Re: [PATCH] kunit/fortify: Validate __alloc_size attribute results

From: Kees Cook
Date: Wed Oct 19 2022 - 01:45:14 EST

Next message: Zhaoyang Huang: "Re: [RFC PATCH] mm: move xa forward when run across zombie page"
Previous message: Kalle Valo: "Re: [PATCH v2] wifi: ath10k: Delay the unmapping of the buffer"
In reply to: David Gow: "Re: [PATCH] kunit/fortify: Validate __alloc_size attribute results"
Next in thread: David Gow: "Re: [PATCH] kunit/fortify: Validate __alloc_size attribute results"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 19, 2022 at 11:35:40AM +0800, David Gow wrote:
> On Tue, Oct 18, 2022 at 4:27 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > Validate the effect of the __alloc_size attribute on allocators. If the
> > compiler doesn't support __builtin_dynamic_object_size(), skip the test.
> >
> > Cc: linux-hardening@xxxxxxxxxxxxxxx
> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> > ---
> > To pass this depends on the following patches:
> > https://lore.kernel.org/lkml/20221018073430.never.551-kees@xxxxxxxxxx/
> > https://lore.kernel.org/lkml/20221018082232.never.213-kees@xxxxxxxxxx/
> > To not be skipped, either GCC 12 or Clang is needed.
> > ---
>
> While this _looks_ good, I can't actually get the tests to pass on my
> machine, with the following all having a
> __builtin_dynamic_object_size() of -1:
> - kmalloc_node(size++, gfp, NUMA_NO_NODE)
> - kzalloc(size++, gfp)
> - kzalloc_node(size++, gfp, NUMA_NO_NODE)
> - kcalloc(1, size++, gfp)
> - kcalloc_node(1, size++, gfp, NUMA_NO_NODE)
> - kmalloc_array(1, size++, gfp)
> - kmalloc_array_node(1, size++, gfp, NUMA_NO_NODE)
>
> I've been using the following command to run the tests:
> ./tools/testing/kunit/kunit.py run --kconfig_add CONFIG_FORTIFY_SOURCE=y
>
> And I've also tried it on x86_64 and arm64 under qemu, with both gcc
> 12.2.0 and clang 14.0.6-2, with the same failures.
>
> Is there a dependency somewhere I've missed? (I've tried it on the
> ksefltest/kunit branch, with the mentioned dependencies applied, and
> also on your for-next/hardening branch, with the missing patches
> applied.)

I would expect this to pass with v6.1-rc1 when used with the above two
patches added, but it seems those _did_ pass, but not the k*alloc()
helpers for you? That is curious. Here's my testing:

$ ./tools/testing/kunit/kunit.py run --arch x86_64 \
--kconfig_add CONFIG_FORTIFY_SOURCE=y --make_options LLVM=1 fortify
...
[22:43:32] =================== fortify (3 subtests) ===================
[22:43:32] [PASSED] known_sizes_test
[22:43:32] [PASSED] control_flow_split_test
[22:43:32] [PASSED] alloc_size_test
[22:43:32] ===================== [PASSED] fortify =====================
[22:43:32] ============================================================
[22:43:32] Testing complete. Ran 3 tests: passed: 3
[22:43:32] Elapsed time: 33.210s total, 3.369s configuring, 28.367s
building, 0.799s running

$ clang --version
ClangBuiltLinux clang version 16.0.0 (https://github.com/llvm/llvm-project.git 3291eac12340f465084f347720d99352241f621c)

--
Kees Cook

Next message: Zhaoyang Huang: "Re: [RFC PATCH] mm: move xa forward when run across zombie page"
Previous message: Kalle Valo: "Re: [PATCH v2] wifi: ath10k: Delay the unmapping of the buffer"
In reply to: David Gow: "Re: [PATCH] kunit/fortify: Validate __alloc_size attribute results"
Next in thread: David Gow: "Re: [PATCH] kunit/fortify: Validate __alloc_size attribute results"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]