Bug 214055 - KASAN: add atomic tests
Summary: KASAN: add atomic tests
Alias: None
Product: Memory Management
Classification: Unclassified
Component: Sanitizers (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: MM/Sanitizers virtual assignee
Depends on:
Reported: 2021-08-12 13:00 UTC by Andrey Konovalov
Modified: 2024-04-10 09:00 UTC (History)
3 users (show)

See Also:
Kernel Version: upstream
Regression: No
Bisected commit-id:

[PATCH RFC] kasan: add atomic tests (2.83 KB, patch)
2024-01-29 11:24 UTC, Paul Heidekrüger
Details | Diff

Description Andrey Konovalov 2021-08-12 13:00:59 UTC
KASAN uses annotations (see include/linux/instrumented.h) for atomic operations instead of compiler instrumentation. It makes sense to add tests to check that KASAN can detect bad atomic accesses.
Comment 1 Paul Heidekrüger 2023-11-13 18:26:23 UTC
FYI, I'm looking into this.
Comment 2 Paul Heidekrüger 2024-01-29 11:24:13 UTC
Created attachment 305788 [details]
[PATCH RFC] kasan: add atomic tests

Here's a first draft for implementing kasan tests. Is this along the lines of what you had in mind?

I am unsure as to how extensive the tests should be. For instance, do I need to differentiate between the different KASan modes here?

What do you think?

Many thanks,
Comment 3 Marco Elver 2024-01-29 14:21:44 UTC
> [PATCH RFC] kasan: add atomic tests

Looks pretty good. Some comments:

- It's unclear this test will work for tag-based KASAN (CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_HW_TAGS, i.e. Arm TBI or MTE based KASAN). If you can't verify that (e.g. by building an arm64 KASAN_SW_TAGS kernel and booting it in qemu), add the KASAN_TEST_NEEDS_CONFIG_ON(...) like in the kasan_bitops_generic() test. In that case, you also might want to rename the test to kasan_atomics_generic(), since it only works in KASAN generic mode (and is untested for tags modes).

- I think there's no need to say in code comments it's based on kasan_bitops_generic(). Instead maybe just move it closer to that test (perhaps right under the last bitops test), so that the file remains (relatively) organized.

-- Marco
Comment 4 Andrey Konovalov 2024-01-29 20:42:26 UTC
Looks like a good start!

For the operations that touch two memory areas, we should check that KASAN detects bad accesses through both pointers. I.e. call the operation twice, both times with one good and one bad address.

Please also add tests for READ_ONCE, WRITE_ONCE, smp_load_acquire, and smp_store_release (is there something else like that?).

There are also atomic64_* and other atomic operations not prefixed with atomic_ listed in include/linux/atomic/atomic-instrumented.h, but I'm not sure if it makes sense to add tests for them, as there's quite a lot of them.

I also second Marco's comments. I expect that the test should work as is with the tag-based modes without issues.

Please mail the patch on the list - it'll be easier to review it there.

Comment 5 Andrey Konovalov 2024-04-10 09:00:37 UTC
Resolved with [1] by Paul. Thank you!

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4e76c8cc3378a20923965e3345f40f6b8ae0bdba

Note You need to log in before you can comment on or make changes to this bug.