The commit "kasan: add test for invalid size in memmove" introduced a
compilation warning where it used a negative size on purpose. Silence it
by disabling "array-bounds" checking for this file only for testing
purpose.
In file included from ./include/linux/bitmap.h:9,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:38,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/rcupdate.h:27,
from ./include/linux/rculist.h:11,
from ./include/linux/pid.h:5,
from ./include/linux/sched.h:14,
from ./include/linux/uaccess.h:6,
from ./arch/x86/include/asm/fpu/xstate.h:5,
from ./arch/x86/include/asm/pgtable.h:26,
from ./include/linux/kasan.h:15,
from lib/test_kasan.c:12:
In function 'memmove',
inlined from 'kmalloc_memmove_invalid_size' at
lib/test_kasan.c:301:2:
./include/linux/string.h:441:9: warning: '__builtin_memmove' pointer
overflow between offset 0 and size [-2, 9223372036854775807]
[-Warray-bounds]
return __builtin_memmove(p, q, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Qian Cai <[email protected]>
---
lib/Makefile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/Makefile b/lib/Makefile
index ab68a8674360..24d519a0741d 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -297,6 +297,8 @@ UBSAN_SANITIZE_ubsan.o := n
KASAN_SANITIZE_ubsan.o := n
KCSAN_SANITIZE_ubsan.o := n
CFLAGS_ubsan.o := $(call cc-option, -fno-stack-protector) $(DISABLE_STACKLEAK_PLUGIN)
+# kmalloc_memmove_invalid_size() does this on purpose.
+CFLAGS_test_kasan.o += $(call cc-disable-warning, array-bounds)
obj-$(CONFIG_SBITMAP) += sbitmap.o
--
1.8.3.1
On Tue, Mar 10, 2020 at 2:38 PM Qian Cai <[email protected]> wrote:
>
> The commit "kasan: add test for invalid size in memmove" introduced a
> compilation warning where it used a negative size on purpose. Silence it
> by disabling "array-bounds" checking for this file only for testing
> purpose.
>
> In file included from ./include/linux/bitmap.h:9,
> from ./include/linux/cpumask.h:12,
> from ./arch/x86/include/asm/cpumask.h:5,
> from ./arch/x86/include/asm/msr.h:11,
> from ./arch/x86/include/asm/processor.h:22,
> from ./arch/x86/include/asm/cpufeature.h:5,
> from ./arch/x86/include/asm/thread_info.h:53,
> from ./include/linux/thread_info.h:38,
> from ./arch/x86/include/asm/preempt.h:7,
> from ./include/linux/preempt.h:78,
> from ./include/linux/rcupdate.h:27,
> from ./include/linux/rculist.h:11,
> from ./include/linux/pid.h:5,
> from ./include/linux/sched.h:14,
> from ./include/linux/uaccess.h:6,
> from ./arch/x86/include/asm/fpu/xstate.h:5,
> from ./arch/x86/include/asm/pgtable.h:26,
> from ./include/linux/kasan.h:15,
> from lib/test_kasan.c:12:
> In function 'memmove',
> inlined from 'kmalloc_memmove_invalid_size' at
> lib/test_kasan.c:301:2:
> ./include/linux/string.h:441:9: warning: '__builtin_memmove' pointer
> overflow between offset 0 and size [-2, 9223372036854775807]
> [-Warray-bounds]
> return __builtin_memmove(p, q, size);
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Signed-off-by: Qian Cai <[email protected]>
> ---
> lib/Makefile | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/lib/Makefile b/lib/Makefile
> index ab68a8674360..24d519a0741d 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -297,6 +297,8 @@ UBSAN_SANITIZE_ubsan.o := n
> KASAN_SANITIZE_ubsan.o := n
> KCSAN_SANITIZE_ubsan.o := n
> CFLAGS_ubsan.o := $(call cc-option, -fno-stack-protector) $(DISABLE_STACKLEAK_PLUGIN)
> +# kmalloc_memmove_invalid_size() does this on purpose.
