does software KASAN not instrument READ_ONCE() on arm64 with LTO?
Alexander Potapenko
glider at google.com
Thu Mar 27 00:29:18 PDT 2025
On Thu, Mar 27, 2025 at 12:10 AM Jann Horn <jannh at google.com> wrote:
>
> Hi!
>
> I just realized - arm64 redefines __READ_ONCE() to use inline assembly
> instead of a volatile load, and ASAN is designed to not instrument asm
> statement operands (not even memory operands).
Nice catch!
> (I think I may have a years-old LLVM patch somewhere that changes
> that, but I vaguely recall being told once that that's an intentional
> design decision. I might be misremembering that though...)
We have some best-effort asm instrumentation in KMSAN (see
https://llvm.org/doxygen/MemorySanitizer_8cpp_source.html#l04968) and
could potentially do something similar for KASAN, but if I remember
correctly there were some corner cases with unknown argument sizes and
with percpu instrumentation (at least on x86 percpu accesses receive
an offset of the variable in .data..percpu, not the actual address).
> So because __READ_ONCE() does not call anything like
> instrument_read(), I think instrumentation-based KASAN in LTO arm64
> builds probably doesn't cover READ_ONCE() accesses?
>
> A quick test seems to confirm this: https://godbolt.org/z/8oYfaExYf
So should it be enough to call instrument_read()?
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Liana Sebastian
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
More information about the linux-arm-kernel
mailing list