From patchwork Fri May 7 02:59:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Collingbourne X-Patchwork-Id: 12243927 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 851FDC433ED for ; Fri, 7 May 2021 02:59:28 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id F118A611ED for ; Fri, 7 May 2021 02:59:27 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F118A611ED Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 5CE136B0070; Thu, 6 May 2021 22:59:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 556346B0071; Thu, 6 May 2021 22:59:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3CFAC6B0072; Thu, 6 May 2021 22:59:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0082.hostedemail.com [216.40.44.82]) by kanga.kvack.org (Postfix) with ESMTP id 206E06B0070 for ; Thu, 6 May 2021 22:59:27 -0400 (EDT) Received: from smtpin21.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id C7A98824999B for ; Fri, 7 May 2021 02:59:26 +0000 (UTC) X-FDA: 78112929132.21.CAC30F8 Received: from mail-qt1-f201.google.com (mail-qt1-f201.google.com [209.85.160.201]) by imf17.hostedemail.com (Postfix) with ESMTP id A27DB40002ED for ; Fri, 7 May 2021 02:59:21 +0000 (UTC) Received: by mail-qt1-f201.google.com with SMTP id a15-20020a05622a02cfb02901b5e54ac2e5so4859591qtx.4 for ; Thu, 06 May 2021 19:59:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=cappnXSYxw2cm3oj0HniWaga7Ba/fVZpdxdCRyQBgQI=; b=T0jAaNJ1iAgJbkofaf6NZ8gQJXENieNf1aT8TLKfVqsxI67fOWoQ4gxSXFqZT91Anw LAvOVIkrqnx6oKBhJMx+0Ds7w0CkYuuOuHOgzcR4VRW2ouXdVWxgp4YoHvs192eZTx9d jZpgTmH/8tmGpoIFCnqDKvCzbksTjMf4wGYYL4RGmxCA5YTVIupZEydwrjbrzI8ab2eg +0vBhVTtk7m+L/YSFjcsWrpXjrJ5ilW9fwvtb6Mvq/Tu1aIC5ri+0cgzQsBD/1PKa9ph MExdQGvt/kHvamngnsDL7ZvU96271OwFo2V1fq9PbwvabV1DuScYgiqK4n1HsbQ5ihms 1sOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=cappnXSYxw2cm3oj0HniWaga7Ba/fVZpdxdCRyQBgQI=; b=bVOZWl9UTOLTicbWxL7gHo3njxTBHuCOLJl7A6EpxyXapthpCQbTap1umSfWvbCqsn FhDVonGfhGtfj8K9AOf4RGvw0KdPnCRxh6p+zSAdjjba+1M9W5y+7ladWbm1Vsz69JF5 wkEYe9QuRVmE43gqmJio+jgAGmm6MDt4urMYGyu2pOJ5fAPfDy5FbBmhVxpOwPbC8X+/ o2x4MxBd3MgnziEnKZuUv5IphvNPTEwFNGnO2uZYJvcwlWFrXoAMzBL2u2VeNvCKMkuQ nMsYN8vSxhX35y1DmAh6KNRsa/CGtBmGLQt0TqZ8INbgdmbnHUGpKqDqIT8F6s+BZuHM LlEg== X-Gm-Message-State: AOAM531UmbYr/aBChyvu16f0ixEfnSU4qigvYkDSntLDkRiFX1RsYkeB kDTMP4ZFog+1pOza9GL2Yu7zozc= X-Google-Smtp-Source: ABdhPJyC9KO0wmFxpHpvZ0fcEplOrP+wk9GwCVGQxtjM83Icbw9Ewq7in3PAKkxqqceUQ9fhuLypAzM= X-Received: from pcc-desktop.svl.corp.google.com ([2620:15c:2ce:200:c762:3d3c:b811:8e75]) (user=pcc job=sendgmr) by 2002:ad4:57a8:: with SMTP id g8mr7789052qvx.46.1620356365656; Thu, 06 May 2021 19:59:25 -0700 (PDT) Date: Thu, 6 May 2021 19:59:15 -0700 Message-Id: <20210507025915.1464056-1-pcc@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.31.1.607.g51e8a6a459-goog Subject: [PATCH v2] kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled From: Peter Collingbourne To: Andrey Konovalov , Alexander Potapenko Cc: Peter Collingbourne , George Popescu , Elena Petrova , Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, stable@vger.kernel.org Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=google.com header.s=20161025 header.b=T0jAaNJ1; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf17.hostedemail.com: domain of 3Da2UYAMKCMQzmmqyyqvo.mywvsx47-wwu5kmu.y1q@flex--pcc.bounces.google.com designates 209.85.160.201 as permitted sender) smtp.mailfrom=3Da2UYAMKCMQzmmqyyqvo.mywvsx47-wwu5kmu.y1q@flex--pcc.bounces.google.com X-Stat-Signature: wj9gztb3kobscmqx4jr9e65xieeoexzh X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: