From nobody Mon Feb 9 06:57:44 2026 Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3607628B3F3 for ; Mon, 4 Aug 2025 19:18:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754335109; cv=none; b=knCG7ptRCqoocPkozfjAzN16sXD5casLt3udecxdZ77NA/4RCkmf0oURQglxRocz6cPLDX/iZ5GI+Z2n6QoGVQsB4j4f6rZJdleMgAokKW7lJ6ttyC//kvCW1SJrknHVJesW9jH7ylqD4EL8Thf5ZG5DSzgeYLpe4YNGuuahHsg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754335109; c=relaxed/simple; bh=OF7LyNhIL1EOuOn5pfi758khliHdObXKjDRY6+iPVTk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=gHWUHdlOze6KoBGzSo/oHSV+9DYNfvqE/f7GCK4qSP9QhGAc4zomHiPaFtiGavW0qkYr6NV32ddcJtfp/XMlH9COfjTkrh6VI7qImW6AyXKWP/6+IrYgsAPcC08FF6K0nYODvuIVCNxvrYfmczRdNCmwHEZQh3ffeOu075ICd5A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=YzD5lKCp; arc=none smtp.client-ip=209.85.128.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="YzD5lKCp" Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-458bf57a4e7so135e9.1 for ; Mon, 04 Aug 2025 12:18:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1754335106; x=1754939906; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=UiTfAb9cnMOM27iD69XKZ3u4igfynQ6rP5nLGl75Z/s=; b=YzD5lKCp3Nc7LL+onR3iz9pARhaMIVkDuAPRgZwo+ncQd8SXrQa4jpe7z/nklub7EL 8PJGaNPy9+4pkUSP9Msey/7o5bMmAiLz7Cxz+lx8kMt7/Mn2W+tazAx9sFfpgOO5tMSJ SbPbNbFlhLW8y2sLPzc+SNVUeNkjdND8RRrWbTG+RBZ4grqhaWIOrESc9ekAz+kMznri O2jv7fZpCr+jXh4t2BA7mbaGEeMpOq/Q51hThe4ue6BGC+eKME00qZm4zOIyC1+VvJFb a+lekUx8S4DAp75MXoxScbIWzSoG2meZh7qRq0QMT/nPfYPcAajDriqWcgTvGSjVzWmm lKgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754335106; x=1754939906; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UiTfAb9cnMOM27iD69XKZ3u4igfynQ6rP5nLGl75Z/s=; b=QWs21mPzAafrl1jQQJvQA1N2wGECWp2N+wqskEw4v0QD8XeGWvDTxodehNOC6XWplP nWQ4SEYAVThUJmFeYszx25ZOB9hGKs0p2WSxWipQ7hJKlGvUOoJc/l3yMYrwRGmcGa9I vKQDTh8xqc6IEFTlS+OKheIikuhSnxz6F8XePLh5bqhmYzwJfgtF611O/VHMd8BX8aWw THTqY96mIKb3gSJHMwbV15PPgUFDG723jXtjMUfaidFf3pU/U3D4rXiR+nSzQPLH+JT4 M+dQP/TEEv9nBPZHuRDTKv0uw0nG8cJsHAMTD6EkVTIIZHRjw/IyTW+v+UyxGd4Si8O6 B7tA== X-Forwarded-Encrypted: i=1; AJvYcCVZ3l6KejyRUEx0qtguIUOpU+GTMqsfrxFPr71II0rEUo+UlFR/YrDlpq0c6nCP8mQRswpVNA8fMFdDcpQ=@vger.kernel.org X-Gm-Message-State: AOJu0YzTUavmtlkJ0fgZuCPDJ3OeGEmfTOfbJoIr0gf5Rd45rudtVNiM Qh2Sahb1bdjHE4U6ks+8GFLAY0Gi2RYwielYC03osDw/EwD6o1L33T8F9HaQCPDllQ== X-Gm-Gg: ASbGncvYVJZuvLMFYR2N2cFemQNDFqqXMnbtmewIwgjDT6N/U1BtnYi6aE/Bh2BnYQz 1OVgaqGxbQwIxF7alqobFclRrHYtYrYgtYA5YKEFJ4uI1vIOZdxF4NCCGzsW1wJtb0cmeEl6Cyd TW+xP+FzOxCgqPB2Da1EnPrpGjc7+t0k6A/jiDTvNbPs80y6I7lrYt6LymrtKzGEMvIxhF4u3+B U4TlA6I+6p6hpZSe93uxCNQI/VwyTnwh86QTHd2M86aMDtNL/XRUbRvpvVVjmbWG51SXYOqgTRc c0c7dShd9Gf/kpAV9qZRxdtXRLR0On0Ia3MHFszcjW2IEMGmHO7hdAStry/akWeLDD5sg4PWvW1 0QEEpy1otwA== X-Google-Smtp-Source: AGHT+IGv48sGeD5VUgCauZAiE/92kma0rYRuzmY0NHuib68VVw0+Cdvc44IEf/hoe+8yq75/M+2y6A== X-Received: by 2002:a05:600c:444e:b0:442:feea:622d with SMTP id 5b1f17b1804b1-459e14ef635mr140015e9.1.1754335106255; Mon, 04 Aug 2025 12:18:26 -0700 (PDT) Received: from localhost ([2a00:79e0:9d:4:2069:2f99:1a0c:3fdd]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-3b79c3b9386sm16502103f8f.18.2025.08.04.12.18.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Aug 2025 12:18:25 -0700 (PDT) From: Jann Horn Date: Mon, 04 Aug 2025 21:17:05 +0200 Subject: [PATCH early RFC 1/4] kbuild: kasan,kcsan: refactor out enablement check Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250804-kasan-via-kcsan-v1-1-823a6d5b5f84@google.com> References: <20250804-kasan-via-kcsan-v1-0-823a6d5b5f84@google.com> In-Reply-To: <20250804-kasan-via-kcsan-v1-0-823a6d5b5f84@google.com> To: Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , Andrew Morton , Marco Elver , Christoph Lameter , David Rientjes , Vlastimil Babka , Roman Gushchin , Harry Yoo Cc: linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, Jann Horn X-Mailer: b4 0.15-dev X-Developer-Signature: v=1; a=ed25519-sha256; t=1754335100; l=2094; i=jannh@google.com; s=20240730; h=from:subject:message-id; bh=OF7LyNhIL1EOuOn5pfi758khliHdObXKjDRY6+iPVTk=; b=Nj7lWb06h7SXCifoXeKMs0DUlOqOdP4H8VnS8Otq1aKjtHh/Kl7wkBiRiTwimSc9Mb/vQL3wz