[33/43] kmsan: disable physical page merging in biovec

Message ID	20211214162050.660953-34-glider@google.com (mailing list archive)
State	New
Headers	show Return-Path: <owner-linux-mm@kvack.org> Date: Tue, 14 Dec 2021 17:20:40 +0100 In-Reply-To: <20211214162050.660953-1-glider@google.com> Message-Id: <20211214162050.660953-34-glider@google.com> Mime-Version: 1.0 References: <20211214162050.660953-1-glider@google.com> Subject: [PATCH 33/43] kmsan: disable physical page merging in biovec From: Alexander Potapenko <glider@google.com> To: glider@google.com Cc: Alexander Viro <viro@zeniv.linux.org.uk>, Andrew Morton <akpm@linux-foundation.org>, Andrey Konovalov <andreyknvl@google.com>, Andy Lutomirski <luto@kernel.org>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, Arnd Bergmann <arnd@arndb.de>, Borislav Petkov <bp@alien8.de>, Christoph Hellwig <hch@lst.de>, Christoph Lameter <cl@linux.com>, David Rientjes <rientjes@google.com>, Dmitry Vyukov <dvyukov@google.com>, Eric Dumazet <edumazet@google.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Herbert Xu <herbert@gondor.apana.org.au>, Ilya Leoshkevich <iii@linux.ibm.com>, Ingo Molnar <mingo@redhat.com>, Jens Axboe <axboe@kernel.dk>, Joonsoo Kim <iamjoonsoo.kim@lge.com>, Kees Cook <keescook@chromium.org>, Marco Elver <elver@google.com>, Matthew Wilcox <willy@infradead.org>, "Michael S. Tsirkin" <mst@redhat.com>, Pekka Enberg <penberg@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Petr Mladek <pmladek@suse.com>, Steven Rostedt <rostedt@goodmis.org>, Thomas Gleixner <tglx@linutronix.de>, Vasily Gorbik <gor@linux.ibm.com>, Vegard Nossum <vegard.nossum@oracle.com>, Vlastimil Babka <vbabka@suse.cz>, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	Add KernelMemorySanitizer infrastructure \| expand [00/43] Add KernelMemorySanitizer infrastructure [01/43] arch/x86: add missing include to sparsemem.h [02/43] stackdepot: reserve 5 extra bits in depot_stack_handle_t [03/43] kasan: common: adapt to the new prototype of __stack_depot_save() [04/43] instrumented.h: allow instrumenting both sides of copy_from_user() [05/43] asm: x86: instrument usercopy in get_user() and __put_user_size() [06/43] asm-generic: instrument usercopy in cacheflush.h [07/43] compiler_attributes.h: add __disable_sanitizer_instrumentation [08/43] kmsan: add ReST documentation [09/43] kmsan: introduce __no_sanitize_memory and __no_kmsan_checks [10/43] kmsan: pgtable: reduce vmalloc space [11/43] libnvdimm/pfn_dev: increase MAX_STRUCT_PAGE_SIZE [12/43] kcsan: clang: retire CONFIG_KCSAN_KCOV_BROKEN [13/43] kmsan: add KMSAN runtime core [14/43] MAINTAINERS: add entry for KMSAN [15/43] kmsan: mm: maintain KMSAN metadata for page operations [16/43] kmsan: mm: call KMSAN hooks from SLUB code [17/43] kmsan: handle task creation and exiting [18/43] kmsan: unpoison @tlb in arch_tlb_gather_mmu() [19/43] kmsan: init: call KMSAN initialization routines [20/43] instrumented.h: add KMSAN support [21/43] kmsan: mark noinstr as __no_sanitize_memory [22/43] kmsan: initialize the output of READ_ONCE_NOCHECK() [23/43] kmsan: make READ_ONCE_TASK_STACK() return initialized values [24/43] kmsan: disable KMSAN instrumentation for certain kernel parts [25/43] kmsan: skip shadow checks in files doing context switches [26/43] kmsan: virtio: check/unpoison scatterlist in vring_map_one_sg() [27/43] x86: kmsan: add iomem support [28/43] kmsan: dma: unpoison DMA mappings [29/43] kmsan: handle memory sent to/from USB [30/43] kmsan: add tests for KMSAN [31/43] kmsan: disable strscpy() optimization under KMSAN [32/43] crypto: kmsan: disable accelerated configs under KMSAN [33/43] kmsan: disable physical page merging in biovec [34/43] kmsan: block: skip bio block merging logic for KMSAN [35/43] x86: kmsan: use __msan_ string functions where possible. [36/43] x86: kmsan: sync metadata pages on page fault [37/43] x86: kasan: kmsan: support CONFIG_GENERIC_CSUM on x86, enable it for KASAN/KMSAN [38/43] x86: fs: kmsan: disable CONFIG_DCACHE_WORD_ACCESS [39/43] x86: kmsan: handle register passing from uninstrumented code [40/43] kmsan: kcov: unpoison area->list in kcov_remote_area_put() [41/43] security: kmsan: fix interoperability with auto-initialization [42/43] objtool: kmsan: list KMSAN API functions as uaccess-safe [43/43] x86: kmsan: enable KMSAN builds for x86

Message ID

20211214162050.660953-34-glider@google.com (mailing list archive)

