[PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled
@ 2025-08-01  9:28 Yeoreum Yun
  2025-08-01  9:38 ` Thomas Weißschuh
  2025-08-01 10:30 ` Andrey Konovalov
  0 siblings, 2 replies; 5+ messages in thread
From: Yeoreum Yun @ 2025-08-01  9:28 UTC (permalink / raw)
  To: thomas.weissschuh, ryabinin.a.a, glider, andreyknvl, dvyukov,
	vincenzo.frascino, akpm
  Cc: kasan-dev, linux-mm, linux-kernel, Yeoreum Yun

When CONFIG_FORTIFY_SOURCE is enabled, invalid access from source
triggers __fortify_panic() which kills running task.

This makes failured of kasan_strings() kunit testcase since the
kunit-try-cacth kthread running kasan_string() dies before checking the
fault.

To address this, add define for __NO_FORTIFY for kasan kunit test.

Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
---
 mm/kasan/Makefile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
index dd93ae8a6beb..b70d76c167ca 100644
--- a/mm/kasan/Makefile
+++ b/mm/kasan/Makefile
@@ -44,6 +44,10 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
 CFLAGS_KASAN_TEST += -fno-builtin
 endif

+ifdef CONFIG_FORTIFY_SOURCE
+CFLAGS_KASAN_TEST += -D__NO_FORTIFY
+endif
+
 CFLAGS_REMOVE_kasan_test_c.o += $(call cc-option, -Wvla-larger-than=1)
 CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST)
 RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN)
--
LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled
  2025-08-01  9:28 [PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled Yeoreum Yun
@ 2025-08-01  9:38 ` Thomas Weißschuh
  2025-08-01  9:47   ` Yeoreum Yun
  2025-08-01 10:30 ` Andrey Konovalov
  1 sibling, 1 reply; 5+ messages in thread
From: Thomas Weißschuh @ 2025-08-01  9:38 UTC (permalink / raw)
  To: Yeoreum Yun
  Cc: ryabinin.a.a, glider, andreyknvl, dvyukov, vincenzo.frascino,
	akpm, kasan-dev, linux-mm, linux-kernel

On Fri, Aug 01, 2025 at 10:28:05AM +0100, Yeoreum Yun wrote:
> When CONFIG_FORTIFY_SOURCE is enabled, invalid access from source
> triggers __fortify_panic() which kills running task.
> 
> This makes failured of kasan_strings() kunit testcase since the
> kunit-try-cacth kthread running kasan_string() dies before checking the
> fault.

"makes failured" sounds wrong. Maybe this?

"This interferes with kasan_strings(), as CONFIG_FORTIFY_SOURCE will trigger
and kill the test before KASAN can react."

> To address this, add define for __NO_FORTIFY for kasan kunit test.

"To address this" is superfluous. Maybe this?
"Disable CONFIG_FORTIFY_SOURCE through __NO_FORTIFY for the kasan kunit test to
remove the interference."

> 
> Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
> ---

Missing link and changelog to v1.

>  mm/kasan/Makefile | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
> index dd93ae8a6beb..b70d76c167ca 100644
> --- a/mm/kasan/Makefile
> +++ b/mm/kasan/Makefile
> @@ -44,6 +44,10 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
>  CFLAGS_KASAN_TEST += -fno-builtin
>  endif
> 
> +ifdef CONFIG_FORTIFY_SOURCE
> +CFLAGS_KASAN_TEST += -D__NO_FORTIFY
> +endif

The ifdef is unnecessary. If CONFIG_FORITY_SOURCE is not enabled, the define
will be a no-op. This also matches other uses of __NO_FORTIFY.

> +
>  CFLAGS_REMOVE_kasan_test_c.o += $(call cc-option, -Wvla-larger-than=1)
>  CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST)
>  RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN)
> --
> LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}
> 


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled
  2025-08-01  9:38 ` Thomas Weißschuh
@ 2025-08-01  9:47   ` Yeoreum Yun
  0 siblings, 0 replies; 5+ messages in thread
From: Yeoreum Yun @ 2025-08-01  9:47 UTC (permalink / raw)
  To: Thomas Weißschuh
  Cc: ryabinin.a.a, glider, andreyknvl, dvyukov, vincenzo.frascino,
	akpm, kasan-dev, linux-mm, linux-kernel

Hi,

> On Fri, Aug 01, 2025 at 10:28:05AM +0100, Yeoreum Yun wrote:
> > When CONFIG_FORTIFY_SOURCE is enabled, invalid access from source
> > triggers __fortify_panic() which kills running task.
> >
> > This makes failured of kasan_strings() kunit testcase since the
> > kunit-try-cacth kthread running kasan_string() dies before checking the
> > fault.
>
> "makes failured" sounds wrong. Maybe this?
>
> "This interferes with kasan_strings(), as CONFIG_FORTIFY_SOURCE will trigger
> and kill the test before KASAN can react."
>
> > To address this, add define for __NO_FORTIFY for kasan kunit test.
>
> "To address this" is superfluous. Maybe this?
> "Disable CONFIG_FORTIFY_SOURCE through __NO_FORTIFY for the kasan kunit test to
> remove the interference."

