From patchwork Thu Jun  9 12:33:19 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Jason A. Donenfeld" <Jason@zx2c4.com>
X-Patchwork-Id: 12875539
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 26894CCA488
	for <linux-mm@archiver.kernel.org>; Thu,  9 Jun 2022 12:33:37 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 692AD8D000F; Thu,  9 Jun 2022 08:33:36 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 641D98D0006; Thu,  9 Jun 2022 08:33:36 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 509B48D000F; Thu,  9 Jun 2022 08:33:36 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com
 [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 434848D0006
	for <linux-mm@kvack.org>; Thu,  9 Jun 2022 08:33:36 -0400 (EDT)
Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay12.hostedemail.com (Postfix) with ESMTP id 0DD64120ADB
	for <linux-mm@kvack.org>; Thu,  9 Jun 2022 12:33:36 +0000 (UTC)
X-FDA: 79558638432.05.3EC1C8F
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by imf28.hostedemail.com (Postfix) with ESMTP id 8DF33C0086
	for <linux-mm@kvack.org>; Thu,  9 Jun 2022 12:33:35 +0000 (UTC)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 6418260BD6;
	Thu,  9 Jun 2022 12:33:34 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D437CC34114;
	Thu,  9 Jun 2022 12:33:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105;
	t=1654778011;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=ZSYQGAKV0NAoJGNwfFuUVE9nqijGNSU8b+ZISJRatmU=;
	b=mPLOVvmmWmr9mOmfK6h7V5tZ1lsne9dp4NUex/mzsDduozgpZSMlnQYBhbRuhsT2QLWGGw
	GnQ87sI3p0ZbD51tjavn4ciJ4ixeyRjYfNQKN+0rrwruYe86mAXBmu39Rq1ckTdX3Ewz60
	uX7Y0TMcy75pHMIr2+Ur+kdU9S1eQds=
Received: 
	by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id b86d10e9
 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
	Thu, 9 Jun 2022 12:33:30 +0000 (UTC)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: linux-mm@kvack.org,
	linux-kernel@vger.kernel.org,
	kasan-dev@googlegroups.com
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	John Ogness <john.ogness@linutronix.de>,
	Alexander Potapenko <glider@google.com>,
	Marco Elver <elver@google.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Geert Uytterhoeven <geert@linux-m68k.org>,
	Geert Uytterhoeven <geert+renesas@glider.be>
Subject: [PATCH v2] mm/kfence: select random number before taking raw lock
Date: Thu,  9 Jun 2022 14:33:19 +0200
Message-Id: <20220609123319.17576-1-Jason@zx2c4.com>
In-Reply-To: 
 <CAHmME9rkQDnsTu-8whevtBa_J6aOKT=gQO7kBAxwWrBgKgcyUQ@mail.gmail.com>
References: 
 <CAHmME9rkQDnsTu-8whevtBa_J6aOKT=gQO7kBAxwWrBgKgcyUQ@mail.gmail.com>
MIME-Version: 1.0
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1654778015;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=ZSYQGAKV0NAoJGNwfFuUVE9nqijGNSU8b+ZISJRatmU=;
	b=LgVvawLGi3LQuc4MzNCFBCeAqdTF/VPPjeoOj2E/HHNTK2TVZWztl5ReMIigCWTOM3hRG1
	YyWr9N9uSiNY9y7N1+toUMaPdQT5z1CYKQJYV7Ne+WBDDnk8UrVMLZq7d+iTfPkxryEVXK
	wCph/sAcR/wn6d8ufTfernqVt3oGtXM=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1654778015; a=rsa-sha256;
	cv=none;
	b=uMAzsPeOGZs5zRjcv16qoAjmGmz5KSDLzvb2brHapzDD6YjjAvwSySxLno3hNJsfHDRD8b
	FA8zulLkl4MJx4ktIlctpL/o5wkjJi8S+fgst3UmkAqGOekxsnwF33O9CV8eqdvdJKp8Z2
	rVpaEiieAJ5/1jJXcPb7JOihjBX4rk0=
ARC-Authentication-Results: i=1;
	imf28.hostedemail.com;
	dkim=pass header.d=zx2c4.com header.s=20210105 header.b=mPLOVvmm;
	dmarc=pass (policy=none) header.from=zx2c4.com;
	spf=pass (imf28.hostedemail.com: domain of
 "SRS0=TG91=WQ=zx2c4.com=Jason@kernel.org" designates 139.178.84.217 as
 permitted sender) smtp.mailfrom="SRS0=TG91=WQ=zx2c4.com=Jason@kernel.org"
X-Rspam-User: 
Authentication-Results: imf28.hostedemail.com;
	dkim=pass header.d=zx2c4.com header.s=20210105 header.b=mPLOVvmm;
	dmarc=pass (policy=none) header.from=zx2c4.com;
	spf=pass (imf28.hostedemail.com: domain of
 "SRS0=TG91=WQ=zx2c4.com=Jason@kernel.org" designates 139.178.84.217 as
 permitted sender) smtp.mailfrom="SRS0=TG91=WQ=zx2c4.com=Jason@kernel.org"
X-Rspamd-Server: rspam03
X-Stat-Signature: obkcnopgkdp441nsyqy99mzgkqx7fy5r
X-Rspamd-Queue-Id: 8DF33C0086
X-HE-Tag: 1654778015-697747
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

