From: Breno Leitao <leitao@debian.org>
To: Justin Stitt <justinstitt@google.com>
Cc: kees@kernel.org, elver@google.com, andreyknvl@gmail.com,
ryabinin.a.a@gmail.com, kasan-dev@googlegroups.com,
linux-hardening@vger.kernel.org, axboe@kernel.dk,
asml.silence@gmail.com, netdev@vger.kernel.org
Subject: Re: UBSAN: annotation to skip sanitization in variable that will wrap
Date: Thu, 15 Aug 2024 10:58:56 -0700 [thread overview]
Message-ID: <Zr5B4Du+GTUVTFV9@gmail.com> (raw)
In-Reply-To: <CAFhGd8oowe7TwS88SU1ETJ1qvBP++MOL1iz3GrqNs+CDUhKbzg@mail.gmail.com>
Hello Justin,
On Wed, Aug 14, 2024 at 02:05:49PM -0700, Justin Stitt wrote:
> > I am seeing some signed-integer-overflow in percpu reference counters.
>
> it is brave of you to enable this sanitizer :>)
UBSAN has been somehow useful to pick some problems, so, I try to invest
some time understanding what UBSAN, and see how much it can help when
solving "unexpected" and misterious issues, which is something that
challenges me.
> > Is there a way to annotate the code to tell UBSAN that this overflow is
> > expected and it shouldn't be reported?
> Great question.
>
> 1) There exists some new-ish macros in overflow.h that perform
> wrapping arithmetic without triggering sanitizer splats -- check out
> the wrapping_* suite of macros.
do they work for atomic? I suppose we also need to have them added to
this_cpu_add(), this_cpu_sub() helpers.
> 2) I have a Clang attribute in the works [1] that would enable you to
> annotate expressions or types that are expected to wrap and will
> therefore silence arithmetic overflow/truncation sanitizers. If you
> think this could help make the kernel better then I'd appreciate a +1
> on that PR so it can get some more review from compiler people! Kees
> and I have some other Clang features in the works that will allow for
> better mitigation strategies for intended overflow in the kernel.
Thanks. I've added a +1 there.
next prev parent reply other threads:[~2024-08-15 17:59 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-14 17:10 UBSAN: annotation to skip sanitization in variable that will wrap Breno Leitao
2024-08-14 21:05 ` Justin Stitt
2024-08-15 16:20 ` Kees Cook
2024-08-15 17:58 ` Breno Leitao [this message]
2024-08-15 18:40 ` Jens Axboe
2024-08-16 19:47 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zr5B4Du+GTUVTFV9@gmail.com \
--to=leitao@debian.org \
--cc=andreyknvl@gmail.com \
--cc=asml.silence@gmail.com \
--cc=axboe@kernel.dk \
--cc=elver@google.com \
--cc=justinstitt@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=ryabinin.a.a@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).