lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 13 Jul 2023 12:09:03 +0200
From:   Marco Elver <elver@...gle.com>
To:     Huacai Chen <chenhuacai@...nel.org>
Cc:     Andrey Konovalov <andreyknvl@...il.com>,
        Huacai Chen <chenhuacai@...ngson.cn>,
        Andrey Ryabinin <ryabinin.a.a@...il.com>,
        Alexander Potapenko <glider@...gle.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Vincenzo Frascino <vincenzo.frascino@....com>,
        kasan-dev@...glegroups.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kasan: Fix tests by removing -ffreestanding

On Thu, 13 Jul 2023 at 11:58, Huacai Chen <chenhuacai@...nel.org> wrote:
>
> Hi, Marco,
>
> On Thu, Jul 13, 2023 at 4:12 PM Marco Elver <elver@...gle.com> wrote:
> >
> > On Thu, 13 Jul 2023 at 06:33, Huacai Chen <chenhuacai@...nel.org> wrote:
> > >
> > > Hi, Andrey,
> > >
> > > On Thu, Jul 13, 2023 at 12:12 AM Andrey Konovalov <andreyknvl@...il.com> wrote:
> > > > On Wed, Jul 12, 2023 at 12:14 PM Huacai Chen <chenhuacai@...ngson.cn> wrote:
> > > > >
> > > > > CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX hopes -fbuiltin for memset()/
> > > > > memcpy()/memmove() if instrumentation is needed. This is the default
> > > > > behavior but some archs pass -ffreestanding which implies -fno-builtin,
> > > > > and then causes some kasan tests fail. So we remove -ffreestanding for
> > > > > kasan tests.
> > > >
> > > > Could you clarify on which architecture you observed tests failures?
> > > Observed on LoongArch [1], KASAN for LoongArch was planned to be
> > > merged in 6.5, but at the last minute I found some tests fail with
> > > GCC14 (CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX) so the patches are
> > > dropped. After some debugging we found the root cause is
> > > -ffreestanding.
> > [...]
> > > > >  CFLAGS_kasan_test.o := $(CFLAGS_KASAN_TEST)
> > > > > +CFLAGS_REMOVE_kasan_test.o := -ffreestanding
> > > > >  CFLAGS_kasan_test_module.o := $(CFLAGS_KASAN_TEST)
> > > > > +CFLAGS_REMOVE_kasan_test_module.o := -ffreestanding
> >
> > It makes sense that if -ffreestanding is added everywhere, that this
> > patch fixes the test. Also see:
> > https://lkml.kernel.org/r/20230224085942.1791837-3-elver@google.com
> >
> > -ffreestanding implies -fno-builtin, which used to be added to the
> > test where !CC_HAS_KASAN_MEMINTRINSIC_PREFIX (old compilers).
> >
> > But ideally, the test doesn't have any special flags to make it pass,
> > because ultimately we want the test setup to be as close to other
> > normal kernel code.
> >
> > What this means for LoongArch, is that the test legitimately is
> > pointing out an issue: namely that with newer compilers, your current
> > KASAN support for LoongArch is failing to detect bad accesses within
> > mem*() functions.
> >
> > The reason newer compilers should emit __asan_mem*() functions and
> > replace normal mem*() functions, is that making mem*() functions
> > always instrumented is not safe when e.g. called from uninstrumented
> > code. One problem is that compilers will happily generate
> > memcpy/memset calls themselves for e.g. variable initialization or
> > struct copies - and unfortunately -ffreestanding does _not_ prohibit
> > compilers from doing so: https://godbolt.org/z/hxGvdo4P9
> >
> > I would propose 2 options:
> >
> > 1. Removing -ffreestanding from LoongArch. It is unclear to me why
> > this is required. As said above, -ffreestanding does not actually
> > prohibit the compiler from generating implicit memset/memcpy. It
> > prohibits some other optimizations, but in the kernel, you might even
> > want those optimizations if common libcalls are already implemented
> > (which they should be?).
> >
> > 2. If KASAN is enabled on LoongArch, make memset/memcpy/memmove
> > aliases to __asan_memset/__asan_memcpy/__asan_memmove. That means
> > you'd have to invert how you currently set up __mem and mem functions:
> > the implementation is in __mem*, and mem* functions alias __mem* -or-
> > if KASAN is enabled __asan_mem* functions (ifdef
> > CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX to make old compilers work as
> > well).
> >
> > If you go with option #2 you are accepting the risk of using
> > instrumented mem* functions from uninstrumented files/functions. This
> > has been an issue for other architectures. In many cases you might get
> > lucky enough that it doesn't cause issues, but that's not guaranteed.
> Thank you for your advice, but we should keep -ffreestanding for
> LoongArch, even if it may cause failing to detect bad accesses.
> Because now the __builtin_memset() assumes hardware supports unaligned
> access, which is not the case for Loongson-2K series. If removing
> -ffreestanding, Loongson-2K gets a poor performance.
>
> On the other hand, LoongArch is not the only architecture use
> -ffreestanding, e.g., MIPS, X86_32, M68K and Xtensa also use, so the
> tests should get fixed.

That's fair - in which case, I would recommend option #2 or some
variant of it. Because fixing the test by removing -ffreestanding is
just hiding that there's a real issue that needs to be fixed to have
properly working KASAN on LoongArch.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