1. Patchew
  2. linux
  3. View series

[PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled

Yeoreum Yun posted 1 patch 2 months ago 
mm/kasan/Makefile | 4 ++++
1 file changed, 4 insertions(+)
[PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled
Posted by Yeoreum Yun 2 months ago 
When CONFIG_FORTIFY_SOURCE is enabled, invalid access from source
triggers __fortify_panic() which kills running task.

This makes failured of kasan_strings() kunit testcase since the
kunit-try-cacth kthread running kasan_string() dies before checking the
fault.

To address this, add define for __NO_FORTIFY for kasan kunit test.

Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
---
 mm/kasan/Makefile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
index dd93ae8a6beb..b70d76c167ca 100644
--- a/mm/kasan/Makefile
+++ b/mm/kasan/Makefile
@@ -44,6 +44,10 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
 CFLAGS_KASAN_TEST += -fno-builtin
 endif

+ifdef CONFIG_FORTIFY_SOURCE
+CFLAGS_KASAN_TEST += -D__NO_FORTIFY
+endif
+
 CFLAGS_REMOVE_kasan_test_c.o += $(call cc-option, -Wvla-larger-than=1)
 CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST)
 RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN)
--
LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}
Re: [PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled
Posted by Thomas Weißschuh 2 months ago 
On Fri, Aug 01, 2025 at 10:28:05AM +0100, Yeoreum Yun wrote:
> When CONFIG_FORTIFY_SOURCE is enabled, invalid access from source
> triggers __fortify_panic() which kills running task.
> 
> This makes failured of kasan_strings() kunit testcase since the
> kunit-try-cacth kthread running kasan_string() dies before checking the
> fault.

"makes failured" sounds wrong. Maybe this?

"This interferes with kasan_strings(), as CONFIG_FORTIFY_SOURCE will trigger
and kill the test before KASAN can react."

> To address this, add define for __NO_FORTIFY for kasan kunit test.

"To address this" is superfluous. Maybe this?
"Disable CONFIG_FORTIFY_SOURCE through __NO_FORTIFY for the kasan kunit test to
remove the interference."

> 
> Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
> ---

Missing link and changelog to v1.

>  mm/kasan/Makefile | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
> index dd93ae8a6beb..b70d76c167ca 100644
> --- a/mm/kasan/Makefile
> +++ b/mm/kasan/Makefile
> @@ -44,6 +44,10 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
>  CFLAGS_KASAN_TEST += -fno-builtin
>  endif
> 
> +ifdef CONFIG_FORTIFY_SOURCE
> +CFLAGS_KASAN_TEST += -D__NO_FORTIFY
> +endif

The ifdef is unnecessary. If CONFIG_FORITY_SOURCE is not enabled, the define
will be a no-op. This also matches other uses of __NO_FORTIFY.

> +
>  CFLAGS_REMOVE_kasan_test_c.o += $(call cc-option, -Wvla-larger-than=1)
>  CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST)
>  RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN)
> --
> LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}
>
Re: [PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled
Posted by Yeoreum Yun 2 months ago 
Hi,

> On Fri, Aug 01, 2025 at 10:28:05AM +0100, Yeoreum Yun wrote:
> > When CONFIG_FORTIFY_SOURCE is enabled, invalid access from source
> > triggers __fortify_panic() which kills running task.
> >
> > This makes failured of kasan_strings() kunit testcase since the
> > kunit-try-cacth kthread running kasan_string() dies before checking the
> > fault.
>
> "makes failured" sounds wrong. Maybe this?
>
> "This interferes with kasan_strings(), as CONFIG_FORTIFY_SOURCE will trigger
> and kill the test before KASAN can react."
>
> > To address this, add define for __NO_FORTIFY for kasan kunit test.
>
> "To address this" is superfluous. Maybe this?
> "Disable CONFIG_FORTIFY_SOURCE through __NO_FORTIFY for the kasan kunit test to
> remove the interference."

