From: Will Deacon will@kernel.org
[ Upstream commit 7aed6a2c51ffc97a126e0ea0c270fab7af97ae18 ]
Syzbot reports a KASAN failure early during boot on arm64 when building with GCC 12.2.0 and using the Software Tag-Based KASAN mode:
| BUG: KASAN: invalid-access in smp_build_mpidr_hash arch/arm64/kernel/setup.c:133 [inline] | BUG: KASAN: invalid-access in setup_arch+0x984/0xd60 arch/arm64/kernel/setup.c:356 | Write of size 4 at addr 03ff800086867e00 by task swapper/0 | Pointer tag: [03], memory tag: [fe]
Initial triage indicates that the report is a false positive and a thorough investigation of the crash by Mark Rutland revealed the root cause to be a bug in GCC:
When GCC is passed `-fsanitize=hwaddress` or `-fsanitize=kernel-hwaddress` it ignores `__attribute__((no_sanitize_address))`, and instruments functions we require are not instrumented.
[...]
All versions [of GCC] I tried were broken, from 11.3.0 to 14.2.0 inclusive.
I think we have to disable KASAN_SW_TAGS with GCC until this is fixed
Disable Software Tag-Based KASAN when building with GCC by making CC_HAS_KASAN_SW_TAGS depend on !CC_IS_GCC.
Cc: Andrey Konovalov andreyknvl@gmail.com Suggested-by: Mark Rutland mark.rutland@arm.com Reported-by: syzbot+908886656a02769af987@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/000000000000f362e80620e27859@google.com Link: https://lore.kernel.org/r/ZvFGwKfoC4yVjN_X@J2N7QTR9R3 Link: https://bugzilla.kernel.org/show_bug.cgi?id=218854 Reviewed-by: Andrey Konovalov andreyknvl@gmail.com Acked-by: Mark Rutland mark.rutland@arm.com Link: https://lore.kernel.org/r/20241014161100.18034-1-will@kernel.org Signed-off-by: Will Deacon will@kernel.org Signed-off-by: Sasha Levin sashal@kernel.org --- lib/Kconfig.kasan | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan index fdca89c057452..275e6295fcd78 100644 --- a/lib/Kconfig.kasan +++ b/lib/Kconfig.kasan @@ -22,8 +22,11 @@ config ARCH_DISABLE_KASAN_INLINE config CC_HAS_KASAN_GENERIC def_bool $(cc-option, -fsanitize=kernel-address)
+# GCC appears to ignore no_sanitize_address when -fsanitize=kernel-hwaddress +# is passed. See https://bugzilla.kernel.org/show_bug.cgi?id=218854 (and +# the linked LKML thread) for more details. config CC_HAS_KASAN_SW_TAGS - def_bool $(cc-option, -fsanitize=kernel-hwaddress) + def_bool !CC_IS_GCC && $(cc-option, -fsanitize=kernel-hwaddress)
# This option is only required for software KASAN modes. # Old GCC versions do not have proper support for no_sanitize_address. @@ -100,7 +103,7 @@ config KASAN_SW_TAGS help Enables Software Tag-Based KASAN.
- Requires GCC 11+ or Clang. + Requires Clang.
Supported only on arm64 CPUs and relies on Top Byte Ignore.