[RFC,v3,12/36] kmsan: define READ_ONCE_NOCHECK()

Message ID	20191122112621.204798-13-glider@google.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=DNi/=ZO=kvack.org=owner-linux-mm@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DBA9A20672 Date: Fri, 22 Nov 2019 12:25:57 +0100 In-Reply-To: <20191122112621.204798-1-glider@google.com> Message-Id: <20191122112621.204798-13-glider@google.com> Mime-Version: 1.0 References: <20191122112621.204798-1-glider@google.com> Subject: [PATCH RFC v3 12/36] kmsan: define READ_ONCE_NOCHECK() From: glider@google.com To: Mark Rutland <mark.rutland@arm.com>, Vegard Nossum <vegard.nossum@oracle.com>, Dmitry Vyukov <dvyukov@google.com>, linux-mm@kvack.org Cc: glider@google.com, viro@zeniv.linux.org.uk, adilger.kernel@dilger.ca, akpm@linux-foundation.org, andreyknvl@google.com, aryabinin@virtuozzo.com, luto@kernel.org, ard.biesheuvel@linaro.org, arnd@arndb.de, hch@infradead.org, hch@lst.de, darrick.wong@oracle.com, davem@davemloft.net, dmitry.torokhov@gmail.com, ebiggers@google.com, edumazet@google.com, ericvh@gmail.com, gregkh@linuxfoundation.org, harry.wentland@amd.com, herbert@gondor.apana.org.au, iii@linux.ibm.com, mingo@elte.hu, jasowang@redhat.com, axboe@kernel.dk, m.szyprowski@samsung.com, elver@google.com, martin.petersen@oracle.com, schwidefsky@de.ibm.com, willy@infradead.org, mst@redhat.com, monstr@monstr.eu, pmladek@suse.com, cai@lca.pw, rdunlap@infradead.org, robin.murphy@arm.com, sergey.senozhatsky@gmail.com, rostedt@goodmis.org, tiwai@suse.com, tytso@mit.edu, tglx@linutronix.de, gor@linux.ibm.com, wsa@the-dreams.de Content-Type: text/plain; charset="UTF-8" Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	Add KernelMemorySanitizer infrastructure \| expand [RFC,v3,00/36] Add KernelMemorySanitizer infrastructure [RFC,v3,01/36] stackdepot: check depot_index before accessing the stack slab [RFC,v3,02/36] stackdepot: build with -fno-builtin [RFC,v3,03/36] kasan: stackdepot: move filter_irq_stacks() to stackdepot.c [RFC,v3,04/36] stackdepot: reserve 5 extra bits in depot_stack_handle_t [RFC,v3,05/36] kmsan: add ReST documentation [RFC,v3,06/36] kmsan: gfp: introduce __GFP_NO_KMSAN_SHADOW [RFC,v3,07/36] kmsan: introduce __no_sanitize_memory and __SANITIZE_MEMORY__ [RFC,v3,08/36] kmsan: reduce vmalloc space [RFC,v3,09/36] kmsan: add KMSAN bits to struct page and struct task_struct [RFC,v3,10/36] kmsan: add KMSAN runtime [RFC,v3,11/36] kmsan: stackdepot: don't allocate KMSAN metadata for stackdepot [RFC,v3,12/36] kmsan: define READ_ONCE_NOCHECK() [RFC,v3,13/36] kmsan: make READ_ONCE_TASK_STACK() return initialized values [RFC,v3,14/36] kmsan: x86: sync metadata pages on page fault [RFC,v3,15/36] kmsan: add tests for KMSAN [RFC,v3,16/36] crypto: kmsan: disable accelerated configs under KMSAN [RFC,v3,17/36] kmsan: x86: disable UNWINDER_ORC under KMSAN [RFC,v3,18/36] kmsan: disable LOCK_DEBUGGING_SUPPORT [RFC,v3,20/36] kmsan: x86: increase stack sizes in KMSAN builds [RFC,v3,21/36] kmsan: disable KMSAN instrumentation for certain kernel parts [RFC,v3,22/36] kmsan: mm: call KMSAN hooks from SLUB code [RFC,v3,23/36] kmsan: call KMSAN hooks where needed [RFC,v3,24/36] kmsan: disable instrumentation of certain functions [RFC,v3,25/36] kmsan: unpoison \|tlb\| in arch_tlb_gather_mmu() [RFC,v3,26/36] kmsan: use __msan_memcpy() where possible. [RFC,v3,27/36] kmsan: hooks for copy_to_user() and friends [RFC,v3,28/36] kmsan: enable KMSAN builds [RFC,v3,29/36] kmsan: handle /dev/[u]random [RFC,v3,30/36] kmsan: virtio: check/unpoison scatterlist in vring_map_one_sg() [RFC,v3,31/36] kmsan: disable strscpy() optimization under KMSAN [RFC,v3,32/36] kmsan: add iomap support [RFC,v3,33/36] kmsan: dma: unpoison memory mapped by dma_direct_map_page() [RFC,v3,34/36] kmsan: disable physical page merging in biovec [RFC,v3,35/36] kmsan: ext4: skip block merging logic in ext4_mpage_readpages for KMSAN [RFC,v3,36/36] net: kasan: kmsan: support CONFIG_GENERIC_CSUM on x86, enable it for KASAN/KMSAN

