 599206B0080 for ; Wed, 31 Jan 2024 16:01:16 -0500 (EST) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id DBBE9160693 for ; Wed, 31 Jan 2024 21:01:15 +0000 (UTC) X-FDA: 81740826510.27.9BBF2CF Received: from postout2.mail.lrz.de (postout2.mail.lrz.de [129.187.255.138]) by imf24.hostedemail.com (Postfix) with ESMTP id 596B5180033 for ; Wed, 31 Jan 2024 21:01:12 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=tum.de header.s=tu-postout21 header.b=BQ3ghKEN; spf=pass (imf24.hostedemail.com: domain of paul.heidekrueger@tum.de designates 129.187.255.138 as permitted sender) smtp.mailfrom=paul.heidekrueger@tum.de; dmarc=pass (policy=none) header.from=tum.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706734873; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=j63P2XRlLUYNxZkT/iXoEqnLVCU36r89QKAA3Sp5iMQ=; b=PLPqZhWQ6uOgB+SCyu2m7M0PxzTv3uC2RbExgY1FDRiieJlsr8lnUrNugFgy5h8365QTnw lxQpEVa/ep1P1e+SgPx6w3ravQ/yGVhZ5M1pvk2FDY4yMbuNJ8c5PogEiZX5ekJFWF82Ep udkL7JOdqC8aAhudy5Hi768zAwWRbuI= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=tum.de header.s=tu-postout21 header.b=BQ3ghKEN; spf=pass (imf24.hostedemail.com: domain of paul.heidekrueger@tum.de designates 129.187.255.138 as permitted sender) smtp.mailfrom=paul.heidekrueger@tum.de; dmarc=pass (policy=none) header.from=tum.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706734873; a=rsa-sha256; cv=none; b=KR1ra1Qc0ibmcJRHH0lMW3xDxi8xBdCMT1M3dcFcEF9byhQ1Mh+D87SW7M7VNuYGeZ2KeR Z61ApVNkZTpOUcJ8mYvSzaGDJanym9vg7K7z41Ce9bFUFvq+WDW0y0KokFQiKGH7cSEB/O HyMx+9WbMWipIpvFvEYf2BngZSo7dRk= Received: from lxmhs52.srv.lrz.de (localhost [127.0.0.1]) by postout2.mail.lrz.de (Postfix) with ESMTP id 4TQDwP6773zyTC; Wed, 31 Jan 2024 22:01:09 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tum.de; h= content-transfer-encoding:content-type:content-type:mime-version :x-mailer:message-id:date:date:subject:subject:from:from :received:received; s=tu-postout21; t=1706734869; bh=8T0ntn8NGlF PYgSsqLjvDUhzTbz51vC/8f3x10gKGyk=; b=BQ3ghKENggnrHegXoDMqcoN3JXQ oMPUoNqAVuNpzockBkD6DkwKh6PMEznDw+VKB39p/bFMMfIwV7YTJ11KRo9HYQ2c at3082qW77EFLfb8INUmaqVNvaFRd3ciz5CoSBHbxow7pS2DZsXlcovKYL9V3eNN s1dqyIAjOMnodYoJFVKHDPr8gtGMetoRyQn3TSasxohjB0mkUItumrYecnTlhs9j NAFQfB+Hz97WHcMFBEF1YrQS0E1kBZog2EfWfpquI35UG686FzITnOMGD/zRgDD1 kDSJTAd4GsfQn/MfmFfIg7GNoq7bK3rFVoGQ+nLfDI0S8sARccEuqTi7B8g== X-Virus-Scanned: by amavisd-new at lrz.de in lxmhs52.srv.lrz.de Received: from postout2.mail.lrz.de ([127.0.0.1]) by lxmhs52.srv.lrz.de (lxmhs52.srv.lrz.de [127.0.0.1]) (amavisd-new, port 20024) with LMTP id 8EExbMguVg1z; Wed, 31 Jan 2024 22:01:09 +0100 (CET) Received: from sienna.fritz.box (ppp-93-104-72-246.dynamic.mnet-online.de [93.104.72.246]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by postout2.mail.lrz.de (Postfix) with ESMTPSA id 4TQDwN2WTRzySC; Wed, 31 Jan 2024 22:01:08 +0100 (CET) From: =?utf-8?q?Paul_Heidekr=C3=BCger?= To: Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , Andrew Morton , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: =?utf-8?q?Paul_Heidekr=C3=BCger?