The RNG uses vanilla spinlocks, not raw spinlocks, so kfence should pick
its random numbers before taking its raw spinlocks. This also has the
nice effect of doing less work inside the lock. It should fix a splat
that Geert saw with CONFIG_PROVE_RAW_LOCK_NESTING:

     dump_backtrace.part.0+0x98/0xc0
     show_stack+0x14/0x28
     dump_stack_lvl+0xac/0xec
     dump_stack+0x14/0x2c
     __lock_acquire+0x388/0x10a0
     lock_acquire+0x190/0x2c0
     _raw_spin_lock_irqsave+0x6c/0x94
     crng_make_state+0x148/0x1e4
     _get_random_bytes.part.0+0x4c/0xe8
     get_random_u32+0x4c/0x140
     __kfence_alloc+0x460/0x5c4
     kmem_cache_alloc_trace+0x194/0x1dc
     __kthread_create_on_node+0x5c/0x1a8
     kthread_create_on_node+0x58/0x7c
     printk_start_kthread.part.0+0x34/0xa8
     printk_activate_kthreads+0x4c/0x54
     do_one_initcall+0xec/0x278
     kernel_init_freeable+0x11c/0x214
     kernel_init+0x24/0x124
     ret_from_fork+0x10/0x20

Cc: John Ogness <john.ogness@linutronix.de>
Cc: Alexander Potapenko <glider@google.com>
Cc: Marco Elver <elver@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Marco Elver <elver@google.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
---
Changes v1->v2:
- Make the bools const to help compiler elide branch when possible,
  suggested by Marco.

 mm/kfence/core.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/mm/kfence/core.c b/mm/kfence/core.c
index 4e7cd4c8e687..4b5e5a3d3a63 100644
--- a/mm/kfence/core.c
+++ b/mm/kfence/core.c
@@ -360,6 +360,9 @@ static void *kfence_guarded_alloc(struct kmem_cache *cache, size_t size, gfp_t g
 	unsigned long flags;
 	struct slab *slab;
 	void *addr;
+	const bool random_right_allocate = prandom_u32_max(2);
+	const bool random_fault = CONFIG_KFENCE_STRESS_TEST_FAULTS &&
+				  !prandom_u32_max(CONFIG_KFENCE_STRESS_TEST_FAULTS);
 
 	/* Try to obtain a free object. */
 	raw_spin_lock_irqsave(&kfence_freelist_lock, flags);
@@ -404,7 +407,7 @@ static void *kfence_guarded_alloc(struct kmem_cache *cache, size_t size, gfp_t g
 	 * is that the out-of-bounds accesses detected are deterministic for
 	 * such allocations.
 	 */
-	if (prandom_u32_max(2)) {
+	if (random_right_allocate) {
 		/* Allocate on the "right" side, re-calculate address. */
 		meta->addr += PAGE_SIZE - size;
 		meta->addr = ALIGN_DOWN(meta->addr, cache->align);
@@ -444,7 +447,7 @@ static void *kfence_guarded_alloc(struct kmem_cache *cache, size_t size, gfp_t g
 	if (cache->ctor)
 		cache->ctor(addr);
 
-	if (CONFIG_KFENCE_STRESS_TEST_FAULTS && !prandom_u32_max(CONFIG_KFENCE_STRESS_TEST_FAULTS))
+	if (random_fault)
 		kfence_protect(meta->addr); /* Random "faults" by protecting the object. */
 
 	atomic_long_inc(&counters[KFENCE_COUNTER_ALLOCATED]);