Merge patch series "riscv: Improve KASAN coverage to fix unit tests"

palmer-dabbelt · palmer-dabbelt · commit 583543760976 · 2024-09-19T01:10:44.000-07:00
Samuel Holland <samuel.holland@sifive.com> says: This series fixes two areas where uninstrumented assembly routines caused gaps in KASAN coverage on RISC-V, which were caught by KUnit tests. The KASAN KUnit test suite passes after applying this series. This series fixes the following test failures: # kasan_strings: EXPECTATION FAILED at mm/kasan/kasan_test.c:1520 KASAN failure expected in "kasan_int_result = strcmp(ptr, "2")", but none occurred # kasan_strings: EXPECTATION FAILED at mm/kasan/kasan_test.c:1524 KASAN failure expected in "kasan_int_result = strlen(ptr)", but none occurred not ok 60 kasan_strings # kasan_bitops_generic: EXPECTATION FAILED at mm/kasan/kasan_test.c:1531 KASAN failure expected in "set_bit(nr, addr)", but none occurred # kasan_bitops_generic: EXPECTATION FAILED at mm/kasan/kasan_test.c:1533 KASAN failure expected in "clear_bit(nr, addr)", but none occurred # kasan_bitops_generic: EXPECTATION FAILED at mm/kasan/kasan_test.c:1535 KASAN failure expected in "clear_bit_unlock(nr, addr)", but none occurred # kasan_bitops_generic: EXPECTATION FAILED at mm/kasan/kasan_test.c:1536 KASAN failure expected in "__clear_bit_unlock(nr, addr)", but none occurred # kasan_bitops_generic: EXPECTATION FAILED at mm/kasan/kasan_test.c:1537 KASAN failure expected in "change_bit(nr, addr)", but none occurred # kasan_bitops_generic: EXPECTATION FAILED at mm/kasan/kasan_test.c:1543 KASAN failure expected in "test_and_set_bit(nr, addr)", but none occurred # kasan_bitops_generic: EXPECTATION FAILED at mm/kasan/kasan_test.c:1545 KASAN failure expected in "test_and_set_bit_lock(nr, addr)", but none occurred # kasan_bitops_generic: EXPECTATION FAILED at mm/kasan/kasan_test.c:1546 KASAN failure expected in "test_and_clear_bit(nr, addr)", but none occurred # kasan_bitops_generic: EXPECTATION FAILED at mm/kasan/kasan_test.c:1548 KASAN failure expected in "test_and_change_bit(nr, addr)", but none occurred not ok 61 kasan_bitops_generic Samuel Holland (2): riscv: Omit optimized string routines when using KASAN riscv: Enable bitops instrumentation arch/riscv/include/asm/bitops.h | 43 ++++++++++++++++++--------------- arch/riscv/include/asm/string.h | 2 ++ arch/riscv/kernel/riscv_ksyms.c | 3 --- arch/riscv/lib/Makefile | 2 ++ arch/riscv/lib/strcmp.S | 1 + arch/riscv/lib/strlen.S | 1 + arch/riscv/lib/strncmp.S | 1 + arch/riscv/purgatory/Makefile | 2 ++ 8 files changed, 32 insertions(+), 23 deletions(-) * b4-shazam-merge: riscv: Enable bitops instrumentation riscv: Omit optimized string routines when using KASAN Link: https://lore.kernel.org/r/20240801033725.28816-1-samuel.holland@sifive.com Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
diff --git a/arch/riscv/include/asm/bitops.h b/arch/riscv/include/asm/bitops.h
@@ -222,44 +222,44 @@ static __always_inline int variable_fls(unsigned int x)
 #define __NOT(x)	(~(x))
 
 /**
- * test_and_set_bit - Set a bit and return its old value
+ * arch_test_and_set_bit - Set a bit and return its old value
  * @nr: Bit to set
  * @addr: Address to count from
  *
  * This operation may be reordered on other architectures than x86.
  */
-static inline int test_and_set_bit(int nr, volatile unsigned long *addr)
+static inline int arch_test_and_set_bit(int nr, volatile unsigned long *addr)
 {
 	return __test_and_op_bit(or, __NOP, nr, addr);
 }
 
 /**
- * test_and_clear_bit - Clear a bit and return its old value
+ * arch_test_and_clear_bit - Clear a bit and return its old value
  * @nr: Bit to clear
  * @addr: Address to count from
  *
  * This operation can be reordered on other architectures other than x86.
  */
-static inline int test_and_clear_bit(int nr, volatile unsigned long *addr)
+static inline int arch_test_and_clear_bit(int nr, volatile unsigned long *addr)
 {
 	return __test_and_op_bit(and, __NOT, nr, addr);
 }
 
