Bug 218854

Summary: KASAN (sw-tags): multiple issues with GCC 13
Product: Memory Management Reporter: Andrey Konovalov (andreyknvl)
Component: SanitizersAssignee: MM/Sanitizers virtual assignee (mm_sanitizers)
Status: NEW ---    
Severity: normal CC: kasan-dev, pageexec, pinskia, sam
Priority: P3    
Hardware: All   
OS: Linux   
Kernel Version: Subsystem:
Regression: No Bisected commit-id:
Attachments: .config

Description Andrey Konovalov 2024-05-18 13:03:46 UTC 
Created attachment 306305 [details]
.config

Noticed a few issues when running Software Tag-Based KASAN with GCC 13:

1. There's a boot-time KASAN report coming from smp_build_mpidr_hash. The code looks legit, so it's likely either a compiler bug or missing KASAN annotations.

2. The kmalloc_memmove_negative_size KASAN Kunit test hangs. Also either a compiler bug or some missing annotations related to CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX.

3. With CONFIG_FORTIFY_SOURCE enabled (and [1] applied to pass memmove/memset/memcpy tests), kasan_strings tests fails.  Might also be a compiler issue.

Both Clang + KASAN_SW_TAGS and GCC 13 + KASAN_GENERIC combinations work fine.

.config for reproducing is attached. For #3, also enable CONFIG_FORTIFY_SOURCE.

[1] https://lore.kernel.org/linux-mm/20240517130118.759301-1-andrey.konovalov@linux.dev/T/#u
Comment 1 Andrey Konovalov 2024-09-23 20:07:41 UTC 
Mark Rutland posted a detailed analysis for issue #1: https://lore.kernel.org/all/ZvFGwKfoC4yVjN_X@J2N7QTR9R3/
Comment 2 Andrew Thomas Pinski 2024-10-18 01:20:23 UTC 
"    I believe this is a compiler bug, as there doesn't seem to be a
    separate attribute to prevent instrumentation in this mode.
"
At least the above is not true.
`__attribute__((no_sanitize("hwaddress")))` and `__attribute__((no_sanitize("kernel-hwaddress")))`

Turns off hwasan for the function for GCC.
Comment 3 Andrew Thomas Pinski 2024-10-18 01:20:40 UTC 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117196
Comment 4 Andrey Konovalov 2024-11-20 16:40:37 UTC 
Issue #1 fixed with [1]. The rest still stand.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=894b00a3350c560990638bdf89bdf1f3d5491950