Sorry. I'll refine the commit message with your suggestion.
Thanks

>
> >
> > Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
> > ---
>
> Missing link and changelog to v1.

Right. I'll add

>
> >  mm/kasan/Makefile | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
> > index dd93ae8a6beb..b70d76c167ca 100644
> > --- a/mm/kasan/Makefile
> > +++ b/mm/kasan/Makefile
> > @@ -44,6 +44,10 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
> >  CFLAGS_KASAN_TEST += -fno-builtin
> >  endif
> >
> > +ifdef CONFIG_FORTIFY_SOURCE
> > +CFLAGS_KASAN_TEST += -D__NO_FORTIFY
> > +endif
>
> The ifdef is unnecessary. If CONFIG_FORITY_SOURCE is not enabled, the define
> will be a no-op. This also matches other uses of __NO_FORTIFY.

Right. However, it would be good to specify a relationship between
the define and configuration.
So, some usage of __NO_FORTIFY in Makefile using this pattern
(i.e) arch/riscv.

If you don't mind, I remain as it is.

Am I missing something?

Thanks.

[...]
--
Sincerely,
Yeoreum Yun


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled
  2025-08-01  9:28 [PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled Yeoreum Yun
  2025-08-01  9:38 ` Thomas Weißschuh
@ 2025-08-01 10:30 ` Andrey Konovalov
  2025-08-01 11:59   ` Yeoreum Yun
  1 sibling, 1 reply; 5+ messages in thread
From: Andrey Konovalov @ 2025-08-01 10:30 UTC (permalink / raw)
  To: Yeoreum Yun
  Cc: thomas.weissschuh, ryabinin.a.a, glider, dvyukov,
	vincenzo.frascino, akpm, kasan-dev, linux-mm, linux-kernel

On Fri, Aug 1, 2025 at 11:28 AM Yeoreum Yun <yeoreum.yun@arm.com> wrote:
>
> When CONFIG_FORTIFY_SOURCE is enabled, invalid access from source
> triggers __fortify_panic() which kills running task.
>
> This makes failured of kasan_strings() kunit testcase since the
> kunit-try-cacth kthread running kasan_string() dies before checking the
> fault.
>
> To address this, add define for __NO_FORTIFY for kasan kunit test.
>
> Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
> ---
>  mm/kasan/Makefile | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
> index dd93ae8a6beb..b70d76c167ca 100644
> --- a/mm/kasan/Makefile
> +++ b/mm/kasan/Makefile
> @@ -44,6 +44,10 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
>  CFLAGS_KASAN_TEST += -fno-builtin
>  endif
>
> +ifdef CONFIG_FORTIFY_SOURCE
> +CFLAGS_KASAN_TEST += -D__NO_FORTIFY
> +endif

We should be able to use OPTIMIZER_HIDE_VAR() to deal with this
instead; see commits b2325bf860fa and 09c6304e38e4.

> +
>  CFLAGS_REMOVE_kasan_test_c.o += $(call cc-option, -Wvla-larger-than=1)
>  CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST)
>  RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN)
> --
> LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}
>


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled
  2025-08-01 10:30 ` Andrey Konovalov
@ 2025-08-01 11:59   ` Yeoreum Yun
  0 siblings, 0 replies; 5+ messages in thread
From: Yeoreum Yun @ 2025-08-01 11:59 UTC (permalink / raw)
  To: Andrey Konovalov
  Cc: thomas.weissschuh, ryabinin.a.a, glider, dvyukov,
	vincenzo.frascino, akpm, kasan-dev, linux-mm, linux-kernel

Hi Andrey,

> >
> > When CONFIG_FORTIFY_SOURCE is enabled, invalid access from source
> > triggers __fortify_panic() which kills running task.
> >
> > This makes failured of kasan_strings() kunit testcase since the
> > kunit-try-cacth kthread running kasan_string() dies before checking the
> > fault.
> >
> > To address this, add define for __NO_FORTIFY for kasan kunit test.
> >
> > Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
> > ---
> >  mm/kasan/Makefile | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
> > index dd93ae8a6beb..b70d76c167ca 100644
> > --- a/mm/kasan/Makefile
> > +++ b/mm/kasan/Makefile
> > @@ -44,6 +44,10 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
> >  CFLAGS_KASAN_TEST += -fno-builtin
> >  endif
> >
> > +ifdef CONFIG_FORTIFY_SOURCE
> > +CFLAGS_KASAN_TEST += -D__NO_FORTIFY
> > +endif
>
> We should be able to use OPTIMIZER_HIDE_VAR() to deal with this
> instead; see commits b2325bf860fa and 09c6304e38e4.

Thanks for sharing this!
I'll update the patch!

--
Sincerely,
Yeoreum Yun


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-08-01 12:00 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-01  9:28 [PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled Yeoreum Yun
2025-08-01  9:38 ` Thomas Weißschuh
2025-08-01  9:47   ` Yeoreum Yun
2025-08-01 10:30 ` Andrey Konovalov
2025-08-01 11:59   ` Yeoreum Yun

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).