Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp218527pxb; Fri, 15 Oct 2021 04:15:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwZrBn9jqQsth/ksfq7JGegM0HYeZk9LEdrEbxLOtSmX2yvbF/PuL8huqcmMP8wiUL06Fdj X-Received: by 2002:a17:902:b597:b0:13e:9ba6:fed with SMTP id a23-20020a170902b59700b0013e9ba60fedmr10702318pls.32.1634296507229; Fri, 15 Oct 2021 04:15:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634296507; cv=none; d=google.com; s=arc-20160816; b=ZO/TtIkC46upjW5ZL6+7k/lvczMu8gavncv0IoxH6RN3D6Cqtdb5laRpQcpP6sDrme YgPqw0VKdGpIJiipbStqYYn/GAO4HqZbwrWT6BVjAJ1rq0YvuIl1pTyP3wg94AyKlGEb QNvIIfTKs1+pYoSGKT+razEk2Whnx2BLaAz89xXQgtkBEk3yxv7TMckhXk0+JHMihgXz vVHixvs10o1IYyd1/5te1UE+Ssz+Ks5IAfOkDNG/fFQuSvUDGT/H1jfS4Go1hMg1deDo dwj6YBAwt7bsjPGbi7VRxGsin1ZMTamyLj67hEVtf6vSQeyVP4favhpTI8GWDwkmslo5 GThA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:references:in-reply-to:user-agent:subject:cc:to:from :date:dkim-signature; bh=1z9J+dqYZ0Lm4fpS0d38asO4WoVCpgoJ+AZGclBygSw=; b=0pW99gwmfCg0UFaJvTk8Ci4Q5of/PAK++6Y+rzfTgCa6PmrS3Iltw7tBs2QHA1DpE9 Ms6E5R3mvPHeZKSEvgsF8Qc3+KLzaY40e19brqG/WUgT7GvEG2COVLntnspkYY6QUdiG oAnkJf4n1AoeSNrJlaaqrvVuDg/Cx7wYH8uNhc3VawsVEJ9bm7ZfEmpwos+QunTcBvw1 wSp3OFxdc/HaxA6hy1c8o4VWCMxQ5fxfAChhh2GIffsR+Wmgp9Z3XEla2PwxMECdoDaq hGL2ZNadF/KFoOgzftr2Qik2WpmwqfjSFj0AKa9nrAE/kRJp2hrjVV/xGTjNFIM4Xe/o 66NQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=EvQpgtaA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h12si8192015pgb.298.2021.10.15.04.14.55; Fri, 15 Oct 2021 04:15:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=EvQpgtaA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231840AbhJOCmz (ORCPT + 99 others); Thu, 14 Oct 2021 22:42:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229570AbhJOCmy (ORCPT ); Thu, 14 Oct 2021 22:42:54 -0400 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AF92BC061753 for ; Thu, 14 Oct 2021 19:40:48 -0700 (PDT) Received: by mail-pj1-x102b.google.com with SMTP id np13so6193102pjb.4 for ; Thu, 14 Oct 2021 19:40:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:user-agent:in-reply-to:references :message-id:mime-version:content-transfer-encoding; bh=1z9J+dqYZ0Lm4fpS0d38asO4WoVCpgoJ+AZGclBygSw=; b=EvQpgtaABkTrtIlpw7t8qz1LOZyc0vQx+fTsu0AP1QNQHIOL6/eV3sr2y7xoI2EhUq /9UWjv2HwYYK7VPNe3Soj+xsI68YX6XRdiL/a+7zfFDD4vZqZInCVfqRLakBCcZWND5V dWMwvjyial6T3MGV8Dsis664VHgktnoPRinko= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:user-agent:in-reply-to :references:message-id:mime-version:content-transfer-encoding; bh=1z9J+dqYZ0Lm4fpS0d38asO4WoVCpgoJ+AZGclBygSw=; b=decZ7oaUtlqPsTB1ETdv/++IKFY/tggclH2t4Jmnotps/hO+XzkcUL/owfwtxk1uN2 PMWkzlMSwaL+qOCkTwyujEyCXrcggsbVXJ8DS5QwxOVDqej+Bflo/6jaDIHSLwz0IXwB b6noipRi6/WLBn0MxPyBCxUI7AURE1h1xPfE98mMSBYXNYSA5IiTGpHIPOX3g/vrzuW4 roLt0TJC1626Nyh6pWPtFivluKxgGW46C/QNIRnZVNxAdIjhdOh80ITYcIc3uuYvG/1N 1Ge5BWqG9nWj8m7V4DN1U6dAVYRMEgSjVA7ALjOarS0RxSsbOVt2zcdPL/ndhe3bQHkF AFTg== X-Gm-Message-State: AOAM5305DNjmV6pjstV6dHSOTs78T4puWcNLUuw6pO4emfepRAIP0XVO 2mO2fqX4WvRRGylEvMUOaLBZQ2eaKvFadw== X-Received: by 2002:a17:90a:4801:: with SMTP id a1mr24227600pjh.156.1634265648055; Thu, 14 Oct 2021 19:40:48 -0700 (PDT) Received: from [127.0.0.1] (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id kb15sm4048938pjb.43.2021.10.14.19.40.47 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 14 Oct 2021 19:40:47 -0700 (PDT) Date: Thu, 14 Oct 2021 19:40:45 -0700 From: Kees Cook To: Vincenzo Frascino , Arnd Bergmann , linux-hardening@vger.kernel.org, Kees Cook , Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , kasan-dev@googlegroups.com CC: Arnd Bergmann , Andrew Morton , Marco Elver , Catalin Marinas , Peter Collingbourne , Patricia Alfonso , linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/2] kasan: test: use underlying string helpers User-Agent: K-9 Mail for Android In-Reply-To: References: <20211013150025.2875883-1-arnd@kernel.org> Message-ID: <721BDA47-9998-4F0B-80B4-F4E4765E4885@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On October 14, 2021 1:12:54 AM PDT, Vincenzo Frascino wrote: > > >On 10/13/21 5:00 PM, Arnd Bergmann wrote: >> From: Arnd Bergmann >>=20 >> Calling memcmp() and memchr() with an intentional buffer overflow >> is now caught at compile time: >>=20 >> In function 'memcmp', >> inlined from 'kasan_memcmp' at lib/test_kasan=2Ec:897:2: >> include/linux/fortify-string=2Eh:263:25: error: call to '__read_overflo= w' declared with attribute error: detected read beyond size of object (1st = parameter) >> 263 | __read_overflow(); >> | ^~~~~~~~~~~~~~~~~ >> In function 'memchr', >> inlined from 'kasan_memchr' at lib/test_kasan=2Ec:872:2: >> include/linux/fortify-string=2Eh:277:17: error: call to '__read_overflo= w' declared with attribute error: detected read beyond size of object (1st = parameter) >> 277 | __read_overflow(); >> | ^~~~~~~~~~~~~~~~~ >>=20 >> Change the kasan tests to wrap those inside of a noinline function >> to prevent the compiler from noticing the bug and let kasan find >> it at runtime=2E >>=20 >> Signed-off-by: Arnd Bergmann > >Reviewed-by: Vincenzo Frascino How about just explicitly making the size invisible to the compiler? I did this for similar issues in the same source: https://lore=2Ekernel=2Eorg/linux-hardening/20211006181544=2E1670992-1-kee= scook@chromium=2Eorg/T/#u -Kees > >> --- >> lib/test_kasan=2Ec | 19 +++++++++++++++++-- >> 1 file changed, 17 insertions(+), 2 deletions(-) >>=20 >> diff --git a/lib/test_kasan=2Ec b/lib/test_kasan=2Ec >> index 67ed689a0b1b=2E=2E903215e944f1 100644 >> --- a/lib/test_kasan=2Ec >> +++ b/lib/test_kasan=2Ec >> @@ -852,6 +852,21 @@ static void kmem_cache_invalid_free(struct kunit *= test) >> kmem_cache_destroy(cache); >> } >> =20 >> +/* >> + * noinline wrappers to prevent the compiler from noticing the overflo= w >> + * at compile time rather than having kasan catch it=2E >> + * */ >> +static noinline void *__kasan_memchr(const void *s, int c, size_t n) >> +{ >> + return memchr(s, c, n); >> +} >> + >> +static noinline int __kasan_memcmp(const void *s1, const void *s2, siz= e_t n) >> +{ >> + return memcmp(s1, s2, n); >> +} >> + >> + >> static void kasan_memchr(struct kunit *test) >> { >> char *ptr; >> @@ -870,7 +885,7 @@ static void kasan_memchr(struct kunit *test) >> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); >> =20 >> KUNIT_EXPECT_KASAN_FAIL(test, >> - kasan_ptr_result =3D memchr(ptr, '1', size + 1)); >> + kasan_ptr_result =3D __kasan_memchr(ptr, '1', size + 1)); >> =20 >> kfree(ptr); >> } >> @@ -895,7 +910,7 @@ static void kasan_memcmp(struct kunit *test) >> memset(arr, 0, sizeof(arr)); >> =20 >> KUNIT_EXPECT_KASAN_FAIL(test, >> - kasan_int_result =3D memcmp(ptr, arr, size+1)); >> + kasan_int_result =3D __kasan_memcmp(ptr, arr, size+1)); >> kfree(ptr); >> } >> =20 >>=20 > --=20 Kees Cook