G/GTNIUIiYQAgciu1KMGaY+kSTClICVFU5L25WqzmjcvA+7+WE4fbAH X-Developer-Key: i=jannh@google.com; a=ed25519; pk=AljNtGOzXeF6khBXDJVVvwSEkVDGnnZZYqfWhP1V+C8= In preparation for making the logic for enabling KASAN/KCSAN compiler instrumentation more complicated, refactor the existing logic to be more readable and (for KASAN) less repetitive. Signed-off-by: Jann Horn --- scripts/Makefile.lib | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 1d581ba5df66..017c9801b6bb 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -52,14 +52,12 @@ endif # Enable address sanitizer flags for kernel except some files or directori= es # we don't want to check (depends on variables KASAN_SANITIZE_obj.o, KASAN= _SANITIZE) # +is-kasan-compatible =3D $(patsubst n%,, \ + $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)) ifeq ($(CONFIG_KASAN),y) ifneq ($(CONFIG_KASAN_HW_TAGS),y) -_c_flags +=3D $(if $(patsubst n%,, \ - $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)),= \ - $(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE)) -_rust_flags +=3D $(if $(patsubst n%,, \ - $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)),= \ - $(RUSTFLAGS_KASAN)) +_c_flags +=3D $(if $(is-kasan-compatible), $(CFLAGS_KASAN), $(CFLAGS_KASAN= _NOSANITIZE)) +_rust_flags +=3D $(if $(is-kasan-compatible), $(RUSTFLAGS_KASAN)) endif endif =20 @@ -94,10 +92,10 @@ endif # Enable KCSAN flags except some files or directories we don't want to che= ck # (depends on variables KCSAN_SANITIZE_obj.o, KCSAN_SANITIZE) # +is-kcsan-compatible =3D $(patsubst n%,, \ + $(KCSAN_SANITIZE_$(target-stem).o)$(KCSAN_SANITIZE)$(is-kernel-object)) ifeq ($(CONFIG_KCSAN),y) -_c_flags +=3D $(if $(patsubst n%,, \ - $(KCSAN_SANITIZE_$(target-stem).o)$(KCSAN_SANITIZE)$(is-kernel-object)), \ - $(CFLAGS_KCSAN)) +_c_flags +=3D $(if $(is-kcsan-compatible), $(CFLAGS_KCSAN)) # Some uninstrumented files provide implied barriers required to avoid fal= se # positives: set KCSAN_INSTRUMENT_BARRIERS for barrier instrumentation onl= y. _c_flags +=3D $(if $(patsubst n%,, \ --=20 2.50.1.565.gc32cd1483b-goog From nobody Mon Feb 9 06:57:44 2026 Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 30F7628B4F3 for ; Mon, 4 Aug 2025 19:18:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754335110; cv=none; b=sJ5Oo9Mcj/S1BizEhZg4wBf5/dfIP6O0AoGxD4aIToWzngutBudc2inE/SNZ8JmNXhx6K+57QdoAXUlVTfTNJyvYHcCc2MS1uDGP3xkH039wrabqIOts3YKacq+l8z5HH3fD47G6yHt7jx0rJ2WO7MkmMK4RR67IH6ea61VnDr8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754335110; c=relaxed/simple; bh=NjE72AJfCjjPyCkru/f2MOaH1lg7CZ5EkGcOF4OBDks=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=KlMZRarewH+6u2yTYZlfil/Bt3++8jLj2T9S9y5L3QuxqVkBS9cYtDTcoCCLyRwOzQj3RzDDGDA/wqce3+BGFlD2Qf0e7Z3lujAHEbr+A1LWGJj0pMEeQ9q9ly8T21yTQEAZT+yCje5UTa2oSWsLBC773gCHqJ4mB23AIcNaXtU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=IiBBN4dr; arc=none smtp.client-ip=209.85.128.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="IiBBN4dr" Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-459d5ab32d1so20035e9.0 for ; Mon, 04 Aug 2025 12:18:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1754335107; x=1754939907; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=WLpMpvoA1z4oTuimkC9AbHvBIqL/ABDs45bxwTwR93E=; b=IiBBN4dra0JYqYB5NHzWkMQ7T1kfqFgT2u18L4R75JzYatUUjjcdvMYE/eJB5bdTrE 5D2ZbD1MtAy3rX+mDYOISawy2zYP/KKVJbaZ5DUqQQR7dzEetfhzx1ZNPk4ZrhJcbiFm 6isaT0X1PdO/AE9yQyNEo50EhISeAS0brnT9sZk0SsecGRZSuLLESgqsbCAUBJI/S+7Y g5fq1XewT/kvPw9t3P1Pc2+HVNF71zjreVx16+CC0QjpyYhQyAMq6WL8dbdAdTN2fxj0 7r3T7IIEl/wtT1CM1xW7pVCybGhivnPvBeXoa5/RnhjEXvcCRAlSdAx2o7ZEAkLz1RfI q2cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754335107; x=1754939907; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WLpMpvoA1z4oTuimkC9AbHvBIqL/ABDs45bxwTwR93E=; b=FQEvTuDQbssKMlH1AIzeFHNDeFeMbSaoxxfBrePA5to6cB2d1YfsngiLdzQxrqGcmv IJ+enY+iqhfDnpxaMR7zj5448MXiXdjGHN60J2QLRyexLnaWLqDWt9d8AFMEkx0x3Qsc qnKyD83YvjIS8LIgapD3DbzkLvXL13SzAf3P91NkYIAVea019UiFPbJ4y8z89jQmUSAs