| Message ID | 20230306111322.205724-1-glider@google.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp1780864wrd;
Mon, 6 Mar 2023 03:23:39 -0800 (PST)
X-Google-Smtp-Source:
AK7set+jAKCEK7t4UQUs1loaUBhs1RmenrGAko/2inYAmV/FJmzA1KBczvKYtP86rfm+J7veTaa2
X-Received: by 2002:a17:907:a602:b0:8ae:e82a:3230 with SMTP id
vt2-20020a170907a60200b008aee82a3230mr10489465ejc.70.1678101819196;
Mon, 06 Mar 2023 03:23:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1678101819; cv=none;
d=google.com; s=arc-20160816;
b=Iu7FITZgakJYWHy8UVb4yrbUnHRxZ/ZwwBodeYoYB7C+MqpYOXX8/hMuG4YaoXIg4w
mZLL0WyOXut40gxeZvVIjBSEvPrQtI9UR+ZG+pN5hQOXVJWv4gG77F/NQLTooJX3GeUa
BDfCyvWYMfI0GQ+C7TYtGpmihR+fSfHlZGrwfziToPc0c/p+HL1nF683AeaEsXFdf9fL
7utl/iVTAG6KpICH4mi/QCetwQUM5MLVlnyVtc+c4TGghy/uKPRbc6DifUBQZOi6KnBa
9PPQgSqdImb6d6FE8oJCboeDsEIY5+Rmx8plXvqqEcn+2wR549/H41CbXtQYXNP4yM/N
4fjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date
:dkim-signature;
bh=1YDcalZhdE7jkjuSChjdb8BwAiaOVabLcoERtRrllCw=;
b=g0VaSM3V0Ba+uYqkz05SGhQvHor5hvEhlTN7lHUAhpDcjG9YZmpiEWvGGoz8vewEDd
ruAdD/s9zjEC/ogLpn3/jGIidfQsGb3Q0P/WfPze7k6AGkhSBYj6mAgFABBP8Q4zY39V
kQLFONYToL9YqP/xgMlibAJlFUiqKVz/mlLeicsZB5L6SVMwE2HGieU1yHM7GIO91BsN
EAYNVVsH5D/Yv4S4xOY0lvGKISKnHGXhJVHX1NvZwRUOEj7nChPouGTLlVmtApDwGvmd
gu50PG829wtrLIgcCJ0J0AsTC3SuT1ssdmCbygEfxzRVT1DC1Bu0SENleFenC6J2cU4s
BJrw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=GQwsOOCw;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
j11-20020a50ed0b000000b004c1de7910b0si10205728eds.130.2023.03.06.03.23.13;
Mon, 06 Mar 2023 03:23:39 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=GQwsOOCw;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229844AbjCFLOK (ORCPT <rfc822;toshivichauhan@gmail.com>
+ 99 others); Mon, 6 Mar 2023 06:14:10 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58734 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230156AbjCFLNy (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 6 Mar 2023 06:13:54 -0500
Received: from mail-ed1-x549.google.com (mail-ed1-x549.google.com
[IPv6:2a00:1450:4864:20::549])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 01CB81F5D5
for <linux-kernel@vger.kernel.org>;
Mon, 6 Mar 2023 03:13:29 -0800 (PST)
Received: by mail-ed1-x549.google.com with SMTP id
b7-20020a056402350700b004d2a3d5cd3fso8112498edd.8
for <linux-kernel@vger.kernel.org>;
Mon, 06 Mar 2023 03:13:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112; t=1678101206;
h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
:date:message-id:reply-to;
bh=1YDcalZhdE7jkjuSChjdb8BwAiaOVabLcoERtRrllCw=;
b=GQwsOOCwt1r07r7xKoYaCxR+u6XnS4orZ/5XRefQQxUFaCbyY2q5e5ZsvfxrpiDk9b
SrwfsLoY5AOl6cH4+pIVBvvhMqLtXqfcy8LnJd9LtbA2puKgHz3XhwV1m7uKOrmoNcNZ
hlyU8r2pyRGzu9SodZfYSbjLIs3eumpGUHxxGs8nswjvWh3ypHGXOhXmf3Z5y6t1yOHB
PTUpGiRLo6SLlJ2eRtuMJJ71s3LG+L1Kf4lQq8GLOrUWsBFN7Z2GeK1vc6pd+PR5FSOz
of5RXfO0kfqI0FEwSmJNakpzkIV4EY5XB1gC9vzImzS4WsgaqVPUR1M2jpo5c9uPmEJv
OH/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112; t=1678101206;
h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=1YDcalZhdE7jkjuSChjdb8BwAiaOVabLcoERtRrllCw=;
b=lOiiwi1P7anCUDzimljItuCCtcGWj5N5TP/dsQ9dkXofVbp3MFru5Z8lkvuDdS1+ah
fpwnJgv8B7rEjLuYyXwYRT3U4wuAUVL/TTvIyIiYc21ahjibQ2DcJ732Czf1dmYGo5Ly
9pviYCB9cRvN1GbZqinaOyZ2y85yDT6i8TzZ/pBv9M7OTQwrKgHvWOWu20ozOLclC5Vo
kGpKF+OWB2QKPPRXWz8ve4fQMlH1DGc1IilzRVy67kR8iWMNzwKEv41MTHpiGZTJS9NO
PZJAQR5EX2x5+2+FzHf7lEDD+8a7TEKOMm1Dn9fvtPtz5fp6YlKrWv6tD6faNNlv+e9W
6y2Q==
