lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250801113228-5a2487e0-0d90-4828-88c7-be2e3c23ad3b@linutronix.de>
Date: Fri, 1 Aug 2025 11:38:15 +0200
From: Thomas Weißschuh <thomas.weissschuh@...utronix.de>
To: Yeoreum Yun <yeoreum.yun@....com>
Cc: ryabinin.a.a@...il.com, glider@...gle.com, andreyknvl@...il.com, 
	dvyukov@...gle.com, vincenzo.frascino@....com, akpm@...ux-foundation.org, 
	kasan-dev@...glegroups.com, linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] kasan: disable kasan_strings() kunit test when
 CONFIG_FORTIFY_SOURCE enabled

On Fri, Aug 01, 2025 at 10:28:05AM +0100, Yeoreum Yun wrote:
> When CONFIG_FORTIFY_SOURCE is enabled, invalid access from source
> triggers __fortify_panic() which kills running task.
> 
> This makes failured of kasan_strings() kunit testcase since the
> kunit-try-cacth kthread running kasan_string() dies before checking the
> fault.

"makes failured" sounds wrong. Maybe this?

"This interferes with kasan_strings(), as CONFIG_FORTIFY_SOURCE will trigger
and kill the test before KASAN can react."

> To address this, add define for __NO_FORTIFY for kasan kunit test.

"To address this" is superfluous. Maybe this?
"Disable CONFIG_FORTIFY_SOURCE through __NO_FORTIFY for the kasan kunit test to
remove the interference."

> 
> Signed-off-by: Yeoreum Yun <yeoreum.yun@....com>
> ---

Missing link and changelog to v1.

>  mm/kasan/Makefile | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
> index dd93ae8a6beb..b70d76c167ca 100644
> --- a/mm/kasan/Makefile
> +++ b/mm/kasan/Makefile
> @@ -44,6 +44,10 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
>  CFLAGS_KASAN_TEST += -fno-builtin
>  endif
> 
> +ifdef CONFIG_FORTIFY_SOURCE
> +CFLAGS_KASAN_TEST += -D__NO_FORTIFY
> +endif

The ifdef is unnecessary. If CONFIG_FORITY_SOURCE is not enabled, the define
will be a no-op. This also matches other uses of __NO_FORTIFY.

> +
>  CFLAGS_REMOVE_kasan_test_c.o += $(call cc-option, -Wvla-larger-than=1)
>  CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST)
>  RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN)
> --
> LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