mvGbuYerS0yzFHebxb590TKDp1Z0PoPFOilbhT59L5/No3PVc1+PPwOz1B2EWhwenmL+ WLxPGSTDO5rEv5kgz74286OfDlkOthz5YQiNuppfG+MBzAoZrJK123knZ49R+7zf37Dc hACw== X-Forwarded-Encrypted: i=1; AJvYcCXMsOSaNjO3nMS+N8RY94CsC56qzkOk/THuWszl4DI0eTI4bM+wsFJqhL+FPHpU3KjU58L6Yuqy2/NOFTc=@vger.kernel.org X-Gm-Message-State: AOJu0Yz1bVPOiWRxBX7XUUuxfpN0afjTPdLnhxPfAS8yWQvEUNGg4pPz Rg6LvMSfaMge5MYInK56FzpaYrMxarcqEYnK5jOUdhXY1+yhZ2dcme4t37ZoxZqFYA== X-Gm-Gg: ASbGnctdx9XjVsqdfqa7xhTqAuVC5G7p+/68hTE+efkG4LhLQR/s5lkM32feytxBdkt s3+dYkzhJhIOIR1Lk/2japcOYOrjezGrMwqfWjMjEAMTGbjoeqOJ7KSf7YUxxNfEzFMBnOqEGea dA2Ez0O3lkepGfeQYSISaIEMYKxsPkgDFAAIYvxAqguJQZJorgU/9gCXifu6YfnIWi+UfANJzTI tzgJgXJ4u0NZBnfAO1wcDwyZvipeUo8M6/ACrS2x9b6mgRK2QHnvqZjtjQtft/pniyjJrCrtxXN X72QhYxn13ld6bOZ8s1+md4bzyXH6khJlVEkCvMFC4nGfGvOckSYR/xj2mCJ/zINVDZXiuqxmrL dW4dRHy4ljA== X-Google-Smtp-Source: AGHT+IFk5pynUlS9FSBP/BDYtXEaR7BK3ItjDT3ayyMn7XCBf8iPKo4JkSB801Lzlyp1iGac3gCIhg== X-Received: by 2002:a05:600c:3b8d:b0:458:92d5:3070 with SMTP id 5b1f17b1804b1-459e13d16demr154465e9.6.1754335107203; Mon, 04 Aug 2025 12:18:27 -0700 (PDT) Received: from localhost ([2a00:79e0:9d:4:2069:2f99:1a0c:3fdd]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-3b79c4a2187sm17020318f8f.70.2025.08.04.12.18.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Aug 2025 12:18:26 -0700 (PDT) From: Jann Horn Date: Mon, 04 Aug 2025 21:17:06 +0200 Subject: [PATCH early RFC 2/4] kbuild: kasan: refactor open coded cflags for kasan test Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250804-kasan-via-kcsan-v1-2-823a6d5b5f84@google.com> References: <20250804-kasan-via-kcsan-v1-0-823a6d5b5f84@google.com> In-Reply-To: <20250804-kasan-via-kcsan-v1-0-823a6d5b5f84@google.com> To: Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , Andrew Morton , Marco Elver , Christoph Lameter , David Rientjes , Vlastimil Babka , Roman Gushchin , Harry Yoo Cc: linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, Jann Horn X-Mailer: b4 0.15-dev X-Developer-Signature: v=1; a=ed25519-sha256; t=1754335100; l=1736; i=jannh@google.com; s=20240730; h=from:subject:message-id; bh=NjE72AJfCjjPyCkru/f2MOaH1lg7CZ5EkGcOF4OBDks=; b=BDqvSo8zU4lISb3FEBItz3PSoNVV4TwDjBHeB1I690t0v00wbQL0cLH2axC58YYT1CIBDzJMN B6MMKb0Zo8SD3vG6eifgKNbCFz0c5cSCDSxaGd5VhvQ+hGbZMmExTSZ X-Developer-Key: i=jannh@google.com; a=ed25519; pk=AljNtGOzXeF6khBXDJVVvwSEkVDGnnZZYqfWhP1V+C8= In the Makefile for mm/kasan/, KASAN is broadly disabled to prevent the KASAN runtime from recursing into itself; but the KASAN tests must be exempt from that. This is currently implemented by duplicating the same logic that is also in scripts/Makefile.lib. In preparation for changing that logic, refactor away the duplicate logic - we already have infrastructure for opting in specific files inside directories that are opted out. Signed-off-by: Jann Horn --- mm/kasan/Makefile | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile index dd93ae8a6beb..922b2e6f6d14 100644 --- a/mm/kasan/Makefile +++ b/mm/kasan/Makefile @@ -35,18 +35,10 @@ CFLAGS_shadow.o :=3D $(CC_FLAGS_KASAN_RUNTIME) CFLAGS_hw_tags.o :=3D $(CC_FLAGS_KASAN_RUNTIME) CFLAGS_sw_tags.o :=3D $(CC_FLAGS_KASAN_RUNTIME) =20 -CFLAGS_KASAN_TEST :=3D $(CFLAGS_KASAN) -ifndef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX -# If compiler instruments memintrinsics by prefixing them with __asan/__hw= asan, -# we need to treat them normally (as builtins), otherwise the compiler won= 't -# recognize them as instrumentable. If it doesn't instrument them, we need= to -# pass -fno-builtin, so the compiler doesn't inline them. -CFLAGS_KASAN_TEST +=3D -fno-builtin -endif +KASAN_SANITIZE_kasan_test_c.o :=3D y +KASAN_SANITIZE_kasan_test_rust.o :=3D y =20 CFLAGS_REMOVE_kasan_test_c.o +=3D $(call cc-option, -Wvla-larger-than=3D1) -CFLAGS_kasan_test_c.o :=3D $(CFLAGS_KASAN_TEST) -RUSTFLAGS_kasan_test_rust.o :=3D $(RUSTFLAGS_KASAN) =20 obj-y :=3D common.o report.o obj-$(CONFIG_KASAN_GENERIC) +=3D init.o generic.o report_generic.o shadow.