From patchwork Wed Oct 30 14:22:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Potapenko X-Patchwork-Id: 11219605 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3C75F112B for ; Wed, 30 Oct 2019 14:22:47 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id E2F8A2087E for ; Wed, 30 Oct 2019 14:22:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="IX3jVHwm" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E2F8A2087E Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 14B456B0003; Wed, 30 Oct 2019 10:22:46 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 0FCBB6B0006; Wed, 30 Oct 2019 10:22:46 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F2CB76B000A; Wed, 30 Oct 2019 10:22:45 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0032.hostedemail.com [216.40.44.32]) by kanga.kvack.org (Postfix) with ESMTP id B7B0B6B0003 for ; Wed, 30 Oct 2019 10:22:45 -0400 (EDT) Received: from smtpin10.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with SMTP id 020B28249980 for ; Wed, 30 Oct 2019 14:22:45 +0000 (UTC) X-FDA: 76100667090.10.laugh88_34f5ce87ef711 X-Spam-Summary: 50,0,0,a3f5e4517183fad4,d41d8cd98f00b204,3szy5xqykcmqqvsno1qyyqvo.mywvsx47-wwu5kmu.y1q@flex--glider.bounces.google.com,:viro@zeniv.linux.org.uk:akpm@linux-foundation.org:aryabinin@virtuozzo.com:luto@kernel.org:ard.biesheuvel@linaro.org:arnd@arndb.de:hch@lst.de:dmitry.torokhov@gmail.com:dvyukov@google.com:edumazet@google.com:ericvh@gmail.com:gregkh@linuxfoundation.org:harry.wentland@amd.com:herbert@gondor.apana.org.au:mingo@elte.hu:axboe@kernel.dk:martin.petersen@oracle.com:schwidefsky@de.ibm.com:mst@redhat.com:monstr@monstr.eu:pmladek@suse.com:sergey.senozhatsky@gmail.com:rostedt@goodmis.org:tiwai@suse.com:tytso@mit.edu:tglx@linutronix.de:vegard.nossum@oracle.com:wsa@the-dreams.de:gor@linux.ibm.com:iii@linux.ibm.com:mark.rutland@arm.com:willy@infradead.org:rdunlap@infradead.org:andreyknvl@google.com:elver@google.com::glider@google.com,RULES_HIT:4:41:152:355:379:541:800:960:967:973:982:988:989:1260:1263:1277:1313:1314:1345:1431:1437:1516:1518:1593:1594:1605:173 0:1747:1 X-HE-Tag: laugh88_34f5ce87ef711 X-Filterd-Recvd-Size: 15452 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) by imf49.hostedemail.com (Postfix) with ESMTP for ; Wed, 30 Oct 2019 14:22:43 +0000 (UTC) Received: by mail-wm1-f74.google.com with SMTP id z5so678846wma.5 for ; Wed, 30 Oct 2019 07:22:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=ZiFbTZzQ79lNvtf3aBd3CKdEmLGHFda53URndb65t+g=; b=IX3jVHwmOU0AGM1IAVhsOarEuwPjNmY//TDfJ+3FooHUiNkRhze0ZYP7eA4fxRAOsS SrQ/ZORjIPYUnSd9IpuN+BQG4bD6i9iEN+8i8jxmkVrAFjgfu63mWFyoYga1hTzA/hN1 6SPAHjQUlihs1zq4y/5TqKCkHK774vPsr6K1LL3IuTmo+xS6lz4AuvVc0oizSV7Mx85I UHmpst0v/lZrSy/bOexrpBYanwM2fI+FwdqFUgn1Gm5ieEtis/ocJ1gZe4fTYQ0Lrqa4 vvx7YgMFFs1nTeewFDreuDyd+8zSj5QMIXQL2pLx9rB2rYUCSdCwic0uFvh0oIr938gn 2VaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=ZiFbTZzQ79lNvtf3aBd3CKdEmLGHFda53URndb65t+g=; b=OjWaXjb5SyyIBlnSOAlTLCP0uFEwcLD8RmQdZCHAtO7qpOp2RlozcRlT16mbrYxV5H S6WwQI8xqYq6UqgVyw5PVXLTW02iwFpkLD2alMVxBsnofPDS4p3c6nGZw8MwGu9lYJN4 UY7ji3a8KhY39SChBULPnESQN4SYWnsQt+rpYi/J+KxX0i7+WycUE347bJ+SNF+F8NZX xBo60w7oqcOKFcYexY3EWfJ91k8/2jxKy0stemHbDaubgfwGpcZWSiXm0FK+sBMW00Ir