Skip to content

Commit 09c6304

Browse files
melvertorvalds
melver
authored and
torvalds
committed
kasan: test: fix compatibility with FORTIFY_SOURCE
With CONFIG_FORTIFY_SOURCE enabled, string functions will also perform dynamic checks using __builtin_object_size(ptr), which when failed will panic the kernel. Because the KASAN test deliberately performs out-of-bounds operations, the kernel panics with FORTIFY_SOURCE, for example: | kernel BUG at lib/string_helpers.c:910! | invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI | CPU: 1 PID: 137 Comm: kunit_try_catch Tainted: G B 5.16.0-rc3+ #3 | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 | RIP: 0010:fortify_panic+0x19/0x1b | ... | Call Trace: | kmalloc_oob_in_memset.cold+0x16/0x16 | ... Fix it by also hiding `ptr` from the optimizer, which will ensure that __builtin_object_size() does not return a valid size, preventing fortified string functions from panicking. Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Marco Elver <[email protected]> Reported-by: Nico Pache <[email protected]> Reviewed-by: Nico Pache <[email protected]> Reviewed-by: Andrey Konovalov <[email protected]> Reviewed-by: Kees Cook <[email protected]> Cc: Andrey Ryabinin <[email protected]> Cc: Alexander Potapenko <[email protected]> Cc: Dmitry Vyukov <[email protected]> Cc: Brendan Higgins <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
1 parent 0226bd6 commit 09c6304

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

lib/test_kasan.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -492,6 +492,7 @@ static void kmalloc_oob_in_memset(struct kunit *test)
492492
ptr = kmalloc(size, GFP_KERNEL);
493493
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
494494

495+
OPTIMIZER_HIDE_VAR(ptr);
495496
OPTIMIZER_HIDE_VAR(size);
496497
KUNIT_EXPECT_KASAN_FAIL(test,
497498
memset(ptr, 0, size + KASAN_GRANULE_SIZE));
@@ -515,6 +516,7 @@ static void kmalloc_memmove_negative_size(struct kunit *test)
515516
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
516517

517518
memset((char *)ptr, 0, 64);
519+
OPTIMIZER_HIDE_VAR(ptr);
518520
OPTIMIZER_HIDE_VAR(invalid_size);
519521
KUNIT_EXPECT_KASAN_FAIL(test,
520522
memmove((char *)ptr, (char *)ptr + 4, invalid_size));
@@ -531,6 +533,7 @@ static void kmalloc_memmove_invalid_size(struct kunit *test)
531533
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
532534

533535
memset((char *)ptr, 0, 64);
536+
OPTIMIZER_HIDE_VAR(ptr);
534537
KUNIT_EXPECT_KASAN_FAIL(test,
535538
memmove((char *)ptr, (char *)ptr + 4, invalid_size));
536539
kfree(ptr);
@@ -893,6 +896,7 @@ static void kasan_memchr(struct kunit *test)
893896
ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
894897
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
895898

899+
OPTIMIZER_HIDE_VAR(ptr);
896900
OPTIMIZER_HIDE_VAR(size);
897901
KUNIT_EXPECT_KASAN_FAIL(test,
898902
kasan_ptr_result = memchr(ptr, '1', size + 1));
@@ -919,6 +923,7 @@ static void kasan_memcmp(struct kunit *test)
919923
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
920924
memset(arr, 0, sizeof(arr));
921925

926+
OPTIMIZER_HIDE_VAR(ptr);
922927
OPTIMIZER_HIDE_VAR(size);
923928
KUNIT_EXPECT_KASAN_FAIL(test,
924929
kasan_int_result = memcmp(ptr, arr, size+1));

0 commit comments

Comments
 (0)