From patchwork Mon Sep 5 12:24:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Potapenko X-Patchwork-Id: 12966062 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43BCFECAAD5 for ; Mon, 5 Sep 2022 12:26:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C99B68D0086; Mon, 5 Sep 2022 08:26:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C47ED8D0076; Mon, 5 Sep 2022 08:26:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AE8E48D0086; Mon, 5 Sep 2022 08:26:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 9E84A8D0076 for ; Mon, 5 Sep 2022 08:26:24 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 80252140D4B for ; Mon, 5 Sep 2022 12:26:24 +0000 (UTC) X-FDA: 79877954688.09.1AF858B Received: from mail-ed1-f73.google.com (mail-ed1-f73.google.com [209.85.208.73]) by imf23.hostedemail.com (Postfix) with ESMTP id 24F96140077 for ; Mon, 5 Sep 2022 12:26:23 +0000 (UTC) Received: by mail-ed1-f73.google.com with SMTP id s19-20020a056402521300b00448954f38c9so5719611edd.14 for ; Mon, 05 Sep 2022 05:26:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date; bh=gorYk6QZYQqsbqX3c5FquLgSIgOkVhkBb0FBAlBlnNE=; b=Mky7siHZEB3fEVWYjmYZB5975h3eFuJUOPRaVsIHhDdbe8vWODOkKOcTcIOtvRs3dA Gqdv8LYPv590UyUqvpPeLNRnb58b8H6+CChTPnchb+nHnIy2NVsJiB3QFAsSiBgH+0cz /0fdR0cMX4AUUhYwf7g2N0mru/fhRKm9K8tn96seGrdmb5AbOpnmECrbM5beMI8FHRK4 T81Be6OsaGk3aPk/fjPKtMjltQDKdpeirQzbsGa8Q+gsbhfG4G5DaFhBPL7glFIpPA+l cOWrmQXoJXMdDSc8atI0e+LRoBQH9bVK28k5xmQ5Q8ncHiBZj9Gk5lda2kVWvaRrngdm I5xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date; bh=gorYk6QZYQqsbqX3c5FquLgSIgOkVhkBb0FBAlBlnNE=; b=r8katAnynvqTCNkr8Cousm1TYRyTM4BcKz+WRQQl6YcgHKxJ8qNrkqYgy1KUBPeDA3 J2lv5qN7jRcIDwaz4ABj+mAEyQ8MOY7XZn1kXnvIKEWGfVLMplsTMxCpy7UpVg1QxjnR gMK8o+cWsaaEjx+yUr02KS01eGqtwjfAyFO2sEwptKzsfFp2LivhCAjoGUDcmcesWVLB aevBkY6vIcCWRkxt3iGniSNbRBvrJ9ftnNy/evDkr2tll2KP/t1/qiwhR+nWvP2qE9zd 6l/4MaLMMtgiv/iYOh4wVIEGxCwTAOkXBWrZx6BX5EjdC6ivEw3I4aQLa3cW6B04ichH SpBg== X-Gm-Message-State: ACgBeo04G44/ztBjwhvWFer5L6qEgDMrksneKNfwNXGbOfbvVyGy3er8 tbI53NNRaw+iZdzZLRk/k9MxfP0C4ZY= X-Google-Smtp-Source: AA6agR6VMfYGvTl8597KztYX92eWUsjds97DFXhCN+pqdpQR7nCQFTv/cdSNJsVV5FjbT2j+Bij2pc3hsmw= X-Received: from glider.muc.corp.google.com ([2a00:79e0:9c:201:b808:8d07:ab4a:554c]) (user=glider job=sendgmr) by 2002:a05:6402:17d7:b0:44e:95b0:3741 with SMTP id s23-20020a05640217d700b0044e95b03741mr2597122edy.281.1662380782901; Mon, 05 Sep 2022 05:26:22 -0700 (PDT) Date: Mon, 5 Sep 2022 14:24:39 +0200 In-Reply-To: <20220905122452.2258262-1-glider@google.com> Mime-Version: 1.0 References: <20220905122452.2258262-1-glider@google.com> X-Mailer: git-send-email 2.37.2.789.g6183377224-goog Message-ID: <20220905122452.2258262-32-glider@google.com> Subject: [PATCH v6 31/44] security: kmsan: fix interoperability with auto-initialization From: Alexander Potapenko To: glider@google.com Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Marco Elver , Mark Rutland , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Steven Rostedt , Thomas Gleixner , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1662380784; a=rsa-sha256; cv=none; b=lvGKsMhq3Fm47v9qMYHX/xZdjFoj6B+hYzrOzB29BpSwRmkxi+g0Uc04zP2T5hB77zVlY9 +0rCQspsLFzkvF5xCkPZE3Lvxxn+Rv9WYsZ1jPesArWKcd/F7RN+jzzJpKYQlWiadl+s0O AR1NVe9Imb7XUdJ0wdQ91NCbu/SptFM= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=Mky7siHZ; spf=pass (imf23.hostedemail.com: domain of 37uoVYwYKCDsdifabodlldib.Zljifkru-jjhsXZh.lod@flex--glider.bounces.google.com designates 209.85.208.73 as permitted sender) smtp.mailfrom=37uoVYwYKCDsdifabodlldib.Zljifkru-jjhsXZh.lod@flex--glider.