From patchwork Tue Dec 14 16:20:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Potapenko X-Patchwork-Id: 12676385 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB591C43217 for ; Tue, 14 Dec 2021 16:36:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 522FF6B009C; Tue, 14 Dec 2021 11:23:15 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 483726B009D; Tue, 14 Dec 2021 11:23:15 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2FDA46B009E; Tue, 14 Dec 2021 11:23:15 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0164.hostedemail.com [216.40.44.164]) by kanga.kvack.org (Postfix) with ESMTP id 211D26B009C for ; Tue, 14 Dec 2021 11:23:15 -0500 (EST) Received: from smtpin13.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id DB6AE180E1E20 for ; Tue, 14 Dec 2021 16:23:04 +0000 (UTC) X-FDA: 78916919088.13.E5358AE Received: from mail-ed1-f73.google.com (mail-ed1-f73.google.com [209.85.208.73]) by imf27.hostedemail.com (Postfix) with ESMTP id 230E94001A for ; Tue, 14 Dec 2021 16:23:03 +0000 (UTC) Received: by mail-ed1-f73.google.com with SMTP id t9-20020aa7d709000000b003e83403a5cbso17474755edq.19 for ; Tue, 14 Dec 2021 08:23:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=xZMxa2IZ9PyGSHm3E9nGFaCLmWiCwIuxu82/2O/up20=; b=XR+HPRlPVgp78GgAQuXZH5EQe+yT8LUijF4sCwhvF/Hnl2NqxVTDK9SVnMw66GBEJu 9MJcKFO47mf2RV6dBMSD8MJlu42CJz5Fobu3cWzWHeBIHvHhwEQfcveY7UAMaO3+lbOj 7pGfZC6Hhi0JHaqKHBVS3+baxymCGyDAP/tOyKyVsTFQxZ0jk9GsbnJWM2v+Nvltl9Xl vDDvMPR/OWSerW+7NPfx4TCClYTIbelFjoom9NBRy7ROahI4mxVi+nSTfWE+K/i72AtV 1npD3HLpmFQnKAcdbk/A/Rdy/L4fROYY8r74NOnhZ6NfET6hFBZEqAs8Oiu8SZiJw3tX K+gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=xZMxa2IZ9PyGSHm3E9nGFaCLmWiCwIuxu82/2O/up20=; b=M3BnZHtTCrV/oWoFqotoHESqj9cN3rWzNL+i/IPmxiieZyX/vzgF/+9db4c/Q0tuzv UiPsTxmKysrJBfMavmQ74RrZQYX78A1Is4qrpL8AfiI28u+0mFZjcR9T9Chi0UpEj9QH lWWH4y6dfeRhEyqyyQAZotjgHOjZjAqXgeYgDaQbjLCq5J3E1He6qNd1rwcNdNVQ9c7j a6JcoTC4N5c4VQvU7QH0lw6peiFLDZVrLFraPQjsrEWct/nzf0PNgiaJ3XP1lOXv5FEE 9Ud6e3wLXBBj72i+8zPZ/PFK0VEXheFG8YaUy5Ixlowrb+Eo2Ue+9ykzKZD+8hB+b+Ew /5sQ== X-Gm-Message-State: AOAM530cvVMsUVDA8hQsMtd7OZlhrfOquA+mvD57ZKfW2c86h6l/nLM8 KB0K1sHeamhTBQQQO9ddHLMsbAA/4og= X-Google-Smtp-Source: ABdhPJxDkINsrpRRtIs9J8NAwlws+KUcn4Kx5kT7tsSTkMEEIdTp8/ftKoVvOM/tsE5G/T9PjyGyMQkzT+E= X-Received: from glider.muc.corp.google.com ([2a00:79e0:15:13:357e:2b9d:5b13:a652]) (user=glider job=sendgmr) by 2002:a17:906:9459:: with SMTP id z25mr6688322ejx.331.1639498982009; Tue, 14 Dec 2021 08:23:02 -0800 (PST) Date: Tue, 14 Dec 2021 17:20:32 +0100 In-Reply-To: <20211214162050.660953-1-glider@google.com> Message-Id: <20211214162050.660953-26-glider@google.com> Mime-Version: 1.0 References: <20211214162050.660953-1-glider@google.com> X-Mailer: git-send-email 2.34.1.173.g76aa8bc2d0-goog Subject: [PATCH 25/43] kmsan: skip shadow checks in files doing context switches From: Alexander Potapenko To: glider@google.com Cc: Alexander Viro , Andrew Morton , Andrey Konovalov , Andy Lutomirski , Ard Biesheuvel , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Marco Elver , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Steven Rostedt , Thomas Gleixner , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org X-Rspamd-Queue-Id: 230E94001A X-Stat-Signature: arzirdyn14rq9gzwfnpt58uqexwwqha8 Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=XR+HPRlP; spf=pass (imf27.hostedemail.com: domain of 35sS4YQYKCGcLQNIJWLTTLQJ.HTRQNSZc-RRPaFHP.TWL@flex--glider.bounces.google.com designates 209.85.208.73 as permitted sender) smtp.mailfrom=35sS4YQYKCGcLQNIJWLTTLQJ.HTRQNSZc-RRPaFHP.TWL@flex--glider.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com X-Rspamd-Server: rspam10 X-HE-Tag: 1639498983-247633 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When instrumenting functions, KMSAN obtains the per-task state (mostly pointers to metadata for function arguments and return values) once per function at its beginning. If a function performs a context switch, instrumented code won't notice that, and will still refer to the old state, possibly corrupting it or using stale data. This may result in false positive reports. To deal with that, we need to apply __no_kmsan_checks to the functions performing context switching - this will result in skipping all KMSAN shadow checks and marking newly created values as initialized, preventing all false positive reports in those functions. False negatives are still possible, but we expect them to be rare and impersistent. To improve maintainability, we choose to apply __no_kmsan_checks not just to a handful of functions, but to the whole files that may perform context switching - this is done via KMSAN_ENABLE_CHECKS:=n. This decision can be reconsidered in the future, when KMSAN won't need so much attention. Suggested-by: Marco Elver Signed-off-by: Alexander Potapenko --- Link: https://linux-review.googlesource.com/id/Id40563d36792b4482534c9a0134965d77a5581fa --- arch/x86/kernel/Makefile | 4 ++++ kernel/sched/Makefile | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 0b9fc3ecce2de..308d4d0323263 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -38,6 +38,10 @@ KCSAN_SANITIZE := n KMSAN_SANITIZE_head$(BITS).o := n KMSAN_SANITIZE_nmi.o := n +# Some functions in process_64.c perform context switching. +# Apply __no_kmsan_checks to the whole file to avoid false positives. +KMSAN_ENABLE_CHECKS_process_64.o := n + OBJECT_FILES_NON_STANDARD_test_nx.o := y ifdef CONFIG_FRAME_POINTER diff --git a/kernel/sched/Makefile b/kernel/sched/Makefile index c7421f2d05e15..d9bf8223a064a 100644 --- a/kernel/sched/Makefile +++ b/kernel/sched/Makefile @@ -17,6 +17,10 @@ KCOV_INSTRUMENT := n # eventually. KCSAN_SANITIZE := n +# Some functions in core.c perform context switching. Apply __no_kmsan_checks +# to the whole file to avoid false positives. +KMSAN_ENABLE_CHECKS_core.o := n + ifneq ($(CONFIG_SCHED_OMIT_FRAME_POINTER),y) # According to Alan Modra , the -fno-omit-frame-pointer is # needed for x86 only. Why this used to be enabled for all architectures is beyond