Message ID

20191122112621.204798-13-glider@google.com (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DBA9A20672
Date: Fri, 22 Nov 2019 12:25:57 +0100
In-Reply-To: <20191122112621.204798-1-glider@google.com>
Message-Id: <20191122112621.204798-13-glider@google.com>
Mime-Version: 1.0
References: <20191122112621.204798-1-glider@google.com>
Subject: [PATCH RFC v3 12/36] kmsan: define READ_ONCE_NOCHECK()
From: glider@google.com
To: Mark Rutland <mark.rutland@arm.com>,
 Vegard Nossum <vegard.nossum@oracle.com>,
	Dmitry Vyukov <dvyukov@google.com>, linux-mm@kvack.org
Cc: glider@google.com, viro@zeniv.linux.org.uk, adilger.kernel@dilger.ca,
	akpm@linux-foundation.org, andreyknvl@google.com, aryabinin@virtuozzo.com,
	luto@kernel.org, ard.biesheuvel@linaro.org, arnd@arndb.de, hch@infradead.org,
	hch@lst.de, darrick.wong@oracle.com, davem@davemloft.net,
	dmitry.torokhov@gmail.com, ebiggers@google.com, edumazet@google.com,
	ericvh@gmail.com, gregkh@linuxfoundation.org, harry.wentland@amd.com,
	herbert@gondor.apana.org.au, iii@linux.ibm.com, mingo@elte.hu,
	jasowang@redhat.com, axboe@kernel.dk, m.szyprowski@samsung.com,
	elver@google.com, martin.petersen@oracle.com, schwidefsky@de.ibm.com,
	willy@infradead.org, mst@redhat.com, monstr@monstr.eu, pmladek@suse.com,
	cai@lca.pw, rdunlap@infradead.org, robin.murphy@arm.com,
	sergey.senozhatsky@gmail.com, rostedt@goodmis.org, tiwai@suse.com,
	tytso@mit.edu, tglx@linutronix.de, gor@linux.ibm.com, wsa@the-dreams.de
Content-Type: text/plain; charset="UTF-8"
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

Add KernelMemorySanitizer infrastructure | expand

Commit Message

Alexander Potapenko Nov. 22, 2019, 11:25 a.m. UTC

READ_ONCE_NOCHECK() is already used by KASAN to ignore memory accesses
from e.g. stack unwinders.
Define READ_ONCE_NOCHECK() for KMSAN so that it returns initialized
values. This helps defeat false positives from leftover stack contents.

Signed-off-by: Alexander Potapenko <glider@google.com>
To: Alexander Potapenko <glider@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: linux-mm@kvack.org
---
v3:
 - removed unnecessary #ifdef as requested by Mark Rutland

Change-Id: Ib38369ba038ab3b581d8e45b81036c3304fb79cb
---
 include/linux/compiler.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Marco Elver Dec. 2, 2019, 10:03 a.m. UTC | #1

