lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAG48ez2jj8KxxYG8-chkkzxiw-CLLK6MoSR6ajfCE6PyYyEZ=A@mail.gmail.com>
Date: Thu, 27 Mar 2025 00:09:40 +0100
From: Jann Horn <jannh@...gle.com>
To: Will Deacon <will@...nel.org>, kasan-dev <kasan-dev@...glegroups.com>, 
	Andrey Ryabinin <ryabinin.a.a@...il.com>
Cc: kernel list <linux-kernel@...r.kernel.org>, 
	Linux ARM <linux-arm-kernel@...ts.infradead.org>, 
	Catalin Marinas <catalin.marinas@....com>, Alexander Potapenko <glider@...gle.com>, 
	Andrey Konovalov <andreyknvl@...il.com>, Dmitry Vyukov <dvyukov@...gle.com>, 
	Vincenzo Frascino <vincenzo.frascino@....com>
Subject: does software KASAN not instrument READ_ONCE() on arm64 with LTO?

Hi!

I just realized - arm64 redefines __READ_ONCE() to use inline assembly
instead of a volatile load, and ASAN is designed to not instrument asm
statement operands (not even memory operands).
(I think I may have a years-old LLVM patch somewhere that changes
that, but I vaguely recall being told once that that's an intentional
design decision. I might be misremembering that though...)

So because __READ_ONCE() does not call anything like
instrument_read(), I think instrumentation-based KASAN in LTO arm64
builds probably doesn't cover READ_ONCE() accesses?

A quick test seems to confirm this: https://godbolt.org/z/8oYfaExYf

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