 /**
- * test_and_change_bit - Change a bit and return its old value
+ * arch_test_and_change_bit - Change a bit and return its old value
  * @nr: Bit to change
  * @addr: Address to count from
  *
  * This operation is atomic and cannot be reordered.
  * It also implies a memory barrier.
  */
-static inline int test_and_change_bit(int nr, volatile unsigned long *addr)
+static inline int arch_test_and_change_bit(int nr, volatile unsigned long *addr)
 {
 	return __test_and_op_bit(xor, __NOP, nr, addr);
 }
 
 /**
- * set_bit - Atomically set a bit in memory
+ * arch_set_bit - Atomically set a bit in memory
  * @nr: the bit to set
  * @addr: the address to start counting from
  *
@@ -270,68 +270,68 @@ static inline int test_and_change_bit(int nr, volatile unsigned long *addr)
  * Note that @nr may be almost arbitrarily large; this function is not
  * restricted to acting on a single-word quantity.
  */
-static inline void set_bit(int nr, volatile unsigned long *addr)
+static inline void arch_set_bit(int nr, volatile unsigned long *addr)
 {
 	__op_bit(or, __NOP, nr, addr);
 }
 
 /**
- * clear_bit - Clears a bit in memory
+ * arch_clear_bit - Clears a bit in memory
  * @nr: Bit to clear
  * @addr: Address to start counting from
  *
  * Note: there are no guarantees that this function will not be reordered
  * on non x86 architectures, so if you are writing portable code,
  * make sure not to rely on its reordering guarantees.
  */
-static inline void clear_bit(int nr, volatile unsigned long *addr)
+static inline void arch_clear_bit(int nr, volatile unsigned long *addr)
 {
 	__op_bit(and, __NOT, nr, addr);
 }
 
 /**
- * change_bit - Toggle a bit in memory
+ * arch_change_bit - Toggle a bit in memory
  * @nr: Bit to change
  * @addr: Address to start counting from
  *
  * change_bit()  may be reordered on other architectures than x86.
  * Note that @nr may be almost arbitrarily large; this function is not
  * restricted to acting on a single-word quantity.
  */
-static inline void change_bit(int nr, volatile unsigned long *addr)
+static inline void arch_change_bit(int nr, volatile unsigned long *addr)
 {
 	__op_bit(xor, __NOP, nr, addr);
 }
 
 /**
- * test_and_set_bit_lock - Set a bit and return its old value, for lock
+ * arch_test_and_set_bit_lock - Set a bit and return its old value, for lock
  * @nr: Bit to set
  * @addr: Address to count from
  *
  * This operation is atomic and provides acquire barrier semantics.
  * It can be used to implement bit locks.
  */
-static inline int test_and_set_bit_lock(
+static inline int arch_test_and_set_bit_lock(
 	unsigned long nr, volatile unsigned long *addr)
 {
 	return __test_and_op_bit_ord(or, __NOP, nr, addr, .aq);
 }
 
 /**
- * clear_bit_unlock - Clear a bit in memory, for unlock
+ * arch_clear_bit_unlock - Clear a bit in memory, for unlock
  * @nr: the bit to set
  * @addr: the address to start counting from
  *
  * This operation is atomic and provides release barrier semantics.
  */
-static inline void clear_bit_unlock(
+static inline void arch_clear_bit_unlock(
 	unsigned long nr, volatile unsigned long *addr)
 {
 	__op_bit_ord(and, __NOT, nr, addr, .rl);
 }
 
 /**
- * __clear_bit_unlock - Clear a bit in memory, for unlock
+ * arch___clear_bit_unlock - Clear a bit in memory, for unlock
  * @nr: the bit to set
  * @addr: the address to start counting from
  *
@@ -345,13 +345,13 @@ static inline void clear_bit_unlock(
  * non-atomic property here: it's a lot more instructions and we still have to
  * provide release semantics anyway.
  */
-static inline void __clear_bit_unlock(
+static inline void arch___clear_bit_unlock(
 	unsigned long nr, volatile unsigned long *addr)
 {
-	clear_bit_unlock(nr, addr);
+	arch_clear_bit_unlock(nr, addr);
 }
 