= o quarantine.o --=20 2.50.1.565.gc32cd1483b-goog From nobody Mon Feb 9 06:57:44 2026 Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 377A128B7C9 for ; Mon, 4 Aug 2025 19:18:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754335112; cv=none; b=aZBSQzNg8tL4okZohMtLWz+kr1ziVDmJCFHZ1DK4QpXyyBYuKIOW1y0gqrKTb9OrI0GYw5QD6ANAlpnNFTLug4Nt7QEelALN75Gx1ZwPE4Q+Vk3s0XsOzSDDxkPxLXSdvxvExqqfnMvjAqGrihlfKRQPO2N5PnrXo1OlF6dt+xc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754335112; c=relaxed/simple; bh=y9lF2CD6zfkfZgvGaHoJ5qNs6uZl48FfUZ5qO9DoJ2o=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ZRLsvXy1e/tPaP5Xmh43QzIE7YVxxzYIocIzXV4qJ04y7y4QXJwwjS+HJSD7q8uSbn+26JtwFBScBcpDm/lGEjv/5L3MOY2CYzKmZ8S4MktLW7veKp2P9bHLTFtrnGFe0sIBe04NEYwnQ5iAGbB2yWH92My2UUcYZL7NQBt2rl0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=CPaNENT9; arc=none smtp.client-ip=209.85.128.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CPaNENT9" Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-459d5ab32d1so20055e9.0 for ; Mon, 04 Aug 2025 12:18:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1754335108; x=1754939908; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=toe9nuO+2sDqStO+Lp3ssNFV6aT9Bxci34jiczavffM=; b=CPaNENT9PU5tR3xLpHP57Oeef6DIOa3HnTSwx1DeMDfInukTydqCL61vaUT7dPhKVV Q7g/NjyEdbUYGj9DhFKJs9edEMA4P/xzC35IRRe95UC8991T1bmekZ3VfVa3mYQw4xnt t+PMgLIW5GS9LAFFzPZKjUEp/u2glddHWBi6NmBL3eWKU09HxRsjA2vDH6nrycln7N+B 1VI3tPrru2s4R2KTjcg5f2Ruvq1CA4iR+SYW/7dHoeWqrxqTmwnSVJaXFBOe5BfoSZQc SNYJkRecq7xWx70pJwO1eHKEtTdGKRaY+/ddsPBBg+duqI94JL1eo9iwnVQsITcf3dOW ZebQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754335108; x=1754939908; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=toe9nuO+2sDqStO+Lp3ssNFV6aT9Bxci34jiczavffM=; b=kqQ2PU9lHpwopV1Nc/yN/GLO/JkylkpBe2Yb866+acAuLW5ErnNS3BfE+FWUuTfPzN QCYoNXZKlP3Nc5uFTppO81dZSafmi/ejfX4dzB9tKD4+lmwzj3htzt14QsBu1SJK0rV0 kE0O/BDXZ8tPQrclQvB5XNGTcdau1EMmctvKD8PqgXVetTKC1Updjx9LHED7OOhIZ2wB LR2JxKasgjfPnz+vdzMeU1AEuFjsmf2zXeTEKq8HC/1BdBf3zkbbB3WHHoYO11Lka3qr HCmTCb+O8ZngQMSsklApOU4P2nKzAqZJMgEm3D3TNcNSOnIJRQjJxNHqfxviRdatXQEc gapA== X-Forwarded-Encrypted: i=1; AJvYcCUCqgtrlSiwnyqSS66mCjkAX8urzGecAe24kZz2rxUMD9RmH4uvqMfs2XE//kbcTVYZ1FZu+nKDBNf8YCA=@vger.kernel.org X-Gm-Message-State: AOJu0YzoRLrnwYm77hhJTsHBxLdv5lc+BwTRaTzffTudbfI2NIQawQlN CFDobWJwcBdYZb0U74KaqxOPlhkL3bdah40F5UFpT8Tv2UmwarEyrJ+kEAA0sLfscQ== X-Gm-Gg: ASbGnctD/k1FrFGI8LJFW6XDnT19hRh22oGsbX/sPgUWmL+PUK1PPxftrO1L4joL6NJ GKezJCfg3cqiVAsq1aRWPa2XEcvYBkffpTUvAj3ZmYv333Ac2Ts+B61c66VoDFt4y4XGDFNETfR AoAHjG/j6Kdap1s3gHbxyGtlhcxQ/kG5LT3l72GzZaL0u7vSrc6eK4vxle0sb0eIavb6pnyvSH5 ewsd5gJT5eyZivDkoPQT0zb1onE8c+Hnwz6c/nd37fykU48jo58ULT0zoVA0AJznPx1el6XVB6P auC/1Ej4aFJ307ip95nlu3UWDoWV7oeY4sXRETcDRA+skIyhr5Ld819z/yWaout5qTNCRnt6Xb+ Cb3dAng3/Bg== X-Google-Smtp-Source: AGHT+IGAJUECbMrbVo4c54ajse1G4XDEXlZalnMUSUfJ5ZXLM1xpHCzJE1+uL/+URdEhqOpnIGDI3A== X-Received: by 2002:a05:600c:a212:b0:453:79c3:91d6 with SMTP id 5b1f17b1804b1-459e15e6259mr86595e9.1.1754335108155; Mon, 04 Aug 2025 12:18:28 -0700 (PDT) Received: from localhost ([2a00:79e0:9d:4:2069:2f99:1a0c:3fdd]) by smtp.gmail.com with UTF8SMTPSA id 5b1f17b1804b1-459dd85f423sm33348665e9.18.2025.08.04.12.18.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Aug 2025 12:18:27 -0700 (PDT) From: Jann Horn Date: Mon, 04 Aug 2025 21:17:07 +0200 Subject: [PATCH early RFC 3/4] kasan: add support for running via KCSAN hooks Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250804-kasan-via-kcsan-v1-3-823a6d5b5f84@google.com> References: <20250804-kasan-via-kcsan-v1-0-823a6d5b5f84@google.com> In-Reply-To: <20250804-kasan-via-kcsan-v1-0-823a6d5b5f84@google.com> To: Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , Andrew Morton , Marco Elver , Christoph Lameter , David Rientjes , Vlastimil Babka , Roman Gushchin , Harry Yoo Cc: linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, Jann Horn X-Mailer: b4 0.15-dev X-Developer-Signature: v=1; a=ed25519-sha256; t=1754335100; l=10086; i=jannh@google.com; s=20240730; h=from:subject:message-id; bh=y9lF2CD6zfkfZgvGaHoJ5qNs6uZl48FfUZ5qO9DoJ2o=; b=YpEZ1lrDao+pTUdAML2s5r2iEEJOkeJ6f219/fzn6kEo/SpJLJ2GwRh4rGUp3e+41ekTkTWfp