Vfc0aY6SlT7I4uy/Tga4FT2cI798LO5FFsAIvaC0v2oQSYeNJxWpPNuHPd0YSP4aHw4N V9vA== X-Gm-Message-State: APjAAAXmlj6WOKsy/cGH0EtJb6YnsfQITegwJ7XDTeByDm+WyTa+IoTS e6Qo8EqaI6gwVlApp/P6pWUEkTvuPhY= X-Google-Smtp-Source: APXvYqzOctlsxy8QQ8sxnZvQpw+meg67kWi2qdFf81+lXMK3632GFnAN4nQpxXXJBZXCivqHpPq+LDB7BFk= X-Received: by 2002:a5d:6ac3:: with SMTP id u3mr136129wrw.206.1572445361915; Wed, 30 Oct 2019 07:22:41 -0700 (PDT) Date: Wed, 30 Oct 2019 15:22:12 +0100 Message-Id: <20191030142237.249532-1-glider@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.24.0.rc0.303.g954a862665-goog Subject: [PATCH RFC v2 00/25] Add KernelMemorySanitizer infrastructure From: glider@google.com To: Alexander Viro , Andrew Morton , Andrey Ryabinin , Andy Lutomirski , Ard Biesheuvel , Arnd Bergmann , Christoph Hellwig , Dmitry Torokhov , Dmitry Vyukov , Eric Dumazet , Eric Van Hensbergen , Greg Kroah-Hartman , Harry Wentland , Herbert Xu , Ingo Molnar , Jens Axboe , "Martin K. Petersen" , Martin Schwidefsky , "Michael S. Tsirkin" , Michal Simek , Petr Mladek , Sergey Senozhatsky , Steven Rostedt , Takashi Iwai , "Theodore Ts'o" , Thomas Gleixner , Vegard Nossum , Wolfram Sang , Vasily Gorbik , Ilya Leoshkevich , Mark Rutland , Matthew Wilcox , Randy Dunlap , Andrey Konovalov , Marco Elver , linux-mm@kvack.org Cc: Alexander Potapenko X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: KernelMemorySanitizer (KMSAN) is a detector of errors related to uses of uninitialized memory. It relies on compile-time Clang instrumentation (similar to MSan: https://clang.llvm.org/docs/MemorySanitizer.html) and tracks the state of every bit of kernel memory, being able to report an error if uninitialized value is used in a condition, dereferenced or copied to userspace, USB or network. KMSAN has reported more than 200 bugs in the past two years, most of them with the help of syzkaller (http://syzkaller.appspot.com). The proposed patchset contains KMSAN runtime implementation together with small changes to other subsystems needed to make KMSAN work. The latter changes fall into several categories: - nice-to-have features that are independent from KMSAN but simplify its implementation (stackdepot changes, CONFIG_GENERIC_CSUM etc.); - Kconfig changes that prohibit options incompatible with KMSAN; - calls to KMSAN runtime functions that help KMSAN do the bookkeeping (e.g. tell it to allocate, copy or delete the metadata); - calls to KMSAN runtime functions that tell KMSAN to check memory escaping the kernel for uninitialized values. These are required to increase the number of true positive error reports; - calls to runtime functions that tell KMSAN to ignore certain memory ranges to avoid false negative reports. Most certainly there can be better ways to deal with every such report. This patchset allows one to boot and run a defconfig+KMSAN kernel on a QEMU without known major false positives. It however doesn't guarantee there are no false positives in drivers of certain devices or less tested subsystems, although KMSAN is actively tested on syzbot with quite a rich config. One may find it handy to review these patches in Gerrit: https://linux-review.googlesource.com/c/linux/kernel/git/torvalds/linux/+/1081 I've ensured the Change-Id: tags stay away from commit descriptions. The