-static inline bool xor_unlock_is_negative_byte(unsigned long mask,
+static inline bool arch_xor_unlock_is_negative_byte(unsigned long mask,
 		volatile unsigned long *addr)
 {
 	unsigned long res;
@@ -369,6 +369,9 @@ static inline bool xor_unlock_is_negative_byte(unsigned long mask,
 #undef __NOT
 #undef __AMO
 
+#include <asm-generic/bitops/instrumented-atomic.h>
+#include <asm-generic/bitops/instrumented-lock.h>
+
 #include <asm-generic/bitops/non-atomic.h>
 #include <asm-generic/bitops/le.h>
 #include <asm-generic/bitops/ext2-atomic.h>
diff --git a/arch/riscv/include/asm/string.h b/arch/riscv/include/asm/string.h
@@ -19,6 +19,7 @@ extern asmlinkage void *__memcpy(void *, const void *, size_t);
 extern asmlinkage void *memmove(void *, const void *, size_t);
 extern asmlinkage void *__memmove(void *, const void *, size_t);
 
+#if !(defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS))
 #define __HAVE_ARCH_STRCMP
 extern asmlinkage int strcmp(const char *cs, const char *ct);
 
@@ -27,6 +28,7 @@ extern asmlinkage __kernel_size_t strlen(const char *);
 
 #define __HAVE_ARCH_STRNCMP
 extern asmlinkage int strncmp(const char *cs, const char *ct, size_t count);
+#endif
 
 /* For those files which don't want to check by kasan. */
 #if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
diff --git a/arch/riscv/kernel/riscv_ksyms.c b/arch/riscv/kernel/riscv_ksyms.c
@@ -12,9 +12,6 @@
 EXPORT_SYMBOL(memset);
 EXPORT_SYMBOL(memcpy);
 EXPORT_SYMBOL(memmove);
-EXPORT_SYMBOL(strcmp);
-EXPORT_SYMBOL(strlen);
-EXPORT_SYMBOL(strncmp);
 EXPORT_SYMBOL(__memset);
 EXPORT_SYMBOL(__memcpy);
 EXPORT_SYMBOL(__memmove);
diff --git a/arch/riscv/lib/Makefile b/arch/riscv/lib/Makefile
@@ -3,9 +3,11 @@ lib-y			+= delay.o
 lib-y			+= memcpy.o
 lib-y			+= memset.o
 lib-y			+= memmove.o
+ifeq ($(CONFIG_KASAN_GENERIC)$(CONFIG_KASAN_SW_TAGS),)
 lib-y			+= strcmp.o
 lib-y			+= strlen.o
 lib-y			+= strncmp.o
+endif
 lib-y			+= csum.o
 ifeq ($(CONFIG_MMU), y)
 lib-$(CONFIG_RISCV_ISA_V)	+= uaccess_vector.o
diff --git a/arch/riscv/lib/strcmp.S b/arch/riscv/lib/strcmp.S
@@ -121,3 +121,4 @@ strcmp_zbb:
 #endif
 SYM_FUNC_END(strcmp)
 SYM_FUNC_ALIAS(__pi_strcmp, strcmp)
+EXPORT_SYMBOL(strcmp)
diff --git a/arch/riscv/lib/strlen.S b/arch/riscv/lib/strlen.S
@@ -131,3 +131,4 @@ strlen_zbb:
 #endif
 SYM_FUNC_END(strlen)
 SYM_FUNC_ALIAS(__pi_strlen, strlen)
+EXPORT_SYMBOL(strlen)
diff --git a/arch/riscv/lib/strncmp.S b/arch/riscv/lib/strncmp.S
@@ -137,3 +137,4 @@ strncmp_zbb:
 #endif
 SYM_FUNC_END(strncmp)
 SYM_FUNC_ALIAS(__pi_strncmp, strncmp)
+EXPORT_SYMBOL(strncmp)
diff --git a/arch/riscv/purgatory/Makefile b/arch/riscv/purgatory/Makefile
@@ -1,7 +1,9 @@
 # SPDX-License-Identifier: GPL-2.0
 
 purgatory-y := purgatory.o sha256.o entry.o string.o ctype.o memcpy.o memset.o
+ifeq ($(CONFIG_KASAN_GENERIC)$(CONFIG_KASAN_SW_TAGS),)
 purgatory-y += strcmp.o strlen.o strncmp.o
+endif
 
 targets += $(purgatory-y)
 PURGATORY_OBJS = $(addprefix $(obj)/,$(purgatory-y))

