Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp6072666ybi; Wed, 29 May 2019 02:23:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqzm1BYLNsa1A0lXZ7e/hUA/a84OePT+7HS1xnTIUTu1Z8iFCPAWtJWDRIdkO+Z0DmF5ZM2R X-Received: by 2002:a17:902:b402:: with SMTP id x2mr24944750plr.128.1559121811143; Wed, 29 May 2019 02:23:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559121811; cv=none; d=google.com; s=arc-20160816; b=i5kYtZbhmdesJPIA7DhPcgo9Vsu8T9WYww35Wcoapp7dUK53LptBKmM1Osysx+X+ua yTlVJuYenq7bQ3kmDC45aAZg8toW6V1ytbsNXYjDPWTB7YXUy6aauUlnNwchRYOp16lA 73ojpArtEwjGCWvvXCSTw2CK3fXoBx7XmSuCuV/ZVi2z5GafXlR9SHQ8cpX8g5d1f0/A wOcWsa4G1dR2TMkqB0YoGDesb9CzTR9onmQY/DT0/vqmN8wSPEdOBBER+j7nikTr1ywr +VsVg5caMTOtLyPnVyHPXYUWuoINZN7sK99UvIjk+5PKKH89G2iPquyl5f8kSLSnsxeu pi1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=tOlYVVLvf1bFW7DEqIy65vvXcvlYUsyO7Mq7IqL0SoQ=; b=RHs7NvbcnRNJJtkklaJfIUqk0JzjQHqP+BwrvOxElbS/znNdMpF40YUlFHjYYrDgGj u9zc8ZJctjdIaLvxqf1pTDTNhWgyZxF28aiViNXsmnpmtwLz9VElUraE2raaakqzFuVz NEGDKNBT/KYSo/wA6X8dhtXCwp5SCutkO5+KWK5ozlLaEOspG+RL+QGqppOytLaq0aKY X/oO32jzaOed8OUuokd2DRrhGx823ZZeODnxBVV9M5Z515odbDc4qlc4lsgr7lNRBMm8 8KiN22fG6gel1cBa8SLWR1LvoCjSBBoz2/4lSSp4N/1mwML2C6+74aKF93+C5Lk3DLFb 1uQw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=QQZVTGNC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h21si24231455pgv.266.2019.05.29.02.23.14; Wed, 29 May 2019 02:23:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=QQZVTGNC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726747AbfE2JUa (ORCPT + 99 others); Wed, 29 May 2019 05:20:30 -0400 Received: from mail-ot1-f67.google.com ([209.85.210.67]:37354 "EHLO mail-ot1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726008AbfE2JU3 (ORCPT ); Wed, 29 May 2019 05:20:29 -0400 Received: by mail-ot1-f67.google.com with SMTP id r10so1323222otd.4 for ; Wed, 29 May 2019 02:20:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tOlYVVLvf1bFW7DEqIy65vvXcvlYUsyO7Mq7IqL0SoQ=; b=QQZVTGNCg3LioVwsXAFHwhg2CoTZJaD4RO2ICM7XB4FazwBQnOUAkd0k7haRz4Vtoa N9bMaDJ//2/wBo+8QMhJKKs/OOsDRgE/4zCnH3bDVEYM55a6t/XuV5Vf9P+vPH8zCRiD LLTEv9TrSkxF/Fsht32uuFrlbQnUMuS52I7vT385+XUNEUmbs/Aj/WgVxdzPy+HX1IUQ 2D9rSBv8i3As2qGZdLneX32AU6lpqJNU4ZFNnkNfb4c+TYwzMtXaqv/VEA8Vlonr7jMY C/mCazc7hKNsmc6QRqqr3PKyRV3CqD/HK6SABQr+EFlPNw9v0zq0LZaC9TEZVU2eFGoK pLyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tOlYVVLvf1bFW7DEqIy65vvXcvlYUsyO7Mq7IqL0SoQ=; b=GFiiuC//cOMzG2azHNc4vGHqulib7VGCNZKeu/YILPOWw8XsDQ2BmB3ZsJgAri5w66 w9B9nIgR7x6DB2X/Fo5ZwYPDQmM9AJbyARfiexzB1wUBuJkfARftxzila7/17XSNMOEZ vRTNcOKJmQDafso8qMMQszfSSWYjo/+jPU+YvTbXa/IDI4uGRfFtVDqvWUA5YcSHRave Ixe0ftVUIMJTg7n5ugqdbO4YFjYqOMBPKba1cSQAvJSdqnmKfd662sE+IWoXIp8f03ot Dv+S4AjTPfWXnPsmTmmNZKmzLWGTtv0hSh9CB9gxpSIXw/A2JtV4GujMF3etoTyBMNU5 BiRA== X-Gm-Message-State: APjAAAUBmyeCytaO19NVIhP7BwHJcHM0iT+ZPrP41T6SNrHWpuhpbWQG 7M4YRX+IKY9eJSI+S4jjN5bSYqNBdNYYrQPYyqGzFA== X-Received: by 2002:a9d:6f8a:: with SMTP id h10mr28904206otq.2.1559121628572; Wed, 29 May 2019 02:20:28 -0700 (PDT) MIME-Version: 1.0 References: <20190528163258.260144-1-elver@google.com> <20190528163258.260144-3-elver@google.com> <20190528165036.GC28492@lakrids.cambridge.arm.com> In-Reply-To: From: Marco Elver Date: Wed, 29 May 2019 11:20:17 +0200 