Sorry. I'll refine the commit message with your suggestion.
Thanks

>
> >
> > Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
> > ---
>
> Missing link and changelog to v1.

Right. I'll add

>
> >  mm/kasan/Makefile | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
> > index dd93ae8a6beb..b70d76c167ca 100644
> > --- a/mm/kasan/Makefile
> > +++ b/mm/kasan/Makefile
> > @@ -44,6 +44,10 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
> >  CFLAGS_KASAN_TEST += -fno-builtin
> >  endif
> >
> > +ifdef CONFIG_FORTIFY_SOURCE
> > +CFLAGS_KASAN_TEST += -D__NO_FORTIFY
> > +endif
>
> The ifdef is unnecessary. If CONFIG_FORITY_SOURCE is not enabled, the define
> will be a no-op. This also matches other uses of __NO_FORTIFY.

Right. However, it would be good to specify a relationship between
the define and configuration.
So, some usage of __NO_FORTIFY in Makefile using this pattern
(i.e) arch/riscv.

If you don't mind, I remain as it is.

Am I missing something?

Thanks.

[...]
--
Sincerely,
Yeoreum Yun
Re: [PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled
Posted by Andrey Konovalov 2 months ago 
On Fri, Aug 1, 2025 at 11:28 AM Yeoreum Yun <yeoreum.yun@arm.com> wrote:
>
> When CONFIG_FORTIFY_SOURCE is enabled, invalid access from source
> triggers __fortify_panic() which kills running task.
>
> This makes failured of kasan_strings() kunit testcase since the
> kunit-try-cacth kthread running kasan_string() dies before checking the
> fault.
>
> To address this, add define for __NO_FORTIFY for kasan kunit test.
>
> Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
> ---
>  mm/kasan/Makefile | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
> index dd93ae8a6beb..b70d76c167ca 100644
> --- a/mm/kasan/Makefile
> +++ b/mm/kasan/Makefile
> @@ -44,6 +44,10 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
>  CFLAGS_KASAN_TEST += -fno-builtin
>  endif
>
> +ifdef CONFIG_FORTIFY_SOURCE
> +CFLAGS_KASAN_TEST += -D__NO_FORTIFY
> +endif

We should be able to use OPTIMIZER_HIDE_VAR() to deal with this
instead; see commits b2325bf860fa and 09c6304e38e4.

> +
>  CFLAGS_REMOVE_kasan_test_c.o += $(call cc-option, -Wvla-larger-than=1)
>  CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST)
>  RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN)
> --
> LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}
>
Re: [PATCH v2] kasan: disable kasan_strings() kunit test when CONFIG_FORTIFY_SOURCE enabled
Posted by Yeoreum Yun 2 months ago 
Hi Andrey,

> >
> > When CONFIG_FORTIFY_SOURCE is enabled, invalid access from source
> > triggers __fortify_panic() which kills running task.
> >
> > This makes failured of kasan_strings() kunit testcase since the
> > kunit-try-cacth kthread running kasan_string() dies before checking the
> > fault.
> >
> > To address this, add define for __NO_FORTIFY for kasan kunit test.
> >
> > Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
> > ---
> >  mm/kasan/Makefile | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
> > index dd93ae8a6beb..b70d76c167ca 100644
> > --- a/mm/kasan/Makefile
> > +++ b/mm/kasan/Makefile
> > @@ -44,6 +44,10 @@ ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
> >  CFLAGS_KASAN_TEST += -fno-builtin
> >  endif
> >
> > +ifdef CONFIG_FORTIFY_SOURCE
> > +CFLAGS_KASAN_TEST += -D__NO_FORTIFY
> > +endif
>
> We should be able to use OPTIMIZER_HIDE_VAR() to deal with this
> instead; see commits b2325bf860fa and 09c6304e38e4.

Thanks for sharing this!
I'll update the patch!

--
Sincerely,
Yeoreum Yun

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.