AJPeUtPm+r7BC3tfmqlv05iHKsUBIUTu9ax8GDhAWYWUtkm2aRP0kfA X-Developer-Key: i=jannh@google.com; a=ed25519; pk=AljNtGOzXeF6khBXDJVVvwSEkVDGnnZZYqfWhP1V+C8= Inserting ASAN and TSAN instrumentation at the same time is not supported by gcc/clang, and so the kernel currently does not support enabling KASAN (which uses ASAN) and KCSAN (which uses TSAN) at the same time. But luckily, the TSAN hooks provide a large part of what we get from ASAN hooks; so it is possible to hook up KASAN indirectly through KCSAN. There are some trade-offs with this - in particular: - Since OOB detection for stack and globals relies on ASAN-specific redzone creation in the compiler, it won't be available when using TSAN instrumentation (because the compiler thinks we only want instrumentation for catching UAF). - Unlike KASAN, KCSAN does not have instrumentation for functions like memcpy(), and this KASAN mode inherits this issue from KCSAN. - It makes it impossible to selectively disable KCSAN without also disabling KASAN, or the other way around. To be safe, this mode only enables KCSAN instrumentation in files in which both KASAN and KCSAN are allowed. (There are currently some places in the kernel that disable KASAN without disabling KCSAN - I think that's probably unintentional, and we might want to refactor that at some point such that either KASAN and KCSAN are enabled in the same files, or files covered by KCSAN are a subset of files covered by KASAN if that's somehow problematic. Opting out of every compiler instrumentation individually in makefiles seems suboptimal to me.) - I expect its performance to be significantly worse than normal KASAN, but have not tested that; performance is not really something I care about for my usecase. NOTE: instrument_read() and such call both KASAN and KCSAN, so KASAN will see duplicate accesses from instrument_read(). Signed-off-by: Jann Horn --- include/linux/kasan.h | 14 ++++++++++++++ kernel/kcsan/core.c | 13 +++++++++++++ lib/Kconfig.kasan | 17 +++++++++++++++++ lib/Kconfig.kcsan | 2 +- mm/kasan/kasan.h | 11 ----------- mm/kasan/kasan_test_c.c | 4 ++++ mm/kasan/shadow.c | 3 ++- scripts/Makefile.lib | 6 +++++- 8 files changed, 56 insertions(+), 14 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 890011071f2b..818c53707e72 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -75,6 +75,20 @@ extern void kasan_enable_current(void); /* Disable reporting bugs for current task */ extern void kasan_disable_current(void); =20 +/** + * kasan_check_range - Check memory region, and report if invalid access. + * @addr: the accessed address + * @size: the accessed size + * @write: true if access is a write access + * @ret_ip: return address + * @return: true if access was valid, false if invalid + * + * This function is intended for KASAN-internal use and for integration wi= th + * KCSAN. + */ +bool kasan_check_range(const void *addr, size_t size, bool write, + unsigned long ret_ip); + #else /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */ =20 static inline int kasan_add_zero_shadow(void *start, unsigned long size) diff --git a/kernel/kcsan/core.c b/kernel/kcsan/core.c index 8a7baf4e332e..aaa9bf0141a8 100644 --- a/kernel/kcsan/core.c +++ b/kernel/kcsan/core.c @@ -728,6 +728,19 @@ check_access(const volatile void *ptr, size_t size, in= t type, unsigned long ip) if (unlikely(size =3D=3D 0)) return; =20 +#ifdef CONFIG_KASAN_KCSAN + /* + * Use the KCSAN infrastructure to inform KASAN about memory accesses. + * Do this only for real memory access, not for KCSAN assertions - in + * particular, SLUB makes KCSAN assertions that can cross into ASAN + * redzones, which would KASAN think that an OOB access occurred. + */ + if ((type & KCSAN_ACCESS_ASSERT) =3D=3D 0) { + kasan_check_range((const void *)ptr, size, + (type & (KCSAN_ACCESS_WRITE|KCSAN_ACCESS_COMPOUND)) !