lib/Kconfig.kasan | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
Syzbot reports a KASAN failure early during boot on arm64 when building
with GCC 12.2.0 and using the Software Tag-Based KASAN mode:
| BUG: KASAN: invalid-access in smp_build_mpidr_hash arch/arm64/kernel/setup.c:133 [inline]
| BUG: KASAN: invalid-access in setup_arch+0x984/0xd60 arch/arm64/kernel/setup.c:356
| Write of size 4 at addr 03ff800086867e00 by task swapper/0
| Pointer tag: [03], memory tag: [fe]
Initial triage indicates that the report is a false positive and a
thorough investigation of the crash by Mark Rutland revealed the root
cause to be a bug in GCC:
> When GCC is passed `-fsanitize=hwaddress` or
> `-fsanitize=kernel-hwaddress` it ignores
> `__attribute__((no_sanitize_address))`, and instruments functions
> we require are not instrumented.
>
> [...]
>
> All versions [of GCC] I tried were broken, from 11.3.0 to 14.2.0
> inclusive.
>
> I think we have to disable KASAN_SW_TAGS with GCC until this is
> fixed
Disable Software Tag-Based KASAN when building with GCC by making
CC_HAS_KASAN_SW_TAGS depend on !CC_IS_GCC.
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Suggested-by: Mark Rutland <mark.rutland@arm.com>
Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com
Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3
Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854
Signed-off-by: Will Deacon <will@kernel.org>
---
lib/Kconfig.kasan | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
While sweeping up pending fixes and open bug reports, I noticed this one
had slipped through the cracks...
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index 98016e137b7f..233ab2096924 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -22,8 +22,11 @@ config ARCH_DISABLE_KASAN_INLINE
config CC_HAS_KASAN_GENERIC
def_bool $(cc-option, -fsanitize=kernel-address)
+# GCC appears to ignore no_sanitize_address when -fsanitize=kernel-hwaddress
+# is passed. See https://bugzilla.kernel.org/show_bug.cgi?id=218854 (and
+# the linked LKML thread) for more details.
config CC_HAS_KASAN_SW_TAGS
- def_bool $(cc-option, -fsanitize=kernel-hwaddress)
+ def_bool !CC_IS_GCC && $(cc-option, -fsanitize=kernel-hwaddress)
# This option is only required for software KASAN modes.
# Old GCC versions do not have proper support for no_sanitize_address.
@@ -98,7 +101,7 @@ config KASAN_SW_TAGS
help
Enables Software Tag-Based KASAN.
- Requires GCC 11+ or Clang.
+ Requires Clang.
Supported only on arm64 CPUs and relies on Top Byte Ignore.
--
2.47.0.rc1.288.g06298d1525-googOn Mon, 14 Oct 2024 17:11:00 +0100, Will Deacon wrote:
> Syzbot reports a KASAN failure early during boot on arm64 when building
> with GCC 12.2.0 and using the Software Tag-Based KASAN mode:
>
> | BUG: KASAN: invalid-access in smp_build_mpidr_hash arch/arm64/kernel/setup.c:133 [inline]
> | BUG: KASAN: invalid-access in setup_arch+0x984/0xd60 arch/arm64/kernel/setup.c:356
> | Write of size 4 at addr 03ff800086867e00 by task swapper/0
> | Pointer tag: [03], memory tag: [fe]
>
> [...]
Applied to arm64 (for-next/fixes), thanks!
[1/1] kasan: Disable Software Tag-Based KASAN with GCC
https://git.kernel.org/arm64/c/7aed6a2c51ff
Cheers,
--
Will
https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev
On Tue, Oct 15, 2024 at 01:39PM +0100, 'Will Deacon' via kasan-dev wrote:
> On Mon, 14 Oct 2024 17:11:00 +0100, Will Deacon wrote:
> > Syzbot reports a KASAN failure early during boot on arm64 when building
> > with GCC 12.2.0 and using the Software Tag-Based KASAN mode:
> >
> > | BUG: KASAN: invalid-access in smp_build_mpidr_hash arch/arm64/kernel/setup.c:133 [inline]
> > | BUG: KASAN: invalid-access in setup_arch+0x984/0xd60 arch/arm64/kernel/setup.c:356
> > | Write of size 4 at addr 03ff800086867e00 by task swapper/0
> > | Pointer tag: [03], memory tag: [fe]
> >
> > [...]
>
> Applied to arm64 (for-next/fixes), thanks!