X-Gm-Message-State: AO0yUKUc5Gp4zP2SZ8HZQxl4l0x/pvUKs5SSJjWj7kT5M31+ETCNVxCp
/RCdWcHNTQaPk3Z18EIXnIWM0nJ1cq0=
X-Received: from glider.muc.corp.google.com
([2a00:79e0:9c:201:b93a:5d85:6f2c:517d])
(user=glider job=sendgmr) by 2002:a17:906:ce38:b0:8b1:30da:b585 with SMTP id
sd24-20020a170906ce3800b008b130dab585mr4991214ejb.6.1678101206445; Mon, 06
Mar 2023 03:13:26 -0800 (PST)
Date: Mon, 6 Mar 2023 12:13:21 +0100
Mime-Version: 1.0
X-Mailer: git-send-email 2.40.0.rc0.216.gc4246ad0f0-goog
Message-ID: <20230306111322.205724-1-glider@google.com>
Subject: [PATCH 1/2] lib/stackdepot: kmsan: mark API outputs as initialized
From: Alexander Potapenko <glider@google.com>
To: glider@google.com
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
akpm@linux-foundation.org, elver@google.com, dvyukov@google.com,
kasan-dev@googlegroups.com, Andrey Konovalov <andreyknvl@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1759617293278554388?=
X-GMAIL-MSGID: =?utf-8?q?1759617293278554388?=
|
| Series |
[1/2] lib/stackdepot: kmsan: mark API outputs as initialized
|
|
Commit Message
Alexander Potapenko
March 6, 2023, 11:13 a.m. UTC
KMSAN does not instrument stackdepot and may treat memory allocated by
it as uninitialized. This is not a problem for KMSAN itself, because its
functions calling stackdepot API are also not instrumented.
But other kernel features (e.g. netdev tracker) may access stack depot
from instrumented code, which will lead to false positives, unless we
explicitly mark stackdepot outputs as initialized.
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Marco Elver <elver@google.com>
Suggested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
---
lib/stackdepot.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
Comments
On Mon, 6 Mar 2023 at 12:13, Alexander Potapenko <glider@google.com> wrote: > > KMSAN does not instrument stackdepot and may treat memory allocated by > it as uninitialized. This is not a problem for KMSAN itself, because its > functions calling stackdepot API are also not instrumented. > But other kernel features (e.g. netdev tracker) may access stack depot > from instrumented code, which will lead to false positives, unless we > explicitly mark stackdepot outputs as initialized. > > Cc: Andrey Konovalov <andreyknvl@gmail.com> > Cc: Marco Elver <elver@google.com> > Suggested-by: Dmitry Vyukov <dvyukov@google.com> > Signed-off-by: Alexander Potapenko <glider@google.com> Add: Reported-by: syzbot <syzkaller@googlegroups.com> Otherwise: Reviewed-by: Dmitry Vyukov <dvyukov@google.com> > --- > lib/stackdepot.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/lib/stackdepot.c b/lib/stackdepot.c > index 036da8e295d19..2f5aa851834eb 100644 > --- a/lib/stackdepot.c > +++ b/lib/stackdepot.c > @@ -17,6 +17,7 @@ > #include <linux/gfp.h> > #include <linux/jhash.h> > #include <linux/kernel.h> > +#include <linux/kmsan.h> > #include <linux/mm.h> > #include <linux/mutex.h> > #include <linux/percpu.h> > @@ -306,6 +307,11 @@ depot_alloc_stack(unsigned long *entries, int size, u32 hash, void **prealloc) > stack->handle.extra = 0; > memcpy(stack->entries, entries, flex_array_size(stack, entries, size)); > pool_offset += required_size; > + /* > + * Let KMSAN know the stored stack record is initialized. This shall > + * prevent false positive reports if instrumented code accesses it. > + */ > + kmsan_unpoison_memory(stack, required_size); > > return stack; > } > @@ -465,6 +471,12 @@ unsigned int stack_depot_fetch(depot_stack_handle_t handle, > struct stack_record *stack; > > *entries = NULL; > + /* > + * Let KMSAN know *entries is initialized. This shall prevent false > + * positive reports if instrumented code accesses it. > + */ > + kmsan_unpoison_memory(entries, sizeof(*entries)); > + > if (!handle) > return 0; > > -- > 2.40.0.rc0.216.gc4246ad0f0-goog >
