[PATCH 0/2] Fix some incompatibilites between KASAN and FORTIFY_SOURCE

From: Daniel Axtens
Date: Wed Jan 15 2020 - 01:37:36 EST


3 KASAN self-tests fail on a kernel with both KASAN and FORTIFY_SOURCE:
memchr, memcmp and strlen. I have observed this on x86 and powerpc.

When FORTIFY_SOURCE is on, a number of functions are replaced with
fortified versions, which attempt to check the sizes of the
operands. However, these functions often directly invoke __builtin_foo()
once they have performed the fortify check.

This breaks things in 2 ways:

- the three function calls are technically dead code, and can be
eliminated. When __builtin_ versions are used, the compiler can detect
this.

- Using __builtins may bypass KASAN checks if the compiler decides to
inline it's own implementation as sequence of instructions, rather than
emit a function call that goes out to a KASAN-instrumented
implementation.

The patches address each reason in turn.

As a result, we're also able to remove a snippet of code copy-pasted
between every KASAN implementation that tries (largely unsuccessfully) to
disable FORTIFY_SOURCE under KASAN.

Daniel Axtens (2):
kasan: stop tests being eliminated as dead code with FORTIFY_SOURCE
string.h: fix incompatibility between FORTIFY_SOURCE and KASAN

arch/arm64/include/asm/string.h | 4 ---
arch/powerpc/include/asm/string.h | 4 ---
arch/s390/include/asm/string.h | 4 ---
arch/x86/include/asm/string_64.h | 4 ---
arch/xtensa/include/asm/string.h | 3 --
include/linux/string.h | 49 +++++++++++++++++++++++--------
lib/test_kasan.c | 30 ++++++++++++-------
7 files changed, 56 insertions(+), 42 deletions(-)

--
2.20.1