Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp4304709ybb; Mon, 23 Mar 2020 18:13:07 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvfo52RlFJ5TWic1zm+UKOIjnOBYY8LSBUs06QzQbWx61CIo1eW0CDJoMA9Ir4tBqz4DR6m X-Received: by 2002:a9d:3423:: with SMTP id v32mr6835657otb.46.1585012387368; Mon, 23 Mar 2020 18:13:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585012387; cv=none; d=google.com; s=arc-20160816; b=xyR2CrIUOdnE2NKlvXgO2UWx6PHC/I7fsDjdFPOUXydtAfRFVhOE3Rs4R25fASavCv mb2bqySvduOzWRuAvP62g0VHwDRHfeuBBj/HmZAp7BU9ezdLiqoaCAIAFST1u8zxav6V 5ZwaRtoRyjkb8cOhc1hzx5nK/nkzJFUVKjQaxdzJhHX+G5WXoZ7mRlrTyJPjFPCjyHv0 4fkCdns44X9vfV0gBLxp6SeS9n4TBg6NmHkn+ms3tVuEaLWdl220sb0R0HQaIYFq+DL6 pelxYilfgyfE9LGSqfpFnzxaF7AhcFJk2afxx9MwyNU7IvxTSsQaaqPxlYHnHsfRUUBO PsRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=PZYj1qXP9cUJY9iynaNb4XscpCafoCGGtBKmUDfUS/4=; b=RhmI5EcdnF6R8eEJ6ru+0gJSgy8WzU+syayP4uurtABq9f9PPTOCOHAEmSbKMM8TEX y2UTX7JIDqZTi3ALY88nzep3yvfUrWYHyALc3pRzSSoSk6oenqfyW8ZgxTtEQ0U/xbeW uZDB6RKriIBW86GOnlxqA/z5rJZTsFLV9mY1Vk7dOC3PwTo9XsQanlzN8gdijBvV8kzN THALEfqCe4vHfFGKrR5EsE0I6Knyx/yTtpyeLDReEGj7IUxgDXZTpV5wZtw3qitc0K4K Sa6A5Z+ethzdaNgFOL9lqB49QNytWrKWjzR4jvCN5kaI2Qu4YJXEg9S19TPfnm4jVwBe hbDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=lerPhT70; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i15si8386748ots.121.2020.03.23.18.12.54; Mon, 23 Mar 2020 18:13:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=lerPhT70; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727063AbgCXBMb (ORCPT + 99 others); Mon, 23 Mar 2020 21:12:31 -0400 Received: