[RFC,v4,34/42] kmsan: handle /dev/[u]random

Message ID	20191220184955.223741-35-glider@google.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=GDT+=2K=kvack.org=owner-linux-mm@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 65CC520866 Date: Fri, 20 Dec 2019 19:49:47 +0100 In-Reply-To: <20191220184955.223741-1-glider@google.com> Message-Id: <20191220184955.223741-35-glider@google.com> Mime-Version: 1.0 References: <20191220184955.223741-1-glider@google.com> Subject: [PATCH RFC v4 34/42] kmsan: handle /dev/[u]random From: glider@google.com To: Andrew Morton <akpm@linux-foundation.org>, Jens Axboe <axboe@kernel.dk>, "Theodore Ts'o" <tytso@mit.edu>, Dmitry Torokhov <dmitry.torokhov@gmail.com>, "Martin K. Petersen" <martin.petersen@oracle.com>, "Michael S. Tsirkin" <mst@redhat.com>, Christoph Hellwig <hch@lst.de>, Eric Dumazet <edumazet@google.com>, Eric Van Hensbergen <ericvh@gmail.com>, Takashi Iwai <tiwai@suse.com>, Vegard Nossum <vegard.nossum@oracle.com>, Dmitry Vyukov <dvyukov@google.com>, Marco Elver <elver@google.com>, Andrey Konovalov <andreyknvl@google.com>, Matthew Wilcox <willy@infradead.org>, linux-mm@kvack.org Cc: glider@google.com, viro@zeniv.linux.org.uk, adilger.kernel@dilger.ca, aryabinin@virtuozzo.com, luto@kernel.org, ard.biesheuvel@linaro.org, arnd@arndb.de, hch@infradead.org, darrick.wong@oracle.com, davem@davemloft.net, ebiggers@google.com, gregkh@linuxfoundation.org, harry.wentland@amd.com, herbert@gondor.apana.org.au, iii@linux.ibm.com, mingo@elte.hu, jasowang@redhat.com, m.szyprowski@samsung.com, mark.rutland@arm.com, schwidefsky@de.ibm.com, mhocko@suse.com, monstr@monstr.eu, pmladek@suse.com, cai@lca.pw, rdunlap@infradead.org, robin.murphy@arm.com, sergey.senozhatsky@gmail.com, rostedt@goodmis.org, tglx@linutronix.de, gor@linux.ibm.com, wsa@the-dreams.de Content-Type: text/plain; charset="UTF-8" Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	Add KernelMemorySanitizer infrastructure \| expand [RFC,v4,00/42] Add KernelMemorySanitizer infrastructure [RFC,v4,01/42] stackdepot: check depot_index before accessing the stack slab [RFC,v4,02/42] stackdepot: build with -fno-builtin [RFC,v4,03/42] kasan: stackdepot: move filter_irq_stacks() to stackdepot.c [RFC,v4,04/42] stackdepot: reserve 5 extra bits in depot_stack_handle_t [RFC,v4,05/42] kmsan: add ReST documentation [RFC,v4,06/42] kmsan: gfp: introduce __GFP_NO_KMSAN_SHADOW [RFC,v4,07/42] kmsan: introduce __no_sanitize_memory and __SANITIZE_MEMORY__ [RFC,v4,08/42] kmsan: reduce vmalloc space [RFC,v4,09/42] kmsan: add KMSAN runtime core [RFC,v4,10/42] kmsan: KMSAN compiler API implementation [RFC,v4,11/42] kmsan: add KMSAN hooks for kernel subsystems [RFC,v4,12/42] kmsan: stackdepot: don't allocate KMSAN metadata for stackdepot [RFC,v4,13/42] kmsan: define READ_ONCE_NOCHECK() [RFC,v4,14/42] kmsan: make READ_ONCE_TASK_STACK() return initialized values [RFC,v4,15/42] kmsan: x86: sync metadata pages on page fault [RFC,v4,16/42] kmsan: add tests for KMSAN [RFC,v4,17/42] crypto: kmsan: disable accelerated configs under KMSAN [RFC,v4,18/42] kmsan: x86: disable UNWINDER_ORC under KMSAN [RFC,v4,19/42] kmsan: x86/asm: softirq: add KMSAN IRQ entry hooks [RFC,v4,20/42] kmsan: x86: increase stack sizes in KMSAN builds [RFC,v4,21/42] kmsan: disable KMSAN instrumentation for certain kernel parts [RFC,v4,22/42] kmsan: mm: call KMSAN hooks from SLUB code [RFC,v4,23/42] kmsan: mm: maintain KMSAN metadata for page operations [RFC,v4,24/42] kmsan: handle memory sent to/from USB [RFC,v4,25/42] kmsan: handle task creation and exiting [RFC,v4,26/42] kmsan: net: check the value of skb before sending it to the network [RFC,v4,27/42] kmsan: printk: treat the result of vscnprintf() as initialized [RFC,v4,28/42] kmsan: disable instrumentation of certain functions [RFC,v4,29/42] kmsan: unpoison \|tlb\| in arch_tlb_gather_mmu() [RFC,v4,30/42] kmsan: use __msan_ string functions where possible. [RFC,v4,31/42] kmsan: hooks for copy_to_user() and friends [RFC,v4,32/42] kmsan: init: call KMSAN initialization routines [RFC,v4,33/42] kmsan: enable KMSAN builds [RFC,v4,34/42] kmsan: handle /dev/[u]random [RFC,v4,35/42] kmsan: virtio: check/unpoison scatterlist in vring_map_one_sg() [RFC,v4,36/42] kmsan: disable strscpy() optimization under KMSAN [RFC,v4,37/42] kmsan: add iomap support [RFC,v4,38/42] kmsan: dma: unpoison memory mapped by dma_direct_map_page() [RFC,v4,39/42] kmsan: disable physical page merging in biovec [RFC,v4,40/42] kmsan: ext4: skip block merging logic in ext4_mpage_readpages for KMSAN [RFC,v4,41/42] x86: kasan: kmsan: support CONFIG_GENERIC_CSUM on x86, enable it for KASAN/KMSAN [RFC,v4,42/42] kmsan: x86/uprobes: unpoison regs in arch_uprobe_exception_notify()

Message ID

20191220184955.223741-35-glider@google.com (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 65CC520866
Date: Fri, 20 Dec 2019 19:49:47 +0100
In-Reply-To: <20191220184955.223741-1-glider@google.com>
Message-Id: <20191220184955.223741-35-glider@google.com>
Mime-Version: 1.0
References: <20191220184955.223741-1-glider@google.com>
Subject: [PATCH RFC v4 34/42] kmsan: handle /dev/[u]random
From: glider@google.com
To: Andrew Morton <akpm@linux-foundation.org>, Jens Axboe <axboe@kernel.dk>,
	"Theodore Ts'o" <tytso@mit.edu>, Dmitry Torokhov <dmitry.torokhov@gmail.com>,
	"Martin K. Petersen" <martin.petersen@oracle.com>,
 "Michael S. Tsirkin" <mst@redhat.com>,
	Christoph Hellwig <hch@lst.de>, Eric Dumazet <edumazet@google.com>,
 Eric Van Hensbergen <ericvh@gmail.com>,
	Takashi Iwai <tiwai@suse.com>, Vegard Nossum <vegard.nossum@oracle.com>,
	Dmitry Vyukov <dvyukov@google.com>, Marco Elver <elver@google.com>,
	Andrey Konovalov <andreyknvl@google.com>,
 Matthew Wilcox <willy@infradead.org>, linux-mm@kvack.org
Cc: glider@google.com, viro@zeniv.linux.org.uk, adilger.kernel@dilger.ca,
	aryabinin@virtuozzo.com, luto@kernel.org, ard.biesheuvel@linaro.org,
	arnd@arndb.de, hch@infradead.org, darrick.wong@oracle.com,
	davem@davemloft.net, ebiggers@google.com, gregkh@linuxfoundation.org,
	harry.wentland@amd.com, herbert@gondor.apana.org.au, iii@linux.ibm.com,
	mingo@elte.hu, jasowang@redhat.com, m.szyprowski@samsung.com,
	mark.rutland@arm.com, schwidefsky@de.ibm.com, mhocko@suse.com,
	monstr@monstr.eu, pmladek@suse.com, cai@lca.pw, rdunlap@infradead.org,
	robin.murphy@arm.com, sergey.senozhatsky@gmail.com, rostedt@goodmis.org,
	tglx@linutronix.de, gor@linux.ibm.com, wsa@the-dreams.de
Content-Type: text/plain; charset="UTF-8"
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

Add KernelMemorySanitizer infrastructure | expand

Commit Message

Alexander Potapenko Dec. 20, 2019, 6:49 p.m. UTC

The random number generator may use uninitialized memory, but it may not
return uninitialized values. Unpoison the output buffer in
_extract_crng() to prevent false reports.

Signed-off-by: Alexander Potapenko <glider@google.com>
To: Alexander Potapenko <glider@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: "Theodore Ts'o" <tytso@mit.edu>
Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Marco Elver <elver@google.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: linux-mm@kvack.org

---
This patch was previously known as "kmsan: unpoisoning buffers from
devices etc.", but it turned out to be possible to drop most of the
annotations from that patch, so it only relates to /dev/random now.

Change-Id: Id460e7a86ce564f1357469f53d0c7410ca08f0e9
---
 drivers/char/random.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 909e0c3d82ea..3c69b9772005 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -320,6 +320,7 @@ 
 #include <linux/fs.h>
 #include <linux/genhd.h>
 #include <linux/interrupt.h>
+#include <linux/kmsan-checks.h>
 #include <linux/mm.h>
 #include <linux/nodemask.h>
 #include <linux/spinlock.h>
@@ -1060,6 +1061,11 @@  static void _extract_crng(struct crng_state *crng,
 	spin_lock_irqsave(&crng->lock, flags);
 	if (arch_get_random_long(&v))
 		crng->state[14] ^= v;
+	/*
+	 * Regardless of where the random data comes from, KMSAN should treat
+	 * it as initialized.
+	 */
+	kmsan_unpoison_shadow(crng->state, sizeof(crng->state));
 	chacha20_block(&crng->state[0], out);
 	if (crng->state[12] == 0)
 		crng->state[13]++;

[RFC,v4,34/42] kmsan: handle /dev/[u]random

Commit Message

Patch