Message-ID: Subject: Re: [PATCH 3/3] asm-generic, x86: Add bitops instrumentation for KASAN To: Dmitry Vyukov Cc: Mark Rutland , Peter Zijlstra , Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , "the arch/x86 maintainers" , Arnd Bergmann , Josh Poimboeuf , "open list:DOCUMENTATION" , LKML , linux-arch , kasan-dev Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 29 May 2019 at 10:53, Dmitry Vyukov wrote: > > On Tue, May 28, 2019 at 6:50 PM Mark Rutland wrote: > > > > On Tue, May 28, 2019 at 06:32:58PM +0200, Marco Elver wrote: > > > This adds a new header to asm-generic to allow optionally instrumenting > > > architecture-specific asm implementations of bitops. > > > > > > This change includes the required change for x86 as reference and > > > changes the kernel API doc to point to bitops-instrumented.h instead. > > > Rationale: the functions in x86's bitops.h are no longer the kernel API > > > functions, but instead the arch_ prefixed functions, which are then > > > instrumented via bitops-instrumented.h. > > > > > > Other architectures can similarly add support for asm implementations of > > > bitops. > > > > > > The documentation text has been copied/moved, and *no* changes to it > > > have been made in this patch. > > > > > > Tested: using lib/test_kasan with bitops tests (pre-requisite patch). > > > > > > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=198439 > > > Signed-off-by: Marco Elver > > > --- > > > Documentation/core-api/kernel-api.rst | 2 +- > > > arch/x86/include/asm/bitops.h | 210 ++++---------- > > > include/asm-generic/bitops-instrumented.h | 327 ++++++++++++++++++++++ > > > 3 files changed, 380 insertions(+), 159 deletions(-) > > > create mode 100644 include/asm-generic/bitops-instrumented.h > > > > [...] > > > > > +#if !defined(BITOPS_INSTRUMENT_RANGE) > > > +/* > > > + * This may be defined by an arch's bitops.h, in case bitops do not operate on > > > + * single bytes only. The default version here is conservative and assumes that > > > + * bitops operate only on the byte with the target bit. > > > + */ > > > +#define BITOPS_INSTRUMENT_RANGE(addr, nr) \ > > > + (const volatile char *)(addr) + ((nr) / BITS_PER_BYTE), 1 > > > +#endif > > > > I was under the impression that logically, all the bitops operated on > > the entire long the bit happend to be contained in, so checking the > > entire long would make more sense to me. > > > > FWIW, arm64's atomic bit ops are all implemented atop of atomic_long_* > > functions, which are instrumented, and always checks at the granularity > > of a long. I haven't seen splats from that when fuzzing with Syzkaller. > > > > Are you seeing bugs without this? > > bitops are not instrumented on x86 at all at the moment, so we have > not seen any splats. What we've seen are assorted crashes caused by > previous silent memory corruptions by incorrect bitops :) > > Good point. If arm already does this, I guess we also need to check > whole long's. For the default, we decided to err on the conservative side for now, since it seems that e.g. x86 operates only on the byte the bit is on. Other architectures that need bitops-instrumented.h may redefine BITOPS_INSTRUMENT_RANGE. Let me know what you prefer. Thanks, -- Marco