patchset was generated relative to Linux v5.4-rc5. I also apologize for not sending every patch in the previous series to all recipients of patches from that series. Note: checkpatch.pl complains a lot about the use of BUG_ON in KMSAN source. I don't have a strong opinion on this, but KMSAN is a debugging tool, so any runtime invariant violation in it renders the tool useless. Therefore it doesn't make much sense to not terminate after a bug in KMSAN. Alexander Potapenko (25): stackdepot: check depot_index before accessing the stack slab stackdepot: prevent Clang from optimizing away stackdepot_memcmp() kasan: stackdepot: move filter_irq_stacks() to stackdepot.c stackdepot: reserve 5 extra bits in depot_stack_handle_t kmsan: add ReST documentation kmsan: gfp: introduce __GFP_NO_KMSAN_SHADOW kmsan: introduce __no_sanitize_memory and __SANITIZE_MEMORY__ kmsan: reduce vmalloc space kmsan: add KMSAN runtime kmsan: define READ_ONCE_NOCHECK() kmsan: x86: sync metadata pages on page fault kmsan: add tests for KMSAN kmsan: make READ_ONCE_TASK_STACK() return initialized values kmsan: Kconfig changes to disable options incompatible with KMSAN kmsan: Changing existing files to enable KMSAN builds kmsan: disable KMSAN instrumentation for certain kernel parts kmsan: mm: call KMSAN hooks from SLUB code kmsan: call KMSAN hooks where needed kmsan: disable instrumentation of certain functions kmsan: unpoison |tlb| in arch_tlb_gather_mmu() kmsan: use __msan_memcpy() where possible. kmsan: unpoisoning buffers from devices etc. kmsan: hooks for copy_to_user() and friends kmsan: disable strscpy() optimization under KMSAN net: kasan: kmsan: support CONFIG_GENERIC_CSUM on x86, enable it for KASAN/KMSAN To: Alexander Potapenko Cc: Alexander Viro Cc: Andrew Morton Cc: Andrey Ryabinin Cc: Andy Lutomirski Cc: Ard Biesheuvel Cc: Arnd Bergmann Cc: Christoph Hellwig Cc: Dmitry Torokhov Cc: Dmitry Vyukov Cc: Eric Dumazet Cc: Eric Van Hensbergen Cc: Greg Kroah-Hartman Cc: Harry Wentland Cc: Herbert Xu Cc: Ingo Molnar Cc: Jens Axboe Cc: Martin K. Petersen Cc: Martin Schwidefsky Cc: "Michael S. Tsirkin" Cc: Michal Simek Cc: Petr Mladek Cc: Sergey Senozhatsky Cc: Steven Rostedt Cc: Takashi Iwai Cc: "Theodore Ts'o" Cc: Thomas Gleixner Cc: Vegard Nossum Cc: Wolfram Sang Cc: Vasily Gorbik Cc: Ilya Leoshkevich Cc: Mark Rutland Cc: Matthew Wilcox Cc: Randy Dunlap Cc: Andrey Konovalov Cc: Marco Elver Cc: linux-mm@kvack.org Documentation/dev-tools/index.rst | 1 + Documentation/dev-tools/kmsan.rst | 418 +++++++++++++++++ Makefile | 3 +- arch/Kconfig | 2 +- arch/x86/Kconfig | 6 + arch/x86/Kconfig.debug | 3 + arch/x86/boot/Makefile | 2 + arch/x86/boot/compressed/Makefile | 2 + arch/x86/boot/compressed/misc.h | 1 + arch/x86/entry/common.c | 1 + arch/x86/entry/entry_64.S | 18 + arch/x86/entry/vdso/Makefile | 3 + arch/x86/include/asm/checksum.h | 10 +- arch/x86/include/asm/irq_regs.h | 1 + arch/x86/include/asm/kmsan.h | 129 ++++++ arch/x86/include/asm/page_64.h | 13 + arch/x86/include/asm/page_64_types.h | 12 +- arch/x86/include/asm/pgtable_64_types.h | 15 + arch/x86/include/asm/string_64.h | 9 +- arch/x86/include/asm/syscall_wrapper.h | 1 + arch/x86/include/asm/uaccess.h | 12 + arch/x86/include/asm/unwind.h | 9 +- arch/x86/kernel/Makefile | 4 + arch/x86/kernel/apic/apic.c | 2 + arch/x86/kernel/cpu/Makefile | 1 + arch/x86/kernel/dumpstack_64.c | 1 + arch/x86/kernel/process_64.c | 5 + arch/x86/kernel/traps.c | 12 +- arch/x86/kernel/uprobes.c | 7 +- arch/x86/lib/Makefile | 2 + arch/x86/mm/Makefile | 2 + arch/x86/mm/fault.c | 20 + arch/x86/mm/ioremap.c | 3 + arch/x86/realmode/rm/Makefile | 2 + block/bio.c | 20 + block/blk.h | 7 + block/partition-generic.c | 9 +- crypto/Kconfig | 26 ++ drivers/char/random.c | 2 + drivers/firmware/efi/libstub/Makefile | 1 + drivers/gpu/drm/amd/display/Kconfig | 2 +- drivers/i2c/i2c-core-base.c | 2 + drivers/input/serio/libps2.c | 6 +- drivers/scsi/scsi_lib.c | 4 + drivers/usb/core/message.c | 6 +- drivers/usb/core/urb.c | 2 + drivers/virtio/virtio_ring.c | 14 + fs/buffer.c | 7 +- include/asm-generic/cacheflush.h | 7 +- include/asm-generic/uaccess.h | 12 +- include/linux/compiler-clang.h | 8 + include/linux/compiler-gcc.h | 5 + include/linux/compiler.h | 15 +- include/linux/dma-mapping.h | 2 + include/linux/gfp.h | 4 +- include/linux/highmem.h | 4 + include/linux/kmsan-checks.h | 121 +++++ include/linux/kmsan.h | 143 ++++++ include/linux/mm_types.h | 9 + include/linux/sched.h | 5 + include/linux/skbuff.h | 5 +- include/linux/stackdepot.h | 10 + include/linux/string.h | 2 + include/linux/uaccess.h | 32 +- init/main.c | 3 + kernel/Makefile | 1 + kernel/exit.c | 2 + kernel/fork.c | 2 + kernel/kthread.c | 2 + kernel/printk/printk.c | 8 +- kernel/profile.c | 1 + kernel/sched/core.c | 11 + kernel/softirq.c | 5 + lib/Kconfig.debug | 5 + lib/Kconfig.kmsan | 22 + lib/Makefile | 2 + lib/ioremap.c | 5 + lib/iov_iter.c | 6 + lib/stackdepot.c | 72 ++- lib/string.c | 5 +- lib/test_kmsan.c | 231 ++++++++++ lib/usercopy.c | 6 +- mm/Makefile | 1 + mm/compaction.c | 9 + mm/filemap.c | 1 + mm/gup.c | 3 + mm/kasan/common.c | 23 - mm/kmsan/Makefile | 4 + mm/kmsan/kmsan.c | 570 ++++++++++++++++++++++++ mm/kmsan/kmsan.h | 149 +++++++ mm/kmsan/kmsan_entry.c | 130 ++++++ mm/kmsan/kmsan_hooks.c | 393 ++++++++++++++++ mm/kmsan/kmsan_init.c | 88 ++++ mm/kmsan/kmsan_instr.c | 259 +++++++++++ mm/kmsan/kmsan_report.c | 133 ++++++ mm/kmsan/kmsan_shadow.c | 543 ++++++++++++++++++++++ mm/kmsan/kmsan_shadow.h | 30 ++ mm/memory.c | 2 + mm/mmu_gather.c | 10 + mm/page_alloc.c | 16 + mm/readahead.c | 6 + mm/slub.c | 37 +- mm/vmalloc.c | 23 +- net/9p/protocol.c | 2 + net/sched/sch_generic.c | 2 + scripts/Makefile.kmsan | 12 + scripts/Makefile.lib | 6 + sound/core/oss/pcm_oss.c | 7 + 108 files changed, 3999 insertions(+), 73 deletions(-) create mode 100644 Documentation/dev-tools/kmsan.rst create mode 100644 arch/x86/include/asm/kmsan.h create mode 100644 include/linux/kmsan-checks.h create mode 100644 include/linux/kmsan.h create mode 100644 lib/Kconfig.kmsan create mode 100644 lib/test_kmsan.c create mode 100644 mm/kmsan/Makefile create mode 100644 mm/kmsan/kmsan.c create mode 100644 mm/kmsan/kmsan.h create mode 100644 mm/kmsan/kmsan_entry.c create mode 100644 mm/kmsan/kmsan_hooks.c create mode 100644 mm/kmsan/kmsan_init.c create mode 100644 mm/kmsan/kmsan_instr.c create mode 100644 mm/kmsan/kmsan_report.c create mode 100644 mm/kmsan/kmsan_shadow.c create mode 100644 mm/kmsan/kmsan_shadow.h create mode 100644 scripts/Makefile.kmsan