Original file line number	Diff line number	Diff line change
`@@ -222,44 +222,44 @@ static __always_inline int variable_fls(unsigned int x)`
`222`	`222`	`#define __NOT(x) (~(x))`
`223`	`223`
`224`	`224`	`/**`
`225`		`- * test_and_set_bit - Set a bit and return its old value`
	`225`	`+ * arch_test_and_set_bit - Set a bit and return its old value`
`226`	`226`	`* @nr: Bit to set`
`227`	`227`	`* @addr: Address to count from`
`228`	`228`	`*`
`229`	`229`	`* This operation may be reordered on other architectures than x86.`
`230`	`230`	`*/`
`231`		`-static inline int test_and_set_bit(int nr, volatile unsigned long *addr)`
	`231`	`+static inline int arch_test_and_set_bit(int nr, volatile unsigned long *addr)`
`232`	`232`	`{`
`233`	`233`	`return __test_and_op_bit(or, __NOP, nr, addr);`
`234`	`234`	`}`
`235`	`235`
`236`	`236`	`/**`
`237`		`- * test_and_clear_bit - Clear a bit and return its old value`
	`237`	`+ * arch_test_and_clear_bit - Clear a bit and return its old value`
`238`	`238`	`* @nr: Bit to clear`
`239`	`239`	`* @addr: Address to count from`
`240`	`240`	`*`
`241`	`241`	`* This operation can be reordered on other architectures other than x86.`
`242`	`242`	`*/`
`243`		`-static inline int test_and_clear_bit(int nr, volatile unsigned long *addr)`
	`243`	`+static inline int arch_test_and_clear_bit(int nr, volatile unsigned long *addr)`
`244`	`244`	`{`
`245`	`245`	`return __test_and_op_bit(and, __NOT, nr, addr);`
`246`	`246`	`}`
`247`	`247`
`248`	`248`	`/**`
`249`		`- * test_and_change_bit - Change a bit and return its old value`
	`249`	`+ * arch_test_and_change_bit - Change a bit and return its old value`
`250`	`250`	`* @nr: Bit to change`
`251`	`251`	`* @addr: Address to count from`
`252`	`252`	`*`
`253`	`253`	`* This operation is atomic and cannot be reordered.`
`254`	`254`	`* It also implies a memory barrier.`
`255`	`255`	`*/`
`256`		`-static inline int test_and_change_bit(int nr, volatile unsigned long *addr)`
	`256`	`+static inline int arch_test_and_change_bit(int nr, volatile unsigned long *addr)`
`257`	`257`	`{`
`258`	`258`	`return __test_and_op_bit(xor, __NOP, nr, addr);`
`259`	`259`	`}`
`260`	`260`
`261`	`261`	`/**`
`262`		`- * set_bit - Atomically set a bit in memory`
	`262`	`+ * arch_set_bit - Atomically set a bit in memory`
`263`	`263`	`* @nr: the bit to set`
`264`	`264`	`* @addr: the address to start counting from`
`265`	`265`	`*`
`@@ -270,68 +270,68 @@ static inline int test_and_change_bit(int nr, volatile unsigned long *addr)`
`270`	`270`	`* Note that @nr may be almost arbitrarily large; this function is not`
`271`	`271`	`* restricted to acting on a single-word quantity.`
`272`	`272`	`*/`
`273`		`-static inline void set_bit(int nr, volatile unsigned long *addr)`
	`273`	`+static inline void arch_set_bit(int nr, volatile unsigned long *addr)`
`274`	`274`	`{`
`275`	`275`	`__op_bit(or, __NOP, nr, addr);`
`276`	`276`	`}`
`277`	`277`
`278`	`278`	`/**`
`279`		`- * clear_bit - Clears a bit in memory`
	`279`	`+ * arch_clear_bit - Clears a bit in memory`
`280`	`280`	`* @nr: Bit to clear`
`281`	`281`	`* @addr: Address to start counting from`
`282`	`282`	`*`
`283`	`283`	`* Note: there are no guarantees that this function will not be reordered`
`284`	`284`	`* on non x86 architectures, so if you are writing portable code,`
`285`	`285`	`* make sure not to rely on its reordering guarantees.`
`286`	`286`	`*/`
`287`		`-static inline void clear_bit(int nr, volatile unsigned long *addr)`
	`287`	`+static inline void arch_clear_bit(int nr, volatile unsigned long *addr)`
`288`	`288`	`{`
`289`	`289`	`__op_bit(and, __NOT, nr, addr);`