>
> [1/1] kasan: Disable Software Tag-Based KASAN with GCC
> https://git.kernel.org/arm64/c/7aed6a2c51ff
I do not think this is the right fix. Please see alternative below.
Please do double-check that the observed splat above is fixed with that.
Thanks,
-- Marco
------ >8 ------
From 23bd83dbff5a9778f34831ed292d5e52b4b0ee18 Mon Sep 17 00:00:00 2001
From: Marco Elver <elver@google.com>
Date: Fri, 18 Oct 2024 10:18:24 +0200
Subject: [PATCH] kasan: Fix Software Tag-Based KASAN with GCC
Per [1], -fsanitize=kernel-hwaddress with GCC currently does not disable
instrumentation in functions with __attribute__((no_sanitize_address)).
However, __attribute__((no_sanitize("hwaddress"))) does correctly
disable instrumentation. Use it instead.
Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117196 [1]
Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com
Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3
Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854
Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com
Cc: Andrew Pinski <pinskia@gmail.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Marco Elver <elver@google.com>
---
include/linux/compiler-gcc.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index f805adaa316e..cd6f9aae311f 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -80,7 +80,11 @@
#define __noscs __attribute__((__no_sanitize__("shadow-call-stack")))
#endif
+#ifdef __SANITIZE_HWADDRESS__
+#define __no_sanitize_address __attribute__((__no_sanitize__("hwaddress")))
+#else
#define __no_sanitize_address __attribute__((__no_sanitize_address__))
+#endif
#if defined(__SANITIZE_THREAD__)
#define __no_sanitize_thread __attribute__((__no_sanitize_thread__))
--
2.47.0.rc1.288.g06298d1525-goog
On Fri, Oct 18, 2024 at 10:37 AM Marco Elver <elver@google.com> wrote:
>
> > Applied to arm64 (for-next/fixes), thanks!
> >
> > [1/1] kasan: Disable Software Tag-Based KASAN with GCC
> > https://git.kernel.org/arm64/c/7aed6a2c51ff
>
> I do not think this is the right fix. Please see alternative below.
> Please do double-check that the observed splat above is fixed with that.
>
> Thanks,
> -- Marco
>
> ------ >8 ------
>
> From 23bd83dbff5a9778f34831ed292d5e52b4b0ee18 Mon Sep 17 00:00:00 2001
> From: Marco Elver <elver@google.com>
> Date: Fri, 18 Oct 2024 10:18:24 +0200
> Subject: [PATCH] kasan: Fix Software Tag-Based KASAN with GCC
>
> Per [1], -fsanitize=kernel-hwaddress with GCC currently does not disable
> instrumentation in functions with __attribute__((no_sanitize_address)).
>
> However, __attribute__((no_sanitize("hwaddress"))) does correctly
> disable instrumentation. Use it instead.
>
> Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117196 [1]
> Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com
> Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854
> Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com
> Cc: Andrew Pinski <pinskia@gmail.com>
> Cc: Andrey Konovalov <andreyknvl@gmail.com>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Cc: Will Deacon <will@kernel.org>
> Signed-off-by: Marco Elver <elver@google.com>
> ---
> include/linux/compiler-gcc.h | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
> index f805adaa316e..cd6f9aae311f 100644
> --- a/include/linux/compiler-gcc.h
> +++ b/include/linux/compiler-gcc.h
> @@ -80,7 +80,11 @@
> #define __noscs __attribute__((__no_sanitize__("shadow-call-stack")))
> #endif
>
> +#ifdef __SANITIZE_HWADDRESS__
> +#define __no_sanitize_address __attribute__((__no_sanitize__("hwaddress")))
> +#else
> #define __no_sanitize_address __attribute__((__no_sanitize_address__))
> +#endif
>
> #if defined(__SANITIZE_THREAD__)
> #define __no_sanitize_thread __attribute__((__no_sanitize_thread__))
> --
> 2.47.0.rc1.288.g06298d1525-goog
Tested the change, it does fix the boot-time issue #1 from [1], but #2
and #3 still exist.
However, perhaps, just fixing #1 is already good enough to do a revert
of the Will's patch - at least the kernel will boot without
false-positive reports.
But I would keep a note that SW_TAGS doesn't work well with GCC until
[1] is fully resolved.
Thanks!
[1] https://bugzilla.kernel.org/show_bug.cgi?id=218854
On Fri, 18 Oct 2024 at 22:25, Andrey Konovalov <andreyknvl@gmail.com> wrote:
>
> On Fri, Oct 18, 2024 at 10:37 AM Marco Elver <elver@google.com> wrote:
> >
> > > Applied to arm64 (for-next/fixes), thanks!
