From: Mark Rutland <mark.rutland@arm.com>
To: Will Deacon <will@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, ryabinin.a.a@gmail.com,
glider@google.com, kasan-dev@googlegroups.com,
Andrey Konovalov <andreyknvl@gmail.com>,
syzbot+908886656a02769af987@syzkaller.appspotmail.com
Subject: Re: [PATCH] kasan: Disable Software Tag-Based KASAN with GCC
Date: Mon, 14 Oct 2024 17:25:45 +0100 [thread overview]
Message-ID: <Zw1GCeNTnbbHE_Bb@J2N7QTR9R3> (raw)
In-Reply-To: <20241014161100.18034-1-will@kernel.org>
On Mon, Oct 14, 2024 at 05:11:00PM +0100, Will Deacon wrote:
> Syzbot reports a KASAN failure early during boot on arm64 when building
> with GCC 12.2.0 and using the Software Tag-Based KASAN mode:
>
> | BUG: KASAN: invalid-access in smp_build_mpidr_hash arch/arm64/kernel/setup.c:133 [inline]
> | BUG: KASAN: invalid-access in setup_arch+0x984/0xd60 arch/arm64/kernel/setup.c:356
> | Write of size 4 at addr 03ff800086867e00 by task swapper/0
> | Pointer tag: [03], memory tag: [fe]
>
> Initial triage indicates that the report is a false positive and a
> thorough investigation of the crash by Mark Rutland revealed the root
> cause to be a bug in GCC:
>
> > When GCC is passed `-fsanitize=hwaddress` or
> > `-fsanitize=kernel-hwaddress` it ignores
> > `__attribute__((no_sanitize_address))`, and instruments functions
> > we require are not instrumented.
> >
> > [...]
> >
> > All versions [of GCC] I tried were broken, from 11.3.0 to 14.2.0
> > inclusive.
> >
> > I think we have to disable KASAN_SW_TAGS with GCC until this is
> > fixed
>
> Disable Software Tag-Based KASAN when building with GCC by making
> CC_HAS_KASAN_SW_TAGS depend on !CC_IS_GCC.
>
> Cc: Andrey Konovalov <andreyknvl@gmail.com>
> Suggested-by: Mark Rutland <mark.rutland@arm.com>
> Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com
> Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com
> Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854
> Signed-off-by: Will Deacon <will@kernel.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Thanks for putting a patch together!
Mark.
> ---
> lib/Kconfig.kasan | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> While sweeping up pending fixes and open bug reports, I noticed this one
> had slipped through the cracks...
>
> diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
> index 98016e137b7f..233ab2096924 100644
> --- a/lib/Kconfig.kasan
> +++ b/lib/Kconfig.kasan
> @@ -22,8 +22,11 @@ config ARCH_DISABLE_KASAN_INLINE
> config CC_HAS_KASAN_GENERIC
> def_bool $(cc-option, -fsanitize=kernel-address)
>
> +# GCC appears to ignore no_sanitize_address when -fsanitize=kernel-hwaddress
> +# is passed. See https://bugzilla.kernel.org/show_bug.cgi?id=218854 (and
> +# the linked LKML thread) for more details.
> config CC_HAS_KASAN_SW_TAGS
> - def_bool $(cc-option, -fsanitize=kernel-hwaddress)
> + def_bool !CC_IS_GCC && $(cc-option, -fsanitize=kernel-hwaddress)
>
> # This option is only required for software KASAN modes.
> # Old GCC versions do not have proper support for no_sanitize_address.
> @@ -98,7 +101,7 @@ config KASAN_SW_TAGS
> help
> Enables Software Tag-Based KASAN.
>
> - Requires GCC 11+ or Clang.
> + Requires Clang.
>
> Supported only on arm64 CPUs and relies on Top Byte Ignore.
>
> --
> 2.47.0.rc1.288.g06298d1525-goog
>
next prev parent reply other threads:[~2024-10-14 16:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-14 16:11 [PATCH] kasan: Disable Software Tag-Based KASAN with GCC Will Deacon
2024-10-14 16:25 ` Mark Rutland [this message]
2024-10-14 18:30 ` Andrey Konovalov
2024-10-15 12:39 ` Will Deacon
2024-10-18 8:37 ` Marco Elver
2024-10-18 20:25 ` Andrey Konovalov
2024-10-18 20:30 ` Marco Elver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zw1GCeNTnbbHE_Bb@J2N7QTR9R3 \
--to=mark.rutland@arm.com \
--cc=andreyknvl@gmail.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ryabinin.a.a@gmail.com \
--cc=syzbot+908886656a02769af987@syzkaller.appspotmail.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).