Re: DEFINE_FLEX_test: EXPECTATION FAILED at lib/overflow_kunit.c:1200:
From: Kees Cook
Date: Tue Nov 19 2024 - 12:50:29 EST
On Tue, Nov 19, 2024 at 08:05:16AM -0700, Nathan Chancellor wrote:
> Hi Naresh,
>
> + Kees (it does not look like you own lib/overflow_kunit.c, should that
> be updated?)
Yeah, though I thought the selftest tree was moving a bunch of these
into a subdirectory? Maybe that didn't happen for v6.12?
> On Tue, Nov 19, 2024 at 04:17:41PM +0530, Naresh Kamboju wrote:
> > The overflow_DEFINE_FLEX_test KUnit test case. This test consistently
> > passes when built with GCC-13 but fails when using Clang-19 or
> > Clang-nightly.
> >
> > Test Case: overflow_DEFINE_FLEX_test
> > Compilers: Passing: GCC-13
> > Failing: Clang-19, Clang-nightly
> > Observed Behavior: The test failure is reproducible with Clang builds,
> > while GCC builds produce consistent success.
> >
> > This inconsistency suggests a potential issue either in the Clang toolchain
> > or in the test implementation that is exposed by Clang's compilation behavior.
> >
> > Test log:
> > ----------
> > <6>[ 92.471692] # castable_to_type_test: 103 castable_to_type()
> > tests finished
> > <6>[ 92.474933] ok 21 castable_to_type_test
> > <3>[ 92.476715] # DEFINE_FLEX_test: EXPECTATION FAILED at
> > lib/overflow_kunit.c:1200
> > <3>[ 92.476715] Expected
> > __builtin_dynamic_object_size(two_but_zero, 0) == expected_raw_size,
> > but
> > <3>[ 92.476715] __builtin_dynamic_object_size(two_but_zero,
> > 0) == 12 (0xc)
> > <3>[ 92.476715] expected_raw_size == 8 (0x8)
> > <6>[ 92.480178] not ok 22 DEFINE_FLEX_test
> > <6>[ 92.483020] # overflow: pass:21 fail:1 skip:0 total:22
>
> I can reproduce this with Clang 19.1.3 on 6.12, so it does not appear to
> be a recent problem.
>
> $ printf 'CONFIG_%s=y\n' KUNIT OVERFLOW_KUNIT_TEST >kernel/configs/overflow_kunit.config
>
> $ make -skj"$(nproc)" ARCH=arm64 LLVM=1 mrproper {def,hardening.,overflow_kunit.}config Image.gz
>
> $ boot-qemu.py ...
> [ 0.000000] Linux version 6.12.0 (nathan@thelio-3990X) (ClangBuiltLinux clang version 19.1.3 (https://github.com/llvm/llvm-project.git ab51eccf88f5321e7c60591c5546b254b6afab99), ClangBuiltLinux LLD 19.1.3 (https://github.com/llvm/llvm-project.git ab51eccf88f5321e7c60591c5546b254b6afab99)) #1 SMP PREEMPT Tue Nov 19 07:28:39 MST 2024
> ...
> [ 4.184764] # DEFINE_FLEX_test: EXPECTATION FAILED at lib/overflow_kunit.c:1200
> [ 4.184764] Expected __builtin_dynamic_object_size(two_but_zero, 0) == expected_raw_size, but
> [ 4.184764] __builtin_dynamic_object_size(two_but_zero, 0) == 12 (0xc)
> [ 4.184764] expected_raw_size == 8 (0x8)
> [ 4.190023] not ok 22 DEFINE_FLEX_test
> [ 4.206181] # overflow: pass:21 fail:1 skip:0 total:22
> [ 4.208635] # Totals: pass:21 fail:1 skip:0 total:22
> [ 4.212218] not ok 1 overflow
> ...
>
> I do not really understand how __builtin_dynamic_object_size() can
> return 12 for two_but_zero with __counted_by() because DEFINE_RAW_FLEX()
> does not initialize the counter so it should be zero... Kees? I guess
> maybe something changed on the LLVM side, I will see if I can bisect
> later (all the boxes are tied up with other compilations at the moment).
Hmm. I assume this is related to recent bdos vs counted_by changes in
Clang 19.1.2 (or .3?) But I'm going to have to track down which is
causing it.
The test is supposed to check this...
if counted_by is supported, DEFINE_RAW_FLEX will init counted_by to 0,
so the object is expected to be seen as sizeof(int) + sizeof(u32) (8).
if counted_by is NOT supported, then bdos will return the on-stack size
of the object (8 + sizeof(s16) * 2) == 12.
If LLVM switch to "max of counted_by or bos", then returning 12 would
make sense again.
I will check behaviors and compare it to GCC 15...
--
Kees Cook