State

New

Headers

Date: Tue, 14 Dec 2021 17:20:40 +0100
In-Reply-To: <20211214162050.660953-1-glider@google.com>
Message-Id: <20211214162050.660953-34-glider@google.com>
Mime-Version: 1.0
References: <20211214162050.660953-1-glider@google.com>
Subject: [PATCH 33/43] kmsan: disable physical page merging in biovec
From: Alexander Potapenko <glider@google.com>
To: glider@google.com
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
 Andrew Morton <akpm@linux-foundation.org>,
	Andrey Konovalov <andreyknvl@google.com>, Andy Lutomirski <luto@kernel.org>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>, Arnd Bergmann <arnd@arndb.de>,
	Borislav Petkov <bp@alien8.de>, Christoph Hellwig <hch@lst.de>,
 Christoph Lameter <cl@linux.com>,
	David Rientjes <rientjes@google.com>, Dmitry Vyukov <dvyukov@google.com>,
	Eric Dumazet <edumazet@google.com>,
 Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Herbert Xu <herbert@gondor.apana.org.au>,
 Ilya Leoshkevich <iii@linux.ibm.com>,
	Ingo Molnar <mingo@redhat.com>, Jens Axboe <axboe@kernel.dk>,
 Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Kees Cook <keescook@chromium.org>, Marco Elver <elver@google.com>,
	Matthew Wilcox <willy@infradead.org>, "Michael S. Tsirkin" <mst@redhat.com>,
 Pekka Enberg <penberg@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>, Petr Mladek <pmladek@suse.com>,
	Steven Rostedt <rostedt@goodmis.org>, Thomas Gleixner <tglx@linutronix.de>,
	Vasily Gorbik <gor@linux.ibm.com>, Vegard Nossum <vegard.nossum@oracle.com>,
	Vlastimil Babka <vbabka@suse.cz>, linux-mm@kvack.org,
 linux-arch@vger.kernel.org,
	linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

Add KernelMemorySanitizer infrastructure | expand

Commit Message

Alexander Potapenko Dec. 14, 2021, 4:20 p.m. UTC

KMSAN metadata for consequent physical pages may be inconsequent,
therefore accessing such pages together may lead to metadata
corruption.
We disable merging pages in biovec to prevent such corruptions.

Signed-off-by: Alexander Potapenko <glider@google.com>
---

Link: https://linux-review.googlesource.com/id/Iece16041be5ee47904fbc98121b105e5be5fea5c
---
 block/blk.h | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Mark Rutland Dec. 15, 2021, 2:17 p.m. UTC | #1

On Tue, Dec 14, 2021 at 05:20:40PM +0100, Alexander Potapenko wrote:
> KMSAN metadata for consequent physical pages may be inconsequent,

I think you mean 'adjacent'/ rather than 'consequent' here, i.e.

| KMSAN metadata for adjacent physical pages may not be adjacent

> therefore accessing such pages together may lead to metadata
> corruption.
> We disable merging pages in biovec to prevent such corruptions.
> 
> Signed-off-by: Alexander Potapenko <glider@google.com>
> ---
> 
> Link: https://linux-review.googlesource.com/id/Iece16041be5ee47904fbc98121b105e5be5fea5c
> ---
>  block/blk.h | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/block/blk.h b/block/blk.h
> index ccde6e6f17360..e0c62a5d5639e 100644
> --- a/block/blk.h
> +++ b/block/blk.h
> @@ -103,6 +103,13 @@ static inline bool biovec_phys_mergeable(struct request_queue *q,
>  	phys_addr_t addr1 = page_to_phys(vec1->bv_page) + vec1->bv_offset;
>  	phys_addr_t addr2 = page_to_phys(vec2->bv_page) + vec2->bv_offset;
>  
> +	/*
> +	 * Merging consequent physical pages may not work correctly under KMSAN
> +	 * if their metadata pages aren't consequent. Just disable merging.
> +	 */

Likewise here.

Mark.

> +	if (IS_ENABLED(CONFIG_KMSAN))
> +		return false;
> +
>  	if (addr1 + vec1->bv_len != addr2)
>  		return false;
>  	if (xen_domain() && !xen_biovec_phys_mergeable(vec1, vec2->bv_page))
> -- 
> 2.34.1.173.g76aa8bc2d0-goog
>

Alexander Potapenko Dec. 15, 2021, 4:30 p.m. UTC | #2

On Wed, Dec 15, 2021 at 3:17 PM Mark Rutland <mark.rutland@arm.com> wrote:
>
> On Tue, Dec 14, 2021 at 05:20:40PM +0100, Alexander Potapenko wrote:
> > KMSAN metadata for consequent physical pages may be inconsequent,
>
> I think you mean 'adjacent'/ rather than 'consequent' here, i.e.
Correct, thank you!

> > +     /*
> > +      * Merging consequent physical pages may not work correctly under KMSAN
> > +      * if their metadata pages aren't consequent. Just disable merging.
> > +      */
>
> Likewise here.
Ack.

diff --git a/block/blk.h b/block/blk.h
index ccde6e6f17360..e0c62a5d5639e 100644
--- a/block/blk.h
+++ b/block/blk.h
@@ -103,6 +103,13 @@  static inline bool biovec_phys_mergeable(struct request_queue *q,
 	phys_addr_t addr1 = page_to_phys(vec1->bv_page) + vec1->bv_offset;
 	phys_addr_t addr2 = page_to_phys(vec2->bv_page) + vec2->bv_offset;
 
+	/*
+	 * Merging consequent physical pages may not work correctly under KMSAN
+	 * if their metadata pages aren't consequent. Just disable merging.
+	 */
+	if (IS_ENABLED(CONFIG_KMSAN))
+		return false;
+
 	if (addr1 + vec1->bv_len != addr2)
 		return false;
 	if (xen_domain() && !xen_biovec_phys_mergeable(vec1, vec2->bv_page))

[33/43] kmsan: disable physical page merging in biovec

Commit Message

Comments

Patch