| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aKctip0/nVuirL4U@e129823.arm.com>
Date: Thu, 21 Aug 2025 15:30:34 +0100
From: Yeoreum Yun <yeoreum.yun@....com>
To: Ada Couprie Diaz <ada.coupriediaz@....com>
Cc: kasan-dev@...glegroups.com, Nathan Chancellor <nathan@...nel.org>,
Nicolas Schier <nicolas.schier@...ux.dev>,
Andrey Ryabinin <ryabinin.a.a@...il.com>,
Alexander Potapenko <glider@...gle.com>,
Andrey Konovalov <andreyknvl@...il.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Vincenzo Frascino <vincenzo.frascino@....com>,
Marco Elver <elver@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Michael Ellerman <mpe@...erman.id.au>, linux-kbuild@...r.kernel.org,
linux-kernel@...r.kernel.org, Mark Rutland <mark.rutland@....com>
Subject: Re: [PATCH] kasan: fix GCC mem-intrinsic prefix with sw tags
Reviewed-by: Yeoreum Yun <yeoreum.yun@....com>
On Thu, Aug 21, 2025 at 01:07:35PM +0100, Ada Couprie Diaz wrote:
> GCC doesn't support "hwasan-kernel-mem-intrinsic-prefix", only
> "asan-kernel-mem-intrinsic-prefix"[0], while LLVM supports both.
> This is already taken into account when checking
> "CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX", but not in the KASAN Makefile
> adding those parameters when "CONFIG_KASAN_SW_TAGS" is enabled.
>
> Replace the version check with "CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX",
> which already validates that mem-intrinsic prefix parameter can be used,
> and choose the correct name depending on compiler.
>
> GCC 13 and above trigger "CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX" which
> prevents `mem{cpy,move,set}()` being redefined in "mm/kasan/shadow.c"
> since commit 36be5cba99f6 ("kasan: treat meminstrinsic as builtins
> in uninstrumented files"), as we expect the compiler to prefix
> those calls with `__(hw)asan_` instead.
> But as the option passed to GCC has been incorrect, the compiler has
> not been emitting those prefixes, effectively never calling
> the instrumented versions of `mem{cpy,move,set}()`
> with "CONFIG_KASAN_SW_TAGS" enabled.
>
> If "CONFIG_FORTIFY_SOURCES" is enabled, this issue would be mitigated
> as it redefines `mem{cpy,move,set}()` and properly aliases the
> `__underlying_mem*()` that will be called to the instrumented versions.
>
> [0]: https://gcc.gnu.org/onlinedocs/gcc-13.4.0/gcc/Optimize-Options.html
>
> Signed-off-by: Ada Couprie Diaz <ada.coupriediaz@....com>
> Fixes: 36be5cba99f6 ("kasan: treat meminstrinsic as builtins in uninstrumented files")
> ---
> scripts/Makefile.kasan | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
> index 693dbbebebba..0ba2aac3b8dc 100644
> --- a/scripts/Makefile.kasan
> +++ b/scripts/Makefile.kasan
> @@ -86,10 +86,14 @@ kasan_params += hwasan-instrument-stack=$(stack_enable) \
> hwasan-use-short-granules=0 \
> hwasan-inline-all-checks=0
>
> -# Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*().
> -ifeq ($(call clang-min-version, 150000)$(call gcc-min-version, 130000),y)
> - kasan_params += hwasan-kernel-mem-intrinsic-prefix=1
> -endif
> +# Instrument memcpy/memset/memmove calls by using instrumented __(hw)asan_mem*().
> +ifdef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
> + ifdef CONFIG_CC_IS_GCC
> + kasan_params += asan-kernel-mem-intrinsic-prefix=1
> + else
> + kasan_params += hwasan-kernel-mem-intrinsic-prefix=1
> + endif
> +endif # CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
>
> endif # CONFIG_KASAN_SW_TAGS
>
>
> base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585
> --
> 2.43.0
>
--
Sincerely,
Yeoreum Yun
Powered by blists - more mailing lists