= , Marco Elver Subject: [PATCH RFC v2] kasan: add atomic tests Date: Wed, 31 Jan 2024 21:00:41 +0000 Message-Id: <20240131210041.686657-1-paul.heidekrueger@tum.de> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-Rspamd-Queue-Id: 596B5180033 X-Rspam-User: X-Stat-Signature: pd91autcgdke3i6xjm8nudtsg3q8oi7j X-Rspamd-Server: rspam01 X-HE-Tag: 1706734872-551075 X-HE-Meta: U2FsdGVkX1/n+NA85GkrRQo55ulM4glds/R0FCCdTB/OW8eEdEUrEYViZlVFh5YE+gQPu2ioGbLQsniE+i0xyr0TOyAxOKxMIa1H3mJoX9jq0OJ5xE0FKSoShk0GA9AY8ANqUJthb2yLAx22oZb7fZG2sUI20RuOGPLV3irEPVzdnob+lmHS7yzJCOqVig/jupUFSw/9YQwrNoSS0Smvs2rsCQ096mu7iVqlO4UsQjdwgDdFtZaszl8MsxA1sS2LjhGbcGelXINWHlbjBGEk+jz74pzTPZ6DxUqBIc+/S2EXsK1VE3qPHgn7evVNiK4WMeBlnp9oySGjTxpn9a32JU0ccw42XFIcs6V9m03+I5B0CjxjXWIXMsSz8v9DD6oYOlH9CU+nrmjYcOPKA7oznUiaG6BVcDOZJ35y7Cm8ODNcUlg2iZEpv8VTwgNiywHpmzpMFPcJhvMYM11wDRmsNcuSUxKkevjXMKm1uqqzm+RZUJmHpq9t0gj0krnR5hVfpEb/7wM+ju+8/WYnxgHi0y7GhuqtjGI+JbzfRMIF3ENc+GD4b2Rygb+vHZogTU/4XuCVWs0ZwJ5q5QTNeYIZeND8BGkXby1U/UF/znNeBBqauHRoDt24wknHnYerQRaRFXQEBYhXCHlHrI5zyqxm0wOLQK9uBsHwLkwSI+fWqpbQslzrcmwOsQrG8C1mqEa89oo4DeXzMuIOTfLfYPeSFy5KoxK8bdQGPufitG+Gg0j+xJD7jxgPg3CEL3QfeeG6srhZeQbcEowHA2WsBQJ10hk62p/r84L32qNVpjnUNdbOmbIU8QF/IMOStfGWmGFd2IsrUy3Vsea+mca7o3445CqNOQtcF5qU63yYfvxukrx0uzA9jlCWfdneArqgKpC22SHeiiLrFyy4/a0Wxkx2dHmBBd+EhjbdYQhq2UHd1OuThuoD8d5qrHUpNUJIMoopN0licM73XykC+V7pL2m kN/0I3LV 20crD+5N4Jv9DNrGAdd/ahN/rkU6v7R42Dsr7VLZJHHF0xTyZuSUKcujZ8AVhHTag6qqo3wm/YEbTC9CaX3BO3jQ0OeptT9BVFaPjhDdZBjqNlt1gfMqwgIhCVfMN0z6FsZh0dj2QAYsa9iJLIrj8bS3OSNtqIzAsPHy8d/VfEidud9gO3fDviXKBzf7mj4iqJF3GjAr9h1WuNzZ760MZKj//c5NfHNRZGAdOsoJtvKNx18+mtX3zVYXMs465UoZYa8OrZhdN/yef/eB0wjMh9tzfK1nUaG0zUFF2tICTVaH3zQme00RsM1d0ge+pm2Qkg9HEZebR8nQutbSWxPhzx8LTbMVflay0UkaRqyF7bgXYYJKQS5LQX+k8tT131txosCcFOgdNgBkRBFxRkWiC4yjxfQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi! This RFC patch adds tests that detect whether KASan is able to catch unsafe atomic accesses. Since v1, which can be found on Bugzilla (see "Closes:" tag), I've made the following suggested changes: * Adjust size of allocations to make kasan_atomics() work with all KASan modes * Remove comments and move tests closer to the bitops tests * For functions taking two addresses as an input, test each address in a separate function call. * Rename variables for clarity * Add tests for READ_ONCE(), WRITE_ONCE(), smp_load_acquire() and smp_store_release() I'm still uncelar on which kinds of atomic accesses we should be testing though. The patch below only covers a subset, and I don't know if it would be feasible to just manually add all atomics of interest. Which ones would those be exactly? As Andrey pointed out on Bugzilla, if we were to include all of the atomic64_* ones, that would make a lot of function calls. Also, the availability of atomics varies between architectures; I did my testing on arm64. Is something like gen-atomic-instrumented.sh required? Many thanks, Paul CC: Marco Elver CC: Andrey Konovalov Closes: https://bugzilla.kernel.org/show_bug.cgi?id=214055 Signed-off-by: Paul Heidekrüger --- mm/kasan/kasan_test.c | 50 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c index 8281eb42464b..1ab4444fe4a0 100644 --- a/mm/kasan/kasan_test.c +++ b/mm/kasan/kasan_test.c @@ -1150,6 +1150,55 @@ static void kasan_bitops_tags(struct kunit *test) kfree(bits); } +static void kasan_atomics_helper(struct kunit *test, void *unsafe, void *safe) +{ + int *i_safe = (int *)safe; + int *i_unsafe = (int *)unsafe; + + KUNIT_EXPECT_KASAN_FAIL(test, READ_ONCE(*i_unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, WRITE_ONCE(*i_unsafe, 42)); + KUNIT_EXPECT_KASAN_FAIL(test, smp_load_acquire(i_unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, smp_store_release(i_unsafe, 42)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_read(unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_set(unsafe, 42)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add(42, unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_sub(42, unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc(unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec(unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_and(42, unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_andnot(42, unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_or(42, unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_xor(42, unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_xchg(unsafe, 42)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_cmpxchg(unsafe, 21, 42)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_try_cmpxchg(unsafe, safe, 42)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_try_cmpxchg(safe, unsafe, 42)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_sub_and_test(42, unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_and_test(unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_and_test(unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add_negative(42, unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_add_unless(unsafe, 21, 42)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_not_zero(unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_inc_unless_negative(unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_unless_positive(unsafe)); + KUNIT_EXPECT_KASAN_FAIL(test, atomic_dec_if_positive(unsafe)); +} + +static void kasan_atomics(struct kunit *test) +{ + int *a1, *a2; + + a1 = kzalloc(48, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, a1); + a2 = kzalloc(sizeof(*a1), GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, a1); + + kasan_atomics_helper(test, (void *)a1 + 48, (void *)a2); + + kfree(a1); + kfree(a2); +} + static void kmalloc_double_kzfree(struct kunit *test) { char *ptr; @@ -1553,6 +1602,7 @@ static struct kunit_case kasan_kunit_test_cases[] = { KUNIT_CASE(kasan_strings), KUNIT_CASE(kasan_bitops_generic), KUNIT_CASE(kasan_bitops_tags), + KUNIT_CASE(kasan_atomics), KUNIT_CASE(kmalloc_double_kzfree), KUNIT_CASE(rcu_uaf), KUNIT_CASE(workqueue_uaf),