From: Breno Leitao <leitao@debian.org>
To: Justin Stitt <justinstitt@google.com>
Cc: kees@kernel.org, elver@google.com, andreyknvl@gmail.com,
ryabinin.a.a@gmail.com, kasan-dev@googlegroups.com,
linux-hardening@vger.kernel.org, axboe@kernel.dk,
asml.silence@gmail.com, netdev@vger.kernel.org
Subject: Re: UBSAN: annotation to skip sanitization in variable that will wrap
Date: Thu, 15 Aug 2024 10:58:56 -0700 [thread overview]
Message-ID: <Zr5B4Du+GTUVTFV9@gmail.com> (raw)
In-Reply-To: <CAFhGd8oowe7TwS88SU1ETJ1qvBP++MOL1iz3GrqNs+CDUhKbzg@mail.gmail.com>
Hello Justin,
On Wed, Aug 14, 2024 at 02:05:49PM -0700, Justin Stitt wrote:
> > I am seeing some signed-integer-overflow in percpu reference counters.
>
> it is brave of you to enable this sanitizer :>)
UBSAN has been somehow useful to pick some problems, so, I try to invest
some time understanding what UBSAN, and see how much it can help when
solving "unexpected" and misterious issues, which is something that
challenges me.
> > Is there a way to annotate the code to tell UBSAN that this overflow is
> > expected and it shouldn't be reported?
> Great question.
>
> 1) There exists some new-ish macros in overflow.h that perform
> wrapping arithmetic without triggering sanitizer splats -- check out
> the wrapping_* suite of macros.
do they work for atomic? I suppose we also need to have them added to
this_cpu_add(), this_cpu_sub() helpers.
> 2) I have a Clang attribute in the works [1] that would enable you to
> annotate expressions or types that are expected to wrap and will
> therefore silence arithmetic overflow/truncation sanitizers. If you
> think this could help make the kernel better then I'd appreciate a +1
> on that PR so it can get some more review from compiler people! Kees
> and I have some other Clang features in the works that will allow for
> better mitigation strategies for intended overflow in the kernel.
Thanks. I've added a +1 there.
next prev parent reply other threads:[~2024-08-15 17:59 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-14 17:10 UBSAN: annotation to skip sanitization in variable that will wrap Breno Leitao
2024-08-14 21:05 ` Justin Stitt
2024-08-15 16:20 ` Kees Cook
2024-08-15 17:58 ` Breno Leitao [this message]
2024-08-15 18:40 ` Jens Axboe
2024-08-16 19:47 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zr5B4Du+GTUVTFV9@gmail.com \
--to=leitao@debian.org \
--cc=andreyknvl@gmail.com \
--cc=asml.silence@gmail.com \
--cc=axboe@kernel.dk \
--cc=elver@google.com \
--cc=justinstitt@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=ryabinin.a.a@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.