`290`	`290`	`}`
`291`	`291`
`292`	`292`	`/**`
`293`		`- * change_bit - Toggle a bit in memory`
	`293`	`+ * arch_change_bit - Toggle a bit in memory`
`294`	`294`	`* @nr: Bit to change`
`295`	`295`	`* @addr: Address to start counting from`
`296`	`296`	`*`
`297`	`297`	`* change_bit() may be reordered on other architectures than x86.`
`298`	`298`	`* Note that @nr may be almost arbitrarily large; this function is not`
`299`	`299`	`* restricted to acting on a single-word quantity.`
`300`	`300`	`*/`
`301`		`-static inline void change_bit(int nr, volatile unsigned long *addr)`
	`301`	`+static inline void arch_change_bit(int nr, volatile unsigned long *addr)`
`302`	`302`	`{`
`303`	`303`	`__op_bit(xor, __NOP, nr, addr);`
`304`	`304`	`}`
`305`	`305`
`306`	`306`	`/**`
`307`		`- * test_and_set_bit_lock - Set a bit and return its old value, for lock`
	`307`	`+ * arch_test_and_set_bit_lock - Set a bit and return its old value, for lock`
`308`	`308`	`* @nr: Bit to set`
`309`	`309`	`* @addr: Address to count from`
`310`	`310`	`*`
`311`	`311`	`* This operation is atomic and provides acquire barrier semantics.`
`312`	`312`	`* It can be used to implement bit locks.`
`313`	`313`	`*/`
`314`		`-static inline int test_and_set_bit_lock(`
	`314`	`+static inline int arch_test_and_set_bit_lock(`
`315`	`315`	`unsigned long nr, volatile unsigned long *addr)`
`316`	`316`	`{`
`317`	`317`	`return __test_and_op_bit_ord(or, __NOP, nr, addr, .aq);`
`318`	`318`	`}`
`319`	`319`
`320`	`320`	`/**`
`321`		`- * clear_bit_unlock - Clear a bit in memory, for unlock`
	`321`	`+ * arch_clear_bit_unlock - Clear a bit in memory, for unlock`
`322`	`322`	`* @nr: the bit to set`
`323`	`323`	`* @addr: the address to start counting from`
`324`	`324`	`*`
`325`	`325`	`* This operation is atomic and provides release barrier semantics.`
`326`	`326`	`*/`
`327`		`-static inline void clear_bit_unlock(`
	`327`	`+static inline void arch_clear_bit_unlock(`
`328`	`328`	`unsigned long nr, volatile unsigned long *addr)`
`329`	`329`	`{`
`330`	`330`	`__op_bit_ord(and, __NOT, nr, addr, .rl);`
`331`	`331`	`}`
`332`	`332`
`333`	`333`	`/**`
`334`		`- * __clear_bit_unlock - Clear a bit in memory, for unlock`
	`334`	`+ * arch___clear_bit_unlock - Clear a bit in memory, for unlock`
`335`	`335`	`* @nr: the bit to set`
`336`	`336`	`* @addr: the address to start counting from`
`337`	`337`	`*`
`@@ -345,13 +345,13 @@ static inline void clear_bit_unlock(`
`345`	`345`	`* non-atomic property here: it's a lot more instructions and we still have to`
`346`	`346`	`* provide release semantics anyway.`
`347`	`347`	`*/`
`348`		`-static inline void __clear_bit_unlock(`
	`348`	`+static inline void arch___clear_bit_unlock(`
`349`	`349`	`unsigned long nr, volatile unsigned long *addr)`
`350`	`350`	`{`
`351`		`- clear_bit_unlock(nr, addr);`
	`351`	`+ arch_clear_bit_unlock(nr, addr);`
`352`	`352`	`}`
`353`	`353`
`354`		`-static inline bool xor_unlock_is_negative_byte(unsigned long mask,`
	`354`	`+static inline bool arch_xor_unlock_is_negative_byte(unsigned long mask,`
`355`	`355`	`volatile unsigned long *addr)`
`356`	`356`	`{`
`357`	`357`	`unsigned long res;`
`@@ -369,6 +369,9 @@ static inline bool xor_unlock_is_negative_byte(unsigned long mask,`
`369`	`369`	`#undef __NOT`
`370`	`370`	`#undef __AMO`
`371`	`371`
	`372`	`+#include <asm-generic/bitops/instrumented-atomic.h>`
	`373`	`+#include <asm-generic/bitops/instrumented-lock.h>`
	`374`	`+`
`372`	`375`	`#include <asm-generic/bitops/non-atomic.h>`
`373`	`376`	`#include <asm-generic/bitops/le.h>`
`374`	`377`	`#include <asm-generic/bitops/ext2-atomic.h>`