Received: by 2002:a05:6500:2018:b0:1fb:9675:f89d with SMTP id t24csp553640lqh; Fri, 31 May 2024 09:09:46 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUyUktZg9RACilHCOKmQoYLPpupyq2717w9rRjLWYJY3RAbP54J1Cu4pFsmsxMK0c/sFhEDQ3+cxak2csW65an/CI6t/FNTbLOYUAVjUQ== X-Google-Smtp-Source: AGHT+IGUuhVTcZTbR5r/VtGkQMarA2faGYm0l/j8hHRq5jOrm2MQnVUUBKdqlPgX8Brgm81xpM0p X-Received: by 2002:a05:6870:1652:b0:23e:b430:3f87 with SMTP id 586e51a60fabf-2508be17d8cmr2433489fac.2.1717171786515; Fri, 31 May 2024 09:09:46 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717171786; cv=pass; d=google.com; s=arc-20160816; b=gFM5FD+nySuWcy9yqGTjBeoVo4DNxZcbUsx3QKFllLEWbMjdM1r7u3U25QxU4xwEYu ZboI454jIN8Vtrx1T+vYLHJeAW9iuaLYUoO9W/+z1MRPfURe/Wh8fkBT+KjRJ+ScI3Ag sTD4JSoLEUme0yCgyKJQM5BZbA94MkgTcCDns9CF3Wmv1AZo3jTVwfpZDXv4nP9ynRNa 20EUmuAsxHRv4Oa0DsGFfXaQtk7Iv5EFIBfA45xRZ5nEY7v3Xu9u+FK9nVMSHltK8wD4 Vtf/I1Hi9bURMrHPK+HKL16LIKCI67Tx7clea+qyPkKVjL0lQxSMwcgALGej+ZcbhvN+ By0A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=m7KSyIRJPxSvS3PyvCoJ5dVwo/EdE/EUhsGTvAEU9AM=; fh=hs3+rUj1NkCZc1bgu9WnMUu3KbyXldWzJ6VFSRYGgHI=; b=us5m5ctXLPOSi93Mw9jX5S/fSJZqRl2ISGX4FtcLWVgOFGhzSJg4OZs7A1NrPyaH1B RwfAbY8SZeuWTyiGcsh3ac/ZviwyYS5Rp/j7CEsYdOT1Tu+KocI/u2u5dRbSpwdJs/5H qOen8pztMdkascPJKHBHMCGWbx9uF7xo4n6e6UMT9uDgnmwvDHzvpZfObhTLR7ARO5U0 KaMtJsgxUfjBjNsTdBsMwbtLqdTfjNt3vbNwYWcVW4i29VKhcIDr2iPSX94e7GL6PAt7 rUJLGQI8rJpzUc9D6ltYTTa9ACsKqqOpnrt62e1a9in6t0ksM62Rjxu9X+yxX3Oc59K9 X4Dg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=dRcdQtbr; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-197115-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-197115-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id a1e0cc1a2514c-80adee64eb8si370899241.122.2024.05.31.09.09.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 May 2024 09:09:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-197115-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=dRcdQtbr; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-197115-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-197115-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id CC1E41C23E3F for ; Fri, 31 May 2024 16:09:27 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 453EC158D8D; Fri, 31 May 2024 16:09:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="dRcdQtbr" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66C1B54784; Fri, 31 May 2024 16:09:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717171760; cv=none; b=c3UGmCCQxcsG8OwQFY054S5ZNVcGTXWYP1HX6mJAGEB/edEQVdakD6DrC/KSb5KwT6f4SPrLDWba0M32bgH1llFi9Djadd3+qEbxhgesZvAn7fans2dH6I+0iP6C+ZLJsF5Ip4MuL/0qfN3+zNu2sKM6OJ2t041z2a9NdVAbTNg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717171760; c=relaxed/simple; bh=d/7FCWODhzM+ypJrYan6/6CsLmvkUK1bnC8sfHFlqP0=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=gB626VkP7rAIh60c5d3uvG9ubjtVZdBTuK33vrR0Ga+DSXP2fY0pFICHpljGTJ4OcdR3/JO7qO4ZPArdFM6Cnt3iv9l1cdTLH8rw0pi1er9MoDzNWAvknCuWM3R0/6pYeHisUWUVTbHWrPS1rPkD/YKL3woXUR647SDl/+8TozI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=dRcdQtbr; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3F81BC116B1; Fri, 31 May 2024 