lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAFULd4bwLyGiJ87fvT+N06ANchEQ0aGZdLvT-U3C8ROwCADr4Q@mail.gmail.com>
Date: Mon, 16 Dec 2024 17:56:24 +0100
From: Uros Bizjak <ubizjak@...il.com>
To: Matt Fleming <matt@...dmodwrite.com>
Cc: Ingo Molnar <mingo@...nel.org>, Jakub Jelinek <jakub@...hat.com>, linux-kernel@...r.kernel.org, 
	kernel-team@...udflare.com
Subject: Re: CONFIG_KASAN triggers ASAN bug in GCC 13.3.0 and 14.1.0

On Mon, Dec 16, 2024 at 5:20 PM Matt Fleming <matt@...dmodwrite.com> wrote:
>
> On Sat, Dec 14, 2024 at 1:17 AM Uros Bizjak <ubizjak@...il.com> wrote:
> >
> > Does your config include CONFIG_UBSAN_BOOL=y ?
>
> Yes, it does!
>
> > There is a rare interaction between CONFIG_KASAN and CONFIG_UBSAN_BOOL
> > (aka -fsanitize=bool), reported in [1] and fixed for gcc-14.2 in [2].
> >
> > [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111736#c42
> >
> > [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115172
> >
> > Otherwise, please attach your .config, and I'll look into this issue.
>
> Thanks. Disabling CONFIG_UBSAN_BOOL does indeed make the kernels boot again.
>
> Should CONFIG_UBSAN_BOOL have a dependency on GCC 14.4+ ?

No, this is a very rare Oops that triggers only with gcc-14.1 version
and only when both KASAN and UBSAN are enabled. This is actually the
problem with sanitization of the percpu address when named address
spaces are enabled (IOW, sanitization of __seg_gs prefixed address).
UBSAN creates a temporary in memory, but forgets to copy memory tags,
including named address space qualifier from the original. Later ASAN
sanitizes this location as a normal variable (due to missing
qualifier), but actually should be disabled for __seg_gs prefixed
addresses.

Your report is only *the second* since sanitizers were re-enabled with
named address spaces. gcc-14.2 that includes the fix is available
since August 2024, and since sanitizers are strictly development
tools, my proposed solution would be to simply upgrade the compiler to
gcc-14.2 release.

Uros.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