Re: [PATCH] kasan: Disable Software Tag-Based KASAN with GCC

From: Andrey Konovalov
Date: Mon Oct 14 2024 - 14:30:39 EST


On Mon, Oct 14, 2024 at 6:11 PM Will Deacon <will@xxxxxxxxxx> wrote:
>
> Syzbot reports a KASAN failure early during boot on arm64 when building
> with GCC 12.2.0 and using the Software Tag-Based KASAN mode:
>
> | BUG: KASAN: invalid-access in smp_build_mpidr_hash arch/arm64/kernel/setup.c:133 [inline]
> | BUG: KASAN: invalid-access in setup_arch+0x984/0xd60 arch/arm64/kernel/setup.c:356
> | Write of size 4 at addr 03ff800086867e00 by task swapper/0
> | Pointer tag: [03], memory tag: [fe]
>
> Initial triage indicates that the report is a false positive and a
> thorough investigation of the crash by Mark Rutland revealed the root
> cause to be a bug in GCC:
>
> > When GCC is passed `-fsanitize=hwaddress` or
> > `-fsanitize=kernel-hwaddress` it ignores
> > `__attribute__((no_sanitize_address))`, and instruments functions
> > we require are not instrumented.
> >
> > [...]
> >
> > All versions [of GCC] I tried were broken, from 11.3.0 to 14.2.0
> > inclusive.
> >
> > I think we have to disable KASAN_SW_TAGS with GCC until this is
> > fixed
>
> Disable Software Tag-Based KASAN when building with GCC by making
> CC_HAS_KASAN_SW_TAGS depend on !CC_IS_GCC.
>
> Cc: Andrey Konovalov <andreyknvl@xxxxxxxxx>
> Suggested-by: Mark Rutland <mark.rutland@xxxxxxx>
> Reported-by: syzbot+908886656a02769af987@xxxxxxxxxxxxxxxxxxxxxxxxx
> Link: https://lore.kernel.org/r/000000000000f362e80620e27859@xxxxxxxxxx
> Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854
> Signed-off-by: Will Deacon <will@xxxxxxxxxx>
> ---
> lib/Kconfig.kasan | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> While sweeping up pending fixes and open bug reports, I noticed this one
> had slipped through the cracks...
>
> diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
> index 98016e137b7f..233ab2096924 100644
> --- a/lib/Kconfig.kasan
> +++ b/lib/Kconfig.kasan
> @@ -22,8 +22,11 @@ config ARCH_DISABLE_KASAN_INLINE
> config CC_HAS_KASAN_GENERIC
> def_bool $(cc-option, -fsanitize=kernel-address)
>
> +# GCC appears to ignore no_sanitize_address when -fsanitize=kernel-hwaddress
> +# is passed. See https://bugzilla.kernel.org/show_bug.cgi?id=218854 (and
> +# the linked LKML thread) for more details.
> config CC_HAS_KASAN_SW_TAGS
> - def_bool $(cc-option, -fsanitize=kernel-hwaddress)
> + def_bool !CC_IS_GCC && $(cc-option, -fsanitize=kernel-hwaddress)
>
> # This option is only required for software KASAN modes.
> # Old GCC versions do not have proper support for no_sanitize_address.
> @@ -98,7 +101,7 @@ config KASAN_SW_TAGS
> help
> Enables Software Tag-Based KASAN.
>
> - Requires GCC 11+ or Clang.
> + Requires Clang.
>
> Supported only on arm64 CPUs and relies on Top Byte Ignore.
>
> --
> 2.47.0.rc1.288.g06298d1525-goog
>

Reviewed-by: Andrey Konovalov <andreyknvl@xxxxxxxxx>

Thank you!