=3D 0, ip); + } +#endif + again: /* * Avoid user_access_save in fast-path: find_watchpoint is safe without diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan index f82889a830fa..0ee9f2196448 100644 --- a/lib/Kconfig.kasan +++ b/lib/Kconfig.kasan @@ -133,6 +133,7 @@ choice =20 config KASAN_OUTLINE bool "Outline instrumentation" + depends on !KCSAN help Makes the compiler insert function calls that check whether the memory is accessible before each memory access. Slower than KASAN_INLINE, but @@ -141,17 +142,33 @@ config KASAN_OUTLINE config KASAN_INLINE bool "Inline instrumentation" depends on !ARCH_DISABLE_KASAN_INLINE + depends on !KCSAN help Makes the compiler directly insert memory accessibility checks before each memory access. Faster than KASAN_OUTLINE (gives ~x2 boost for some workloads), but makes the kernel's .text size much bigger. =20 +config KASAN_KCSAN + bool "Piggyback on KCSAN (EXPERIMENTAL)" + depends on KASAN_GENERIC + depends on KCSAN + help + Let KASAN piggyback on KCSAN instrumentation callbacks instead of + using KASAN-specific compiler instrumentation. + + This limits coverage of KASAN and KCSAN to files that are supported by + *both* KASAN and KCSAN. + + This is only useful if you want to run both the KASAN and KCSAN + subsystems at the same time. + endchoice =20 config KASAN_STACK bool "Stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST depends on KASAN_GENERIC || KASAN_SW_TAGS depends on !ARCH_DISABLE_KASAN_INLINE + depends on !KASAN_KCSAN default y if CC_IS_GCC help Disables stack instrumentation and thus KASAN's ability to detect diff --git a/lib/Kconfig.kcsan b/lib/Kconfig.kcsan index 609ddfc73de5..86bf8f2da0a8 100644 --- a/lib/Kconfig.kcsan +++ b/lib/Kconfig.kcsan @@ -13,7 +13,7 @@ config HAVE_KCSAN_COMPILER menuconfig KCSAN bool "KCSAN: dynamic data race detector" depends on HAVE_ARCH_KCSAN && HAVE_KCSAN_COMPILER - depends on DEBUG_KERNEL && !KASAN + depends on DEBUG_KERNEL select CONSTRUCTORS select STACKTRACE help diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 129178be5e64..ec191ff1fc83 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -335,17 +335,6 @@ static __always_inline bool addr_has_metadata(const vo= id *addr) } #endif =20 -/** - * kasan_check_range - Check memory region, and report if invalid access. - * @addr: the accessed address - * @size: the accessed size - * @write: true if access is a write access - * @ret_ip: return address - * @return: true if access was valid, false if invalid - */ -bool kasan_check_range(const void *addr, size_t size, bool write, - unsigned long ret_ip); - #else /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */ =20 static __always_inline bool addr_has_metadata(const void *addr) diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c index 5f922dd38ffa..c4826c67aa33 100644 --- a/mm/kasan/kasan_test_c.c +++ b/mm/kasan/kasan_test_c.c @@ -154,6 +154,8 @@ static void kasan_test_exit(struct kunit *test) #define KASAN_TEST_NEEDS_CHECKED_MEMINTRINSICS(test) do { \ if (IS_ENABLED(CONFIG_KASAN_HW_TAGS)) \ break; /* No compiler instrumentation. */ \ + if (IS_ENABLED(CONFIG_KASAN_KCSAN)) \ + kunit_skip((test), "No checked mem*() with KCSAN"); \ if (IS_ENABLED(CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX)) \ break; /* Should always be instrumented! */ \ if (IS_ENABLED(CONFIG_GENERIC_ENTRY)) \ @@ -1453,6 +1455,7 @@ static void kasan_global_oob_right(struct kunit *test) =20 /* Only generic mode instruments globals. */ KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC); + KASAN_TEST_NEEDS_CONFIG_OFF(test, CONFIG_KASAN_KCSAN); =20 KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p); } @@ -1468,6 +1471,7 @@ static void kasan_global_oob_left(struct kunit *test) */ KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_CC_IS_CLANG); KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC); + KASAN_TEST_NEEDS_CONFIG_OFF(test, CONFIG_KASAN_KCSAN); KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p); } =20 diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index d2c70cd2afb1..136be8e6c98d 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -38,7 +38,8 @@ bool __kasan_check_write(const volatile void *p, unsigned= int size) } EXPORT_SYMBOL(__kasan_check_write); =20 -#if !defined(CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX) && !defined(CONFIG_G= ENERIC_ENTRY) +#if !defined(CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX) && \ + !defined(CONFIG_GENERIC_ENTRY) && !defined(CONFIG_KASAN_KCSAN) /* * CONFIG_GENERIC_ENTRY relies on compiler emitted mem*() calls to not be * instrumented. KASAN enabled toolchains should emit __asan_mem*() functi= ons diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 017c9801b6bb..2572fcc0bf50 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -56,10 +56,13 @@ is-kasan-compatible =3D $(patsubst n%,, \ $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)) ifeq ($(CONFIG_KASAN),y) ifneq ($(CONFIG_KASAN_HW_TAGS),y) +# Disable ASAN instrumentation if KASAN is running off the KCSAN hooks. +ifneq ($(CONFIG_KASAN_KCSAN),y) _c_flags +=3D $(if $(is-kasan-compatible), $(CFLAGS_KASAN), $(CFLAGS_KASAN= _NOSANITIZE)) _rust_flags +=3D $(if $(is-kasan-compatible), $(RUSTFLAGS_KASAN)) endif endif +endif =20 ifeq ($(CONFIG_KMSAN),y) _c_flags +=3D $(if $(patsubst n%,, \ @@ -95,7 +98,8 @@ endif is-kcsan-compatible =3D $(patsubst n%,, \ $(KCSAN_SANITIZE_$(target-stem).o)$(KCSAN_SANITIZE)$(is-kernel-object)) ifeq ($(CONFIG_KCSAN),y) -_c_flags +=3D $(if $(is-kcsan-compatible), $(CFLAGS_KCSAN)) +enable-kcsan-instr =3D $(and $(is-kcsan-compatible), $(if $(CONFIG_KASAN_K= CSAN),$(is-kasan-compatible),y)) +_c_flags +=3D $(if $(enable-kcsan-instr), $(CFLAGS_KCSAN)) # Some uninstrumented files provide implied barriers required to avoid fal= se # positives: set KCSAN_INSTRUMENT_BARRIERS for barrier instrumentation onl= y. _c_flags +=3D $(if $(patsubst n%,, \ --=20 2.50.1.565.gc32cd1483b-goog From nobody Mon Feb 9 06:57:44 2026 Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 157C528B7EC for ; Mon, 4 Aug 2025 19:18:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754335112; cv=none; b=MO2Cl1Lpe2RgUzmx69iqAxeO+mzfLYHNDP9sjcWCwAyFftRCZUHCFKJL3N5W0tHQd2ke2/m7JWDe4H//bR+/lW7QvHELBZwqIHiiYnQDUo6LMprm6Sng//rwK+9Wea8yEda4/j9g8Ain2G7njH17t2k4J2yLmXhu340LqaRz4KY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754335112; c=relaxed/simple; bh=rDvA4L4QbNOZZHJ9ypWKaY7n7K/aeq1dGeCN1JjgQg4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=darxdbjaNTKpX2WYjstOdURv/cmKA3AEOflXIF9Po0IYfOY42e/Mvpl9AakWynspRTWKzKJ1e8sEVy20CgzpiebR7t7VJ0panBZ7pwIwzUdbNs27f45ywuylgNf0g4FMKGCSXTAXIzEJZg3qvNkqDefF8CwRsrf/P9Tz/9qdbe8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Fj4bbU/Y; arc=none smtp.client-ip=209.85.128.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Fj4bbU/Y" Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-455b63bfa52so10665e9.0 for ; Mon, 04 Aug 2025 12:18:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1754335109; x=1754939909; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=L+ElZLVKoAO1zlP8cjrF+LYIULpb9l5O5jbMVWAEu58=; b=Fj4bbU/YrQ2Zm1E7EEN0ytfGJkkN15+XQjGKTuDDDZpbkaGqGRDPZuR4YrOfPGqzxp RPFqo35LVNSswPvFkIZ6z3nVuHh89hoBhCvOggZpUiBVBGOLQR6q24eYwCc54IUvD8+h yPA7KxJADY00XUacO5zDWuEfRkHkgA9tO/ToJlcXfJBGUS60UWgODizv1O4/vvK27dXL zkwT0mS8vREN2/RRGUGCSWXKtzipWfRdCgtSCgG3RwVOdJ0cYKK95M/AmiFahXyAyK9R wi0Bpqrs2eGs0r9DHRh4LXX+sBRBfLUARmX8sRqpXmYGu3F0VHqYSwsoDM11O2Q0gVL/ 6Vhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754335109; x=1754939909; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=L+ElZLVKoAO1zlP8cjrF+LYIULpb9l5O5jbMVWAEu58=; b=s6B2OVwMdibjRaW4/NiPP6IVLKXLVvp1LUvCj+pLb5aL4b+YYLwwMiID0ozvXuhOzK xQnCFhxcwS5EXB1CxnHY21qj/nEZZoqfWymyFOL/57V2C6XBgBjkAy2xiLQsmTIBRe5r kYTcGLq1Xa2bEqhArmyTWUWDkMMUAfu5rcB9DWMTe0nMyOCXvORkfKkTqqWh009uhRKw nAJgw/GYbiuxlaOpZX4pAtzFW4HYXD3Y39TyPAXl1pmInvGDLpnCMAGk8oJ4QCZqW8TH p19hQnbwA7iHntommsoU490sfSudu9qbrORBDz53PA48ebbn60PNVrYE75OAJQNl8alA p8FQ== X-Forwarded-Encrypted: i=1; AJvYcCWipuPrZMzbjREGlgScuOh7S125os35WpjqXTkQctj3+25IFOya8rfZ1PfFIqyzteBCuMed2ChqgYU0BdU=@vger.kernel.org X-Gm-Message-State: AOJu0Yz/7gyxcgAuvPs8kxg08oCyyBsfKxZINqa6hvlECcRmZjY499Ed