On Mon, Mar 6, 2023 at 12:13 PM Alexander Potapenko <glider@google.com> wrote: > > KMSAN does not instrument stackdepot and may treat memory allocated by > it as uninitialized. This is not a problem for KMSAN itself, because its > functions calling stackdepot API are also not instrumented. > But other kernel features (e.g. netdev tracker) may access stack depot > from instrumented code, which will lead to false positives, unless we > explicitly mark stackdepot outputs as initialized. > > Cc: Andrey Konovalov <andreyknvl@gmail.com> > Cc: Marco Elver <elver@google.com> > Suggested-by: Dmitry Vyukov <dvyukov@google.com> > Signed-off-by: Alexander Potapenko <glider@google.com> > --- > lib/stackdepot.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/lib/stackdepot.c b/lib/stackdepot.c > index 036da8e295d19..2f5aa851834eb 100644 > --- a/lib/stackdepot.c > +++ b/lib/stackdepot.c > @@ -17,6 +17,7 @@ > #include <linux/gfp.h> > #include <linux/jhash.h> > #include <linux/kernel.h> > +#include <linux/kmsan.h> > #include <linux/mm.h> > #include <linux/mutex.h> > #include <linux/percpu.h> > @@ -306,6 +307,11 @@ depot_alloc_stack(unsigned long *entries, int size, u32 hash, void **prealloc) > stack->handle.extra = 0; > memcpy(stack->entries, entries, flex_array_size(stack, entries, size)); > pool_offset += required_size; > + /* > + * Let KMSAN know the stored stack record is initialized. This shall > + * prevent false positive reports if instrumented code accesses it. > + */ > + kmsan_unpoison_memory(stack, required_size); > > return stack; > } > @@ -465,6 +471,12 @@ unsigned int stack_depot_fetch(depot_stack_handle_t handle, > struct stack_record *stack; > > *entries = NULL; > + /* > + * Let KMSAN know *entries is initialized. This shall prevent false > + * positive reports if instrumented code accesses it. > + */ > + kmsan_unpoison_memory(entries, sizeof(*entries)); > + > if (!handle) > return 0; > > -- > 2.40.0.rc0.216.gc4246ad0f0-goog > Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
diff --git a/lib/stackdepot.c b/lib/stackdepot.c index 036da8e295d19..2f5aa851834eb 100644 --- a/lib/stackdepot.c +++ b/lib/stackdepot.c @@ -17,6 +17,7 @@ #include <linux/gfp.h> #include <linux/jhash.h> #include <linux/kernel.h> +#include <linux/kmsan.h> #include <linux/mm.h> #include <linux/mutex.h> #include <linux/percpu.h> @@ -306,6 +307,11 @@ depot_alloc_stack(unsigned long *entries, int size, u32 hash, void **prealloc) stack->handle.extra = 0; memcpy(stack->entries, entries, flex_array_size(stack, entries, size)); pool_offset += required_size; + /* + * Let KMSAN know the stored stack record is initialized. This shall + * prevent false positive reports if instrumented code accesses it. + */ + kmsan_unpoison_memory(stack, required_size); return stack; } @@ -465,6 +471,12 @@ unsigned int stack_depot_fetch(depot_stack_handle_t handle, struct stack_record *stack; *entries = NULL; + /* + * Let KMSAN know *entries is initialized. This shall prevent false + * positive reports if instrumented code accesses it. + */ + kmsan_unpoison_memory(entries, sizeof(*entries)); + if (!handle) return 0;