> +CFLAGS_test_kasan.o += $(call cc-disable-warning, array-bounds)
>
> obj-$(CONFIG_SBITMAP) += sbitmap.o
>
> --
> 1.8.3.1
>
Acked-by: Dmitry Vyukov <[email protected]>
Thanks
Hi Qian,
On Tue, 2020-03-10 at 16:20 +0100, 'Dmitry Vyukov' via kasan-dev wrote:
> On Tue, Mar 10, 2020 at 2:38 PM Qian Cai <[email protected]> wrote:
> >
> > The commit "kasan: add test for invalid size in memmove" introduced a
> > compilation warning where it used a negative size on purpose. Silence it
> > by disabling "array-bounds" checking for this file only for testing
> > purpose.
> >
> > In file included from ./include/linux/bitmap.h:9,
> > from ./include/linux/cpumask.h:12,
> > from ./arch/x86/include/asm/cpumask.h:5,
> > from ./arch/x86/include/asm/msr.h:11,
> > from ./arch/x86/include/asm/processor.h:22,
> > from ./arch/x86/include/asm/cpufeature.h:5,
> > from ./arch/x86/include/asm/thread_info.h:53,
> > from ./include/linux/thread_info.h:38,
> > from ./arch/x86/include/asm/preempt.h:7,
> > from ./include/linux/preempt.h:78,
> > from ./include/linux/rcupdate.h:27,
> > from ./include/linux/rculist.h:11,
> > from ./include/linux/pid.h:5,
> > from ./include/linux/sched.h:14,
> > from ./include/linux/uaccess.h:6,
> > from ./arch/x86/include/asm/fpu/xstate.h:5,
> > from ./arch/x86/include/asm/pgtable.h:26,
> > from ./include/linux/kasan.h:15,
> > from lib/test_kasan.c:12:
> > In function 'memmove',
> > inlined from 'kmalloc_memmove_invalid_size' at
> > lib/test_kasan.c:301:2:
> > ./include/linux/string.h:441:9: warning: '__builtin_memmove' pointer
> > overflow between offset 0 and size [-2, 9223372036854775807]
> > [-Warray-bounds]
> > return __builtin_memmove(p, q, size);
> > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
When pass the negative numbers, then there are two warning. In gcc-8 the
warning is checked by array-bounds, but in gcc-9 the warning is checked
by stringop-overflow.
I try to use you patch to check the gcc-9 toolchains, but it still have
the warning, but using below the patch can fix the warning in gcc-8 and
gcc-9.
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -289,6 +289,7 @@ static noinline void __init
kmalloc_memmove_invalid_size(void)
{
char *ptr;
size_t size = 64;
+ volatile size_t invalid_size = -2;
pr_info("invalid size in memmove\n");
ptr = kmalloc(size, GFP_KERNEL);
@@ -298,7 +299,7 @@ static noinline void __init
kmalloc_memmove_invalid_size(void)
}
memset((char *)ptr, 0, 64);
- memmove((char *)ptr, (char *)ptr + 4, -2);
+ memmove((char *)ptr, (char *)ptr + 4, invalid_size);
kfree(ptr);
}
> > Signed-off-by: Qian Cai <[email protected]>
> > ---
> > lib/Makefile | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/lib/Makefile b/lib/Makefile
> > index ab68a8674360..24d519a0741d 100644
> > --- a/lib/Makefile
> > +++ b/lib/Makefile
> > @@ -297,6 +297,8 @@ UBSAN_SANITIZE_ubsan.o := n
> > KASAN_SANITIZE_ubsan.o := n
> > KCSAN_SANITIZE_ubsan.o := n
> > CFLAGS_ubsan.o := $(call cc-option, -fno-stack-protector) $(DISABLE_STACKLEAK_PLUGIN)
> > +# kmalloc_memmove_invalid_size() does this on purpose.
> > +CFLAGS_test_kasan.o += $(call cc-disable-warning, array-bounds)
> >
> > obj-$(CONFIG_SBITMAP) += sbitmap.o
> >
> > --
> > 1.8.3.1
> >
>
> Acked-by: Dmitry Vyukov <[email protected]>
>
> Thanks
>