| Message ID | 20231121220155.1217090-18-iii@linux.ibm.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | kmsan: Enable on s390 | expand |
On Tue, Nov 21, 2023 at 11:02 PM Ilya Leoshkevich <iii@linux.ibm.com> wrote: > > KMSAN warns about check_canary() accessing the canary. > > The reason is that, even though set_canary() is properly instrumented > and sets shadow, slub explicitly poisons the canary's address range > afterwards. > > Unpoisoning the canary is not the right thing to do: only > check_canary() is supposed to ever touch it. Instead, disable KMSAN > checks around canary read accesses. > > Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Alexander Potapenko <glider@google.com>
On Fri, Dec 8, 2023 at 1:53 PM Alexander Potapenko <glider@google.com> wrote: > > On Tue, Nov 21, 2023 at 11:02 PM Ilya Leoshkevich <iii@linux.ibm.com> wrote: > > > > KMSAN warns about check_canary() accessing the canary. > > > > The reason is that, even though set_canary() is properly instrumented > > and sets shadow, slub explicitly poisons the canary's address range > > afterwards. > > > > Unpoisoning the canary is not the right thing to do: only > > check_canary() is supposed to ever touch it. Instead, disable KMSAN > > checks around canary read accesses. > > > > Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> > Reviewed-by: Alexander Potapenko <glider@google.com> and even Tested-by: Alexander Potapenko <glider@google.com>
diff --git a/mm/kfence/core.c b/mm/kfence/core.c index 3872528d0963..a2ea8e5a1ad9 100644 --- a/mm/kfence/core.c +++ b/mm/kfence/core.c @@ -306,7 +306,7 @@ metadata_update_state(struct kfence_metadata *meta, enum kfence_object_state nex } /* Check canary byte at @addr. */ -static inline bool check_canary_byte(u8 *addr) +__no_kmsan_checks static inline bool check_canary_byte(u8 *addr) { struct kfence_metadata *meta; unsigned long flags; @@ -341,7 +341,8 @@ static inline void set_canary(const struct kfence_metadata *meta) *((u64 *)addr) = KFENCE_CANARY_PATTERN_U64; } -static inline void check_canary(const struct kfence_metadata *meta) +__no_kmsan_checks static inline void +check_canary(const struct kfence_metadata *meta) { const unsigned long pageaddr = ALIGN_DOWN(meta->addr, PAGE_SIZE); unsigned long addr = pageaddr;
KMSAN warns about check_canary() accessing the canary. The reason is that, even though set_canary() is properly instrumented and sets shadow, slub explicitly poisons the canary's address range afterwards. Unpoisoning the canary is not the right thing to do: only check_canary() is supposed to ever touch it. Instead, disable KMSAN checks around canary read accesses. Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> --- mm/kfence/core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)