| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZDgOSp30Ec00u8wP@arm.com>
Date: Thu, 13 Apr 2023 15:14:34 +0100
From: Catalin Marinas <catalin.marinas@....com>
To: Marco Elver <elver@...gle.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Peter Zijlstra <peterz@...radead.org>,
Jakub Jelinek <jakub@...hat.com>,
linux-toolchains@...r.kernel.org,
Alexander Potapenko <glider@...gle.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
Andrey Ryabinin <ryabinin.a.a@...il.com>,
Andrey Konovalov <andreyknvl@...il.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Vincenzo Frascino <vincenzo.frascino@....com>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Nicolas Schier <nicolas@...sle.eu>,
Kees Cook <keescook@...omium.org>,
linux-kernel@...r.kernel.org, kasan-dev@...glegroups.com,
linux-mm@...ck.org, linux-kbuild@...r.kernel.org,
linux-hardening@...r.kernel.org,
Linux Kernel Functional Testing <lkft@...aro.org>,
Naresh Kamboju <naresh.kamboju@...aro.org>
Subject: Re: [PATCH v5 1/4] kasan: Emit different calls for instrumentable
memintrinsics
Hi Marco,
On Fri, Feb 24, 2023 at 09:59:39AM +0100, Marco Elver wrote:
> Clang 15 provides an option to prefix memcpy/memset/memmove calls with
> __asan_/__hwasan_ in instrumented functions: https://reviews.llvm.org/D122724
>
> GCC will add support in future:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108777
>
> Use it to regain KASAN instrumentation of memcpy/memset/memmove on
> architectures that require noinstr to be really free from instrumented
> mem*() functions (all GENERIC_ENTRY architectures).
>
> Fixes: 69d4c0d32186 ("entry, kasan, x86: Disallow overriding mem*() functions")
> Signed-off-by: Marco Elver <elver@...gle.com>
> Acked-by: Peter Zijlstra (Intel) <peterz@...radead.org>
> Reviewed-by: Andrey Konovalov <andreyknvl@...il.com>
> Tested-by: Linux Kernel Functional Testing <lkft@...aro.org>
> Tested-by: Naresh Kamboju <naresh.kamboju@...aro.org>
[...]
> diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
> index b9e94c5e7097..fa9f836f8039 100644
> --- a/scripts/Makefile.kasan
> +++ b/scripts/Makefile.kasan
> @@ -38,6 +38,11 @@ endif
>
> CFLAGS_KASAN += $(call cc-param,asan-stack=$(stack_enable))
>
> +# Instrument memcpy/memset/memmove calls by using instrumented __asan_mem*()
> +# instead. With compilers that don't support this option, compiler-inserted
> +# memintrinsics won't be checked by KASAN on GENERIC_ENTRY architectures.
> +CFLAGS_KASAN += $(call cc-param,asan-kernel-mem-intrinsic-prefix=1)
> +
> endif # CONFIG_KASAN_GENERIC
>
> ifdef CONFIG_KASAN_SW_TAGS
> @@ -54,6 +59,9 @@ CFLAGS_KASAN := -fsanitize=kernel-hwaddress \
> $(call cc-param,hwasan-inline-all-checks=0) \
> $(instrumentation_flags)
>
> +# Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*().
> +CFLAGS_KASAN += $(call cc-param,hwasan-kernel-mem-intrinsic-prefix=1)
This patch breaks the arm64 kernel builds with KASAN_SW_TAGS enabled and
clang prior to version 15. Those prior clang versions don't like the
'-mllvm -hwasan-kernel-mem-intrinsic-prefix=1' option, end up printing
the help text instead of generating the object.
Do we need some combination of cc-option and cc-param? Or at least
disable this instrumentation if earlier clang versions are used.
It's already in mainline as commit
51287dcb00cc715c27bf6a6b4dbd431621c5b65a.
Thanks.
--
Catalin
Powered by blists - more mailing lists