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1662380784; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=gorYk6QZYQqsbqX3c5FquLgSIgOkVhkBb0FBAlBlnNE=; b=UWlIN78Rw+J/PATN8RiDopwPMWd/MLdOAUu9F+lkjEjL33s3i9Q7CCxqAwzeXH0OR9cMLf qQDbbAoIH4KmqmzzVhJLc5B8VToMy5k5ynWNLTsflLSjoJgzMdw/6+GvNPkDjrO9X+OSxv nwxTqDxVH+tbwAbEczUaQrw7RXpzCN0= Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=Mky7siHZ; spf=pass (imf23.hostedemail.com: domain of 37uoVYwYKCDsdifabodlldib.Zljifkru-jjhsXZh.lod@flex--glider.bounces.google.com designates 209.85.208.73 as permitted sender) smtp.mailfrom=37uoVYwYKCDsdifabodlldib.Zljifkru-jjhsXZh.lod@flex--glider.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com X-Rspam-User: X-Rspamd-Server: rspam12 X-Stat-Signature: iwsq6aoy95ydxha9irwe8p4ogadiez1y X-Rspamd-Queue-Id: 24F96140077 X-HE-Tag: 1662380783-101285 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Heap and stack initialization is great, but not when we are trying uses of uninitialized memory. When the kernel is built with KMSAN, having kernel memory initialization enabled may introduce false negatives. We disable CONFIG_INIT_STACK_ALL_PATTERN and CONFIG_INIT_STACK_ALL_ZERO under CONFIG_KMSAN, making it impossible to auto-initialize stack variables in KMSAN builds. We also disable CONFIG_INIT_ON_ALLOC_DEFAULT_ON and CONFIG_INIT_ON_FREE_DEFAULT_ON to prevent accidental use of heap auto-initialization. We however still let the users enable heap auto-initialization at boot-time (by setting init_on_alloc=1 or init_on_free=1), in which case a warning is printed. Signed-off-by: Alexander Potapenko --- Link: https://linux-review.googlesource.com/id/I86608dd867018683a14ae1870f1928ad925f42e9 --- mm/page_alloc.c | 4 ++++ security/Kconfig.hardening | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index b28093e3bb42a..e5eed276ee41d 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -936,6 +936,10 @@ void init_mem_debugging_and_hardening(void) else static_branch_disable(&init_on_free); + if (IS_ENABLED(CONFIG_KMSAN) && + (_init_on_alloc_enabled_early || _init_on_free_enabled_early)) + pr_info("mem auto-init: please make sure init_on_alloc and init_on_free are disabled when running KMSAN\n"); + #ifdef CONFIG_DEBUG_PAGEALLOC if (!debug_pagealloc_enabled()) return; diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index bd2aabb2c60f9..2739a6776454e 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -106,6 +106,7 @@ choice config INIT_STACK_ALL_PATTERN bool "pattern-init everything (strongest)" depends on CC_HAS_AUTO_VAR_INIT_PATTERN + depends on !KMSAN help Initializes everything on the stack (including padding) with a specific debug value. This is intended to eliminate @@ -124,6 +125,7 @@ choice config INIT_STACK_ALL_ZERO bool "zero-init everything (strongest and safest)" depends on CC_HAS_AUTO_VAR_INIT_ZERO + depends on !KMSAN help Initializes everything on the stack (including padding) with a zero value. This is intended to eliminate all @@ -218,6 +220,7 @@ config STACKLEAK_RUNTIME_DISABLE config INIT_ON_ALLOC_DEFAULT_ON bool "Enable heap memory zeroing on allocation by default" + depends on !KMSAN help This has the effect of setting "init_on_alloc=1" on the kernel command line. This can be disabled with "init_on_alloc=0". @@ -230,6 +233,7 @@ config INIT_ON_ALLOC_DEFAULT_ON config INIT_ON_FREE_DEFAULT_ON bool "Enable heap memory zeroing on free by default" + depends on !KMSAN help This has the effect of setting "init_on_free=1" on the kernel command line. This can be disabled with "init_on_free=0".