> > >
> > > [1/1] kasan: Disable Software Tag-Based KASAN with GCC
> > > https://git.kernel.org/arm64/c/7aed6a2c51ff
> >
> > I do not think this is the right fix. Please see alternative below.
> > Please do double-check that the observed splat above is fixed with that.
> >
> > Thanks,
> > -- Marco
> >
> > ------ >8 ------
> >
> > From 23bd83dbff5a9778f34831ed292d5e52b4b0ee18 Mon Sep 17 00:00:00 2001
> > From: Marco Elver <elver@google.com>
> > Date: Fri, 18 Oct 2024 10:18:24 +0200
> > Subject: [PATCH] kasan: Fix Software Tag-Based KASAN with GCC
> >
> > Per [1], -fsanitize=kernel-hwaddress with GCC currently does not disable
> > instrumentation in functions with __attribute__((no_sanitize_address)).
> >
> > However, __attribute__((no_sanitize("hwaddress"))) does correctly
> > disable instrumentation. Use it instead.
> >
> > Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117196 [1]
> > Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com
> > Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3
> > Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854
> > Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com
> > Cc: Andrew Pinski <pinskia@gmail.com>
> > Cc: Andrey Konovalov <andreyknvl@gmail.com>
> > Cc: Mark Rutland <mark.rutland@arm.com>
> > Cc: Will Deacon <will@kernel.org>
> > Signed-off-by: Marco Elver <elver@google.com>
> > ---
> > include/linux/compiler-gcc.h | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
> > index f805adaa316e..cd6f9aae311f 100644
> > --- a/include/linux/compiler-gcc.h
> > +++ b/include/linux/compiler-gcc.h
> > @@ -80,7 +80,11 @@
> > #define __noscs __attribute__((__no_sanitize__("shadow-call-stack")))
> > #endif
> >
> > +#ifdef __SANITIZE_HWADDRESS__
> > +#define __no_sanitize_address __attribute__((__no_sanitize__("hwaddress")))
> > +#else
> > #define __no_sanitize_address __attribute__((__no_sanitize_address__))
> > +#endif
> >
> > #if defined(__SANITIZE_THREAD__)
> > #define __no_sanitize_thread __attribute__((__no_sanitize_thread__))
> > --
> > 2.47.0.rc1.288.g06298d1525-goog
>
> Tested the change, it does fix the boot-time issue #1 from [1], but #2
> and #3 still exist.
Thanks for testing.
AFAIK #2 and #3 look like false negatives, which are tolerable (not
great, but it does not cause serious issues).
> However, perhaps, just fixing #1 is already good enough to do a revert
> of the Will's patch - at least the kernel will boot without
> false-positive reports.
>
> But I would keep a note that SW_TAGS doesn't work well with GCC until
> [1] is fully resolved.
>
> Thanks!
>
> [1] https://bugzilla.kernel.org/show_bug.cgi?id=218854
On Mon, Oct 14, 2024 at 6:11 PM Will Deacon <will@kernel.org> wrote: > > Syzbot reports a KASAN failure early during boot on arm64 when building > with GCC 12.2.0 and using the Software Tag-Based KASAN mode: > > | BUG: KASAN: invalid-access in smp_build_mpidr_hash arch/arm64/kernel/setup.c:133 [inline] > | BUG: KASAN: invalid-access in setup_arch+0x984/0xd60 arch/arm64/kernel/setup.c:356 > | Write of size 4 at addr 03ff800086867e00 by task swapper/0 > | Pointer tag: [03], memory tag: [fe] > > Initial triage indicates that the report is a false positive and a > thorough investigation of the crash by Mark Rutland revealed the root > cause to be a bug in GCC: > > > When GCC is passed `-fsanitize=hwaddress` or > > `-fsanitize=kernel-hwaddress` it ignores > > `__attribute__((no_sanitize_address))`, and instruments functions > > we require are not instrumented. > > > > [...] > > > > All versions [of GCC] I tried were broken, from 11.3.0 to 14.2.0 > > inclusive. > > > > I think we have to disable KASAN_SW_TAGS with GCC until this is > > fixed > > Disable Software Tag-Based KASAN when building with GCC by making > CC_HAS_KASAN_SW_TAGS depend on !CC_IS_GCC. > > Cc: Andrey Konovalov <andreyknvl@gmail.com> > Suggested-by: Mark Rutland <mark.rutland@arm.com> > Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com > Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com > Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3 > Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854 > Signed-off-by: Will Deacon <will@kernel.org> > --- > lib/Kconfig.kasan | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > While sweeping up pending fixes and open bug reports, I noticed this one > had slipped through the cracks... > > diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan > index 98016e137b7f..233ab2096924 100644 > --- a/lib/Kconfig.kasan > +++ b/lib/Kconfig.kasan > @@ -22,8 +22,11 @@ config ARCH_DISABLE_KASAN_INLINE > config CC_HAS_KASAN_GENERIC > def_bool $(cc-option, -fsanitize=kernel-address) > > +# GCC appears to ignore no_sanitize_address when -fsanitize=kernel-hwaddress > +# is passed. See https://bugzilla.kernel.org/show_bug.cgi?id=218854 (and > +# the linked LKML thread) for more details. > config CC_HAS_KASAN_SW_TAGS > - def_bool $(cc-option, -fsanitize=kernel-hwaddress) > + def_bool !CC_IS_GCC && $(cc-option, -fsanitize=kernel-hwaddress) > > # This option is only required for software KASAN modes. > # Old GCC versions do not have proper support for no_sanitize_address. > @@ -98,7 +101,7 @@ config KASAN_SW_TAGS > help > Enables Software Tag-Based KASAN. > > - Requires GCC 11+ or Clang. > + Requires Clang. > > Supported only on arm64 CPUs and relies on Top Byte Ignore. > > -- > 2.47.0.rc1.288.g06298d1525-goog > Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com> Thank you!
On Mon, Oct 14, 2024 at 05:11:00PM +0100, Will Deacon wrote: > Syzbot reports a KASAN failure early during boot on arm64 when building > with GCC 12.2.0 and using the Software Tag-Based KASAN mode: > > | BUG: KASAN: invalid-access in smp_build_mpidr_hash arch/arm64/kernel/setup.c:133 [inline] > | BUG: KASAN: invalid-access in setup_arch+0x984/0xd60 arch/arm64/kernel/setup.c:356 > | Write of size 4 at addr 03ff800086867e00 by task swapper/0 > | Pointer tag: [03], memory tag: [fe] > > Initial triage indicates that the report is a false positive and a > thorough investigation of the crash by Mark Rutland revealed the root > cause to be a bug in GCC: > > > When GCC is passed `-fsanitize=hwaddress` or > > `-fsanitize=kernel-hwaddress` it ignores > > `__attribute__((no_sanitize_address))`, and instruments functions > > we require are not instrumented. > > > > [...] > > > > All versions [of GCC] I tried were broken, from 11.3.0 to 14.2.0 > > inclusive. > > > > I think we have to disable KASAN_SW_TAGS with GCC until this is > > fixed > > Disable Software Tag-Based KASAN when building with GCC by making > CC_HAS_KASAN_SW_TAGS depend on !CC_IS_GCC. > > Cc: Andrey Konovalov <andreyknvl@gmail.com> > Suggested-by: Mark Rutland <mark.rutland@arm.com> > Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com > Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com > Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3 > Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854 > Signed-off-by: Will Deacon <will@kernel.org> Acked-by: Mark Rutland <mark.rutland@arm.com> Thanks for putting a patch together! Mark. > --- > lib/Kconfig.kasan | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > While sweeping up pending fixes and open bug reports, I noticed this one > had slipped through the cracks... > > diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan > index 98016e137b7f..233ab2096924 100644 > --- a/lib/Kconfig.kasan > +++ b/lib/Kconfig.kasan > @@ -22,8 +22,11 @@ config ARCH_DISABLE_KASAN_INLINE > config CC_HAS_KASAN_GENERIC > def_bool $(cc-option, -fsanitize=kernel-address) > > +# GCC appears to ignore no_sanitize_address when -fsanitize=kernel-hwaddress > +# is passed. See https://bugzilla.kernel.org/show_bug.cgi?id=218854 (and > +# the linked LKML thread) for more details. > config CC_HAS_KASAN_SW_TAGS > - def_bool $(cc-option, -fsanitize=kernel-hwaddress) > + def_bool !CC_IS_GCC && $(cc-option, -fsanitize=kernel-hwaddress) > > # This option is only required for software KASAN modes. > # Old GCC versions do not have proper support for no_sanitize_address. > @@ -98,7 +101,7 @@ config KASAN_SW_TAGS > help > Enables Software Tag-Based KASAN. > > - Requires GCC 11+ or Clang. > + Requires Clang. > > Supported only on arm64 CPUs and relies on Top Byte Ignore. > > -- > 2.47.0.rc1.288.g06298d1525-goog >
© 2016 - 2026 Red Hat, Inc.