On Fri, 22 Nov 2019 at 12:27, <glider@google.com> wrote:
>
> READ_ONCE_NOCHECK() is already used by KASAN to ignore memory accesses
> from e.g. stack unwinders.
> Define READ_ONCE_NOCHECK() for KMSAN so that it returns initialized
> values. This helps defeat false positives from leftover stack contents.
>
> Signed-off-by: Alexander Potapenko <glider@google.com>
> To: Alexander Potapenko <glider@google.com>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Cc: Vegard Nossum <vegard.nossum@oracle.com>
> Cc: Dmitry Vyukov <dvyukov@google.com>
> Cc: linux-mm@kvack.org
> ---
> v3:
>  - removed unnecessary #ifdef as requested by Mark Rutland
>
> Change-Id: Ib38369ba038ab3b581d8e45b81036c3304fb79cb
> ---
>  include/linux/compiler.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
> index 5e88e7e33abe..99d40f31a2c3 100644
> --- a/include/linux/compiler.h
> +++ b/include/linux/compiler.h
> @@ -270,9 +270,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
>
>  /*
>   * Use READ_ONCE_NOCHECK() instead of READ_ONCE() if you need
> - * to hide memory access from KASAN.
> + * to hide memory access from KASAN or KMSAN.
>   */
> -#define READ_ONCE_NOCHECK(x) __READ_ONCE(x, 0)
> +#define READ_ONCE_NOCHECK(x) KMSAN_INIT_VALUE(__READ_ONCE(x, 0))

I think this needs:
    #include <linux/kmsan-checks.h>
above.

>  static __no_kasan_or_inline
>  unsigned long read_word_at_a_time(const void *addr)
> --
> 2.24.0.432.g9d3f5f5b63-goog
>

Alexander Potapenko Dec. 3, 2019, 12:45 p.m. UTC | #2

On Mon, Dec 2, 2019 at 11:03 AM Marco Elver <elver@google.com> wrote:
>
> On Fri, 22 Nov 2019 at 12:27, <glider@google.com> wrote:
> >
> > READ_ONCE_NOCHECK() is already used by KASAN to ignore memory accesses
> > from e.g. stack unwinders.
> > Define READ_ONCE_NOCHECK() for KMSAN so that it returns initialized
> > values. This helps defeat false positives from leftover stack contents.
> >
> > Signed-off-by: Alexander Potapenko <glider@google.com>
> > To: Alexander Potapenko <glider@google.com>
> > Cc: Mark Rutland <mark.rutland@arm.com>
> > Cc: Vegard Nossum <vegard.nossum@oracle.com>
> > Cc: Dmitry Vyukov <dvyukov@google.com>
> > Cc: linux-mm@kvack.org
> > ---
> > v3:
> >  - removed unnecessary #ifdef as requested by Mark Rutland
> >
> > Change-Id: Ib38369ba038ab3b581d8e45b81036c3304fb79cb
> > ---
> >  include/linux/compiler.h | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/include/linux/compiler.h b/include/linux/compiler.h
> > index 5e88e7e33abe..99d40f31a2c3 100644
> > --- a/include/linux/compiler.h
> > +++ b/include/linux/compiler.h
> > @@ -270,9 +270,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
> >
> >  /*
> >   * Use READ_ONCE_NOCHECK() instead of READ_ONCE() if you need
> > - * to hide memory access from KASAN.
> > + * to hide memory access from KASAN or KMSAN.
> >   */
> > -#define READ_ONCE_NOCHECK(x) __READ_ONCE(x, 0)
> > +#define READ_ONCE_NOCHECK(x) KMSAN_INIT_VALUE(__READ_ONCE(x, 0))
>
> I think this needs:
>     #include <linux/kmsan-checks.h>
> above.
Ack, will include in v4.
> >  static __no_kasan_or_inline
> >  unsigned long read_word_at_a_time(const void *addr)
> > --
> > 2.24.0.432.g9d3f5f5b63-goog
> >

diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 5e88e7e33abe..99d40f31a2c3 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -270,9 +270,9 @@  static __always_inline void __write_once_size(volatile void *p, void *res, int s
 
 /*
  * Use READ_ONCE_NOCHECK() instead of READ_ONCE() if you need
- * to hide memory access from KASAN.
+ * to hide memory access from KASAN or KMSAN.
  */
-#define READ_ONCE_NOCHECK(x) __READ_ONCE(x, 0)
+#define READ_ONCE_NOCHECK(x) KMSAN_INIT_VALUE(__READ_ONCE(x, 0))
 
 static __no_kasan_or_inline
 unsigned long read_word_at_a_time(const void *addr)

[RFC,v3,12/36] kmsan: define READ_ONCE_NOCHECK()

Commit Message

Comments

Patch