16:09:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717171760; bh=d/7FCWODhzM+ypJrYan6/6CsLmvkUK1bnC8sfHFlqP0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=dRcdQtbr2eoP3fatVlc7AyK9Cm8+T+o1APLpoigDQNfEQn5A5jQuuuyUfSeMvpN9o nHWoHhQqn1xlzgQqoZsrElY3kYUKSsLwJb2bqIJxFXtfKCtB2oI+mx5umkhAst1eqs ekLnDj0IGjbtlqk8yhU+1qIhuAC5Y0X9pY11UcBMycC2cUbWaiGrFLrCKIFzR0BNCb 8FacOKFS/gM7k5nuw9WR5CsNrI4o0DWN54JWEHk0zzLtqo5DHKsKP+RW9mfW35bkHp JFMp5k2jlJAjSwONfASAKp/5nKYM/DmcI7fKZHuxkk67ktbA5epAtDcbe/TZJzvWbJ bCQpkaACooJmg== Date: Fri, 31 May 2024 09:09:19 -0700 From: Kees Cook To: Masahiro Yamada Cc: Arnd Bergmann , linux-kbuild@vger.kernel.org, Linux-Arch , linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/3] kbuild: provide reasonable defaults for tool coverage Message-ID: <202405310908.A5733DF@keescook> References: <20240506133544.2861555-1-masahiroy@kernel.org> <20240506133544.2861555-2-masahiroy@kernel.org> <0e8dee26-41cc-41ae-9493-10cd1a8e3268@app.fastmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Fri, May 31, 2024 at 07:16:30PM +0900, Masahiro Yamada wrote: > On Fri, May 31, 2024 at 6:06 PM Arnd Bergmann wrote: > > > > On Fri, May 31, 2024, at 10:52, Masahiro Yamada wrote: > > > On Tue, May 28, 2024 at 8:36 PM Arnd Bergmann wrote: > > > > >> I don't understand the nature of this warning, but I see > > >> that your patch ended up dropping -fsanitize=kernel-address > > >> from the compiler flags because the lib/test_fortify/*.c files > > >> don't match the $(is-kernel-object) rule. Adding back > > >> -fsanitize=kernel-address shuts up these warnings. > > > > > > > > > In my understanding, fortify-string is independent of KASAN. > > > > > > I do not understand why -fsanitize=kernel-address matters. > > > > Right, this is something I've failed to understand as well > > so far. > > > > >> I've applied a local workaround in my randconfig tree > > >> > > >> diff --git a/lib/Makefile b/lib/Makefile > > >> index ddcb76b294b5..d7b8fab64068 100644 > > >> --- a/lib/Makefile > > >> +++ b/lib/Makefile > > >> @@ -425,5 +425,7 @@ $(obj)/$(TEST_FORTIFY_LOG): $(addprefix $(obj)/, $(TEST_FORTIFY_LOGS)) FORCE > > >> > > >> # Fake dependency to trigger the fortify tests. > > >> ifeq ($(CONFIG_FORTIFY_SOURCE),y) > > >> +ifndef CONFIG_KASAN > > >> $(obj)/string.o: $(obj)/$(TEST_FORTIFY_LOG) > > >> +endif > > >> endif > > >> > > >> > > >> which I don't think we want upstream. Can you and Kees come > > >> up with a proper fix instead? > > > > > > I set CONFIG_FORTIFY_SOURCE=y and CONFIG_KASAN=y, > > > but I did not observe such warnings. > > > Is this arch or compiler-specific? > > > > > > > > > Could you provide me with the steps to reproduce it? > > > > This is a randconfig .config file that shows it, but > > I've seen it in a lot of others: > > https://pastebin.com/raw/ESVzUeth > > > > If this doesn't reproduce it for you, I can try to narrow > > it down further. > > > > Arnd > > > Thanks, I was able to reproduce it. > > The issue happens with CONFIG_KASAN_SW_TAGS. > > I do not see the issue with CONFIG_KASAN_GENERIC. I'll try to figure this out. I suspect some kind of symbol name changes are happening? The fortify tests expect to find specifically-named symbols, so perhaps something is disrupting that? -- Kees Cook