CRp/2gk80GlP4C1qVOK2NCnoWIs7dh7ZIsDR885ANZoMQ2kLLPK9LWKs9m0bDGLGYw== X-Gm-Gg: ASbGncvBlPMOQ/FyaEKN2TdfLNwqXoCDpD9GHiLpCsGADkp0eDk5jjt3VZ6SPWDNDTn b0DgSWKH3FIW3qYXxGG0ftXfIYT2Ji37UwR6E6JnYedQv8ldi7aBwvm9we9ZJZUHU1UC2g/Fpy7 JNf+8CX0G+00zz8BAuOSKHF+n13rLYMTRF3ktb9R4cUAraGtF0BY7KJzB2YrD/abkRfxcNhO69k LOXFgBxWNNVXjQsLepTVE0s+zZHt5oAlnRLjPSh5PUfzT/ORynyCF33tQa0re+GYK7JJZHbI2fH dsN8e8bfPqn1crZ3B+pV3xydAOQRWJ7SB36E/wvSjZTlCMqw6wnU8NVefoE/ZVCyv9xmzhQIB6U ca4yyuo8wlY8OinQ373wj1w== X-Google-Smtp-Source: AGHT+IFXIw0hETMOIcFdZZPj95d4g3PWYz9SZjzY0rqj09Zgdh9l/ptS5MqTJPdGntxa1C5rvhU2+w== X-Received: by 2002:a05:600c:4f0c:b0:456:e94:466c with SMTP id 5b1f17b1804b1-459e162c21bmr99265e9.3.1754335109094; Mon, 04 Aug 2025 12:18:29 -0700 (PDT) Received: from localhost ([2a00:79e0:9d:4:2069:2f99:1a0c:3fdd]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-3b8e0bfc79fsm6386856f8f.56.2025.08.04.12.18.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Aug 2025 12:18:28 -0700 (PDT) From: Jann Horn Date: Mon, 04 Aug 2025 21:17:08 +0200 Subject: [PATCH early RFC 4/4] mm/slub: Defer KCSAN hook on free to KASAN if available Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250804-kasan-via-kcsan-v1-4-823a6d5b5f84@google.com> References: <20250804-kasan-via-kcsan-v1-0-823a6d5b5f84@google.com> In-Reply-To: <20250804-kasan-via-kcsan-v1-0-823a6d5b5f84@google.com> To: Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , Andrew Morton , Marco Elver , Christoph Lameter , David Rientjes , Vlastimil Babka , Roman Gushchin , Harry Yoo Cc: linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, Jann Horn X-Mailer: b4 0.15-dev X-Developer-Signature: v=1; a=ed25519-sha256; t=1754335100; l=2111; i=jannh@google.com; s=20240730; h=from:subject:message-id; bh=rDvA4L4QbNOZZHJ9ypWKaY7n7K/aeq1dGeCN1JjgQg4=; b=BNMFpmS4euz1y5tN47fZ/MPB/oBGEwflQjmjyeX1N1RVfc1GB9ZCh7BojwIDDdkpsHaV00kuS UgRf/ZcDTKmDULwqSbKBaJxSEXdp2iwg5oMuT9N60I9e/Fr6RrmgtHO X-Developer-Key: i=jannh@google.com; a=ed25519; pk=AljNtGOzXeF6khBXDJVVvwSEkVDGnnZZYqfWhP1V+C8= SLUB calls __kcsan_check_access() in slab_free_hook() so that KCSAN has an opportunity to detect racy use-after-free bugs, for example by delaying the freeing a bit and watching for any other accesses to the allocation. When KASAN and KCSAN are active at the same time, and such a racy use-after-free occurs that KCSAN can detect, it would be nice to also get a full KASAN report. To make that possible, move the KCSAN hook invocation after the point where KASAN has marked the object as freed in KASAN builds. Signed-off-by: Jann Horn --- mm/kasan/common.c | 5 +++++ mm/slub.c | 9 +++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index ed4873e18c75..3492a6db191e 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -263,6 +263,11 @@ bool __kasan_slab_free(struct kmem_cache *cache, void = *object, bool init, =20 poison_slab_object(cache, object, init, still_accessible); =20 + if (!still_accessible) { + __kcsan_check_access(object, cache->object_size, + KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ASSERT); + } + /* * If the object is put into quarantine, do not let slab put the object * onto the freelist for now. The object's metadata is kept until the diff --git a/mm/slub.c b/mm/slub.c index 31e11ef256f9..144399aebdc6 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -2311,8 +2311,13 @@ bool slab_free_hook(struct kmem_cache *s, void *x, b= ool init, if (!(s->flags & SLAB_DEBUG_OBJECTS)) debug_check_no_obj_freed(x, s->object_size); =20 - /* Use KCSAN to help debug racy use-after-free. */ - if (!still_accessible) + /* + * Use KCSAN to help debug racy use-after-free. + * If KASAN is also enabled, this is instead done from KASAN when the + * object has already been marked as free, so that KCSAN's race-window + * widening can trigger a KASAN splat. + */ + if (!IS_ENABLED(CONFIG_KASAN) && !still_accessible) __kcsan_check_access(x, s->object_size, KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ASSERT); =20 --=20 2.50.1.565.gc32cd1483b-goog