LKDTM ARRAY_BOUNDS reports "Unexpected!" when CONFIG_UBSAN_TRAP is not set

[chleroy]

root@vgoip:/sys/kernel/debug/provoke-crash# busybox echo ARRAY_BOUNDS > DIRECT
root@vgoip:/sys/kernel/debug/provoke-crash# busybox echo ARRAY_BOUNDS > DIRECT
[  102.265827] ================================================================================
[  102.278433] UBSAN: array-index-out-of-bounds in drivers/misc/lkdtm/bugs.c:342:16
[  102.287207] index 8 is out of range for type 'char [8]'
[  102.298722] ================================================================================
[  102.313712] lkdtm: FAIL: survived array bounds overflow!
[  102.318770] lkdtm: Unexpected! This kernel (5.16.0-rc1-s3k-dev-01884-g720dcf79314a ppc) was built with CONFIG_UBSAN_BOUNDS=y

This kernel is built without CONFIG_UBSAN_TRAP, so the survival is expected.

When CONFIG_UBSAN_TRAP is selected, it doesn't survive:

root@vgoip:/sys/kernel/debug/provoke-crash# busybox echo ARRAY_BOUNDS > DIRECT
[  114.290512] lkdtm: Performing direct entry ARRAY_BOUNDS
[  114.295508] lkdtm: Array access within bounds ...
[  114.302811] lkdtm: Array access beyond bounds ...
[  114.309419] Oops: Exception in kernel mode, sig: 5 [#2]
[  114.314433] BE PAGE_SIZE=16K PREEMPT CMPC885
[  114.322187] CPU: 0 PID: 382 Comm: busybox Tainted: G      D           5.16.0-rc1-s3k-dev-01884-g720dcf79314a #478
[  114.332333] NIP:  c03fd928 LR: c03fd8ec CTR: c00580dc
[  114.337326] REGS: caf6bd50 TRAP: 0700   Tainted: G      D            (5.16.0-rc1-s3k-dev-01884-g720dcf79314a)
[  114.347135] MSR:  00029032 <EE,ME,IR,DR,RI>  CR: 42008228  XER: 00000000
[  114.353848]
[  114.353848] GPR00: c03fd8ec caf6be10 c2b82eb0 00000025 c11f991c c1213440 c10695a0 00000027
[  114.353848] GPR08: 00000042 00000008 00000008 029a8480 82002448 100d3dd6 100a2ffc 00000000
[  114.353848] GPR16: 100cd280 100b0000 105302c4 105314b5 100d0000 100d0000 00000000 100a2fdc
[  114.353848] GPR24: ffffffef caf6bf08 0000000d c07e9f6c c241c000 c08befdc c24217c0 c2259b60
[  114.389905] NIP [c03fd928] lkdtm_ARRAY_BOUNDS+0x118/0x160
[  114.395243] LR [c03fd8ec] lkdtm_ARRAY_BOUNDS+0xdc/0x160
[  114.400408] Call Trace:
[  114.402816] [caf6be10] [c03fd8ec] lkdtm_ARRAY_BOUNDS+0xdc/0x160 (unreliable)
[  114.409787] [caf6be30] [c03fd61c] direct_entry+0xdc/0x16c
[  114.415123] [caf6be60] [c029af90] full_proxy_write+0x6c/0xa4
[  114.420716] [caf6be80] [c016cecc] vfs_write+0xe8/0x4cc
[  114.425794] [caf6bf00] [c016d43c] ksys_write+0x6c/0x11c
[  114.430958] [caf6bf30] [c00110a4] ret_from_syscall+0x0/0x28
[  114.436465] --- interrupt: c00 at 0xfd51d0c
[  114.440596] NIP:  0fd51d0c LR: 10008404 CTR: 0fcff380
[  114.445591] REGS: caf6bf40 TRAP: 0c00   Tainted: G      D            (5.16.0-rc1-s3k-dev-01884-g720dcf79314a)
[  114.455399] MSR:  0000d032 <EE,PR,ME,IR,DR,RI>  CR: 24002424  XER: 00000000
[  114.462456]
[  114.462456] GPR00: 00000004 7fab1b50 77a434d0 00000001 102e0008 0000000d 554e4453 fefefeff
[  114.462456] GPR08: 7f7f7f7f 00024000 00000000 10304000 84022222 100d3dd6 100a2ffc 00000000
[  114.462456] GPR16: 100cd280 100b0000 105302c4 105314b5 100d0000 100d0000 00000000 100a2fdc
[  114.462456] GPR24: ffffffef ffffffff 00000020 100d0000 0000000d 102e0008 00000001 00000000
[  114.498514] NIP [0fd51d0c] 0xfd51d0c
[  114.502043] LR [10008404] 0x10008404
[  114.505571] --- interrupt: c00
[  114.508587] Instruction dump:
[  114.511512] 81210008 28090008 4181002c 81210008 28090007 4181001c 81410008 7d3e4a14
[  114.519343] 394a0001 99090008 91410008 4bffffd4 <7fe00008> 7fe3fb78 4bd657a9 7fc3f378
[  114.527356] ---[ end trace 1d77e33563fc8434 ]---
[  114.531909]
Trace/breakpoint trap

[kees]

I'm fine adding an XFAIL when CONFIG_UBSAN_TRAP is missing, but I think this should continue to fail if it doesn't BUG.

[chleroy]

I'm fine adding an XFAIL when CONFIG_UBSAN_TRAP is missing, but I think this should continue to fail if it doesn't BUG.

Ok, that would mean adding something equivalent to kunit_fail_current_test() inside function ubsan_prologue() ?

[kees]

I think all that's needed is for the test is something like:

if (IS_ENABLED(CONFIG_UBSAN_TRAP))
    unexpected ...
else
    XFAIL...