Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2650086imm; Mon, 10 Sep 2018 04:35:07 -0700 (PDT) X-Google-Smtp-Source: ANB0VdY/YZ5wm+StpqBYSrkJmV1C4q/8QmnFZFhzyq32NM/dOIE6L0pRjFDXb63gQyusPWmWf9uV X-Received: by 2002:a63:2d87:: with SMTP id t129-v6mr22345624pgt.128.1536579307479; Mon, 10 Sep 2018 04:35:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536579307; cv=none; d=google.com; s=arc-20160816; b=CTnBcV+QP2RFUN60P2xzyxFR42a4y0of0xqslK4QEFUtesuQaMADgaaNt8/3FoUzah ls0kK5fQ9IdEPL8aotnyKy26U2QAWIrFsSK4zsNx24umZJskwZBJnxR1E+WjemKVHxId xzwDoWiuQycCgcf1rPE0hYM1CEt3GgwIPqTR+EnL/3Vplp7XQ8UfYJ8AHMfDHwEza4f/ KXl8E5tN36CrVc2VvWm3QxaWbEIVpjnhSEnqB1zhnTcm0TcHOrfps+64fkDU2JZzJp5J kL6Sk5Exgu8rxOFonu+EGlUgH6UH6OMPNfk/tk68jyx2b5eE127tl6fv24C/86ddMfNl HOvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=3zwQhjIkZmWygeU3flSW/FKcYvaXz29XN4mkD1xSYhI=; b=sMBCP+feI24phhq+5YC7Lt+/wMO+txStOoOvDlcQbf49ZPGIj2UKHWkQpANiRE7pHy RIqD+ixG4YBtKgPeQnHiDucgXvvMRmjFrEO2vzEoSy+1qZyES8K+eiaSNUC4atBsg5xK kUWEnzoXDFCgIj3ZGok+YQRZaEtGJMvG+DQfD9vg22syuQirL1GFHGp8bGy8DwLm1xAJ cxUJRNGbQQ2MNYF0/e7JSDAkF8iUpLgrrHlSBpx4pJnWpD04eTBl3M+/WVsXiiYaZuPY ggqWpwtYShSHlXoVcHpl2a761yMUbKzK+1WQuTkAcpUH3r+dvY4EV/6b7zXqRcCamJlI PT7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a23-v6si16647405pgd.235.2018.09.10.04.34.52; Mon, 10 Sep 2018 04:35:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728391AbeIJQ1H (ORCPT + 99 others); Mon, 10 Sep 2018 12:27:07 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:55798 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728004AbeIJQ1H (ORCPT ); Mon, 10 Sep 2018 12:27:07 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DB42B18A; Mon, 10 Sep 2018 04:33:29 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id ED48E3F575; Mon, 10 Sep 2018 04:33:27 -0700 (PDT) Date: Mon, 10 Sep 2018 12:33:22 +0100 From: Mark Rutland To: Andrey Ryabinin Cc: Will Deacon , Catalin Marinas , Andrew Morton , Kyeongdon Kim , Ard Biesheuvel , Alexander Potapenko , Dmitry Vyukov , kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] arm64: lib: use C string functions with KASAN enabled. Message-ID: <20180910113257.7rjj5qseu3m2tj6y@lakrids.cambridge.arm.com> References: <20180906170534.20726-1-aryabinin@virtuozzo.com> <20180907145605.GE12788@arm.com> <9634affa-b210-d931-e40b-6e8a20f105fc@virtuozzo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9634affa-b210-d931-e40b-6e8a20f105fc@virtuozzo.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 07, 2018 at 06:48:10PM +0300, Andrey Ryabinin wrote: > On 09/07/2018 05:56 PM, Will Deacon wrote: > > On Thu, Sep 06, 2018 at 08:05:33PM +0300, Andrey Ryabinin wrote: > >> ARM64 has asm implementations of memchr(), memcmp(), str[r]chr(), > >> str[n]cmp(), str[n]len(). KASAN don't see memory accesses in asm > >> code, thus it can potentially miss many bugs. > >> > >> Ifdef out __HAVE_ARCH_* defines of these functions when KASAN is > >> enabled, so the generic implementations from lib/string.c will be > >> used. > >> > >> Declare asm functions as weak instead of removing them because they > >> still can be used by efistub. > > > > I don't understand this bit: efistub uses the __pi_ prefixed > > versions of the routines, so why do we need to declare them as weak? > > Weak needed because we can't have two non-weak functions with the same > name. > > Alternative approach would be to never use e.g. "strlen" name for asm > implementation of strlen() under CONFIG_KASAN=y. But that would > require adding some special ENDPIPROC_KASAN() macro since we want > __pi_strlen() to point to the asm_strlen(). Somehow, what we have today works with CONFIG_FORTIFY_SOURCE, which AFAICT would suffer from texactly the same problem with things like memcpy. So either we're getting away with that by chance already (and should fix that regardless of this patch), or this is not actually a problem. Conditionally aliasing to pi_ in a linker script (or header, for functions which aren't special per the c spec) seems sane to me. > Using weak seems like a way better solution to me. I would strongly prefer fixing this without weak, even if we need a ENDPRPROC_KASAN, and/or wrappers in some header file somewhere, since if something goes wrong that will fail deterministically at build time rather than silently falling back to the wrong piece of code. Thanks, Mark.