Differential D55075
kern linker: Mark link_elf_ireloc as no-KASAN Authored by andrew on Tue, Feb 3, 11:19 AM.
Details
When moving the kernel mem* functions to be an ifunc we need to ensure Fix this by marking the function as no-KASAN so this isn't possible. Sponsored by: Arm Ltd
Diff Detail
Event TimelineComment Actions Do you mean that the low-level startup, e.g. hammertime() for amd64, and initarm() for arm64, must be tagged with __nosanitizeaddress as well? (And recursively every function that is called from them, at least up to the point where ifuncs are resolved). Comment Actions This is the only early function I found that calls into a sanitizer runtime. I booted KASAN, KMSAN, and KCSAN with a slightly modified D55051 (disable mops_supported in the ifunc resolvers) & exited initarm in all cases. In this case it looks like the compiler is adding checks for eff. Comment Actions Isn't this the problem that memset_early() etc. are supposed to solve? Where exactly is the memset() call happening? Comment Actions So this is the __builtin_memset() call from kasan_shadow_Nbyte_fill(). Probably that code should be trying to use memset_early() instead, say, if kasan_init() hasn't already been called? Comment Actions For this bug fix to be complete, you have to patch all callees of link_elf_ireloc(), not just link_elf_ireloc(). Comment Actions I've asked @sarah.walker2_arm.com to test. I have confirmed that eff is the issue. If I move it off the stack I can boot without needing either this patch or changing the sanitizer runtimes. Comment Actions Ok. I'd still prefer to fix this in the sanitizer runtime, otherwise we'll probably see this problem again in the future. |