A27DB40002ED Received-SPF: none (flex--pcc.bounces.google.com>: No applicable sender policy available) receiver=imf17; identity=mailfrom; envelope-from="<3Da2UYAMKCMQzmmqyyqvo.mywvsx47-wwu5kmu.y1q@flex--pcc.bounces.google.com>"; helo=mail-qt1-f201.google.com; client-ip=209.85.160.201 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1620356361-503074 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000009, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: These tests deliberately access these arrays out of bounds, which will cause the dynamic local bounds checks inserted by CONFIG_UBSAN_LOCAL_BOUNDS to fail and panic the kernel. To avoid this problem, access the arrays via volatile pointers, which will prevent the compiler from being able to determine the array bounds. These accesses use volatile pointers to char (char *volatile) rather than the more conventional pointers to volatile char (volatile char *) because we want to prevent the compiler from making inferences about the pointer itself (i.e. its array bounds), not the data that it refers to. Signed-off-by: Peter Collingbourne Cc: stable@vger.kernel.org Link: https://linux-review.googlesource.com/id/I90b1713fbfa1bf68ff895aef099ea77b98a7c3b9 Tested-by: Alexander Potapenko Reviewed-by: Andrey Konovalov --- lib/test_kasan.c | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/lib/test_kasan.c b/lib/test_kasan.c index dc05cfc2d12f..cacbbbdef768 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c @@ -654,8 +654,20 @@ static char global_array[10]; static void kasan_global_oob(struct kunit *test) { - volatile int i = 3; - char *p = &global_array[ARRAY_SIZE(global_array) + i]; + /* + * Deliberate out-of-bounds access. To prevent CONFIG_UBSAN_LOCAL_BOUNDS + * from failing here and panicing the kernel, access the array via a + * volatile pointer, which will prevent the compiler from being able to + * determine the array bounds. + * + * This access uses a volatile pointer to char (char *volatile) rather + * than the more conventional pointer to volatile char (volatile char *) + * because we want to prevent the compiler from making inferences about + * the pointer itself (i.e. its array bounds), not the data that it + * refers to. + */ + char *volatile array = global_array; + char *p = &array[ARRAY_SIZE(global_array) + 3]; /* Only generic mode instruments globals. */ KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC); @@ -703,8 +715,9 @@ static void ksize_uaf(struct kunit *test) static void kasan_stack_oob(struct kunit *test) { char stack_array[10]; - volatile int i = OOB_TAG_OFF; - char *p = &stack_array[ARRAY_SIZE(stack_array) + i]; + /* See comment in kasan_global_oob. */ + char *volatile array = stack_array; + char *p = &array[ARRAY_SIZE(stack_array) + OOB_TAG_OFF]; KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_STACK); @@ -715,7 +728,9 @@ static void kasan_alloca_oob_left(struct kunit *test) { volatile int i = 10; char alloca_array[i]; - char *p = alloca_array - 1; + /* See comment in kasan_global_oob. */ + char *volatile array = alloca_array; + char *p = array - 1; /* Only generic mode instruments dynamic allocas. */ KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC); @@ -728,7 +743,9 @@ static void kasan_alloca_oob_right(struct kunit *test) { volatile int i = 10; char alloca_array[i]; - char *p = alloca_array + i; + /* See comment in kasan_global_oob. */ + char *volatile array = alloca_array; + char *p = array + i; /* Only generic mode instruments dynamic allocas. */ KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC);