From: Kees Cook <keescook@chromium.org>
To: David Gow <davidgow@google.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] kunit/fortify: Validate __alloc_size attribute results
Date: Tue, 18 Oct 2022 22:45:05 -0700 [thread overview]
Message-ID: <202210182237.C65BCCE2@keescook> (raw)
In-Reply-To: <CABVgOSneaxVgAQH=bN0pxOkN3irtpYVwFhPhNJRoyTcRfEoWhQ@mail.gmail.com>
On Wed, Oct 19, 2022 at 11:35:40AM +0800, David Gow wrote:
> On Tue, Oct 18, 2022 at 4:27 PM Kees Cook <keescook@chromium.org> wrote:
> >
> > Validate the effect of the __alloc_size attribute on allocators. If the
> > compiler doesn't support __builtin_dynamic_object_size(), skip the test.
> >
> > Cc: linux-hardening@vger.kernel.org
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > ---
> > To pass this depends on the following patches:
> > https://lore.kernel.org/lkml/20221018073430.never.551-kees@kernel.org/
> > https://lore.kernel.org/lkml/20221018082232.never.213-kees@kernel.org/
> > To not be skipped, either GCC 12 or Clang is needed.
> > ---
>
> While this _looks_ good, I can't actually get the tests to pass on my
> machine, with the following all having a
> __builtin_dynamic_object_size() of -1:
> - kmalloc_node(size++, gfp, NUMA_NO_NODE)
> - kzalloc(size++, gfp)
> - kzalloc_node(size++, gfp, NUMA_NO_NODE)
> - kcalloc(1, size++, gfp)
> - kcalloc_node(1, size++, gfp, NUMA_NO_NODE)
> - kmalloc_array(1, size++, gfp)
> - kmalloc_array_node(1, size++, gfp, NUMA_NO_NODE)
>
> I've been using the following command to run the tests:
> ./tools/testing/kunit/kunit.py run --kconfig_add CONFIG_FORTIFY_SOURCE=y
>
> And I've also tried it on x86_64 and arm64 under qemu, with both gcc
> 12.2.0 and clang 14.0.6-2, with the same failures.
>
> Is there a dependency somewhere I've missed? (I've tried it on the
> ksefltest/kunit branch, with the mentioned dependencies applied, and
> also on your for-next/hardening branch, with the missing patches
> applied.)
I would expect this to pass with v6.1-rc1 when used with the above two
patches added, but it seems those _did_ pass, but not the k*alloc()
helpers for you? That is curious. Here's my testing:
$ ./tools/testing/kunit/kunit.py run --arch x86_64 \
--kconfig_add CONFIG_FORTIFY_SOURCE=y --make_options LLVM=1 fortify
...
[22:43:32] =================== fortify (3 subtests) ===================
[22:43:32] [PASSED] known_sizes_test
[22:43:32] [PASSED] control_flow_split_test
[22:43:32] [PASSED] alloc_size_test
[22:43:32] ===================== [PASSED] fortify =====================
[22:43:32] ============================================================
[22:43:32] Testing complete. Ran 3 tests: passed: 3
[22:43:32] Elapsed time: 33.210s total, 3.369s configuring, 28.367s
building, 0.799s running
$ clang --version
ClangBuiltLinux clang version 16.0.0 (https://github.com/llvm/llvm-project.git 3291eac12340f465084f347720d99352241f621c)
--
Kees Cook
next prev parent reply other threads:[~2022-10-19 5:45 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-18 8:27 [PATCH] kunit/fortify: Validate __alloc_size attribute results Kees Cook
2022-10-19 3:35 ` David Gow
2022-10-19 5:45 ` Kees Cook [this message]
2022-10-19 6:29 ` David Gow
2022-11-01 22:04 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202210182237.C65BCCE2@keescook \
--to=keescook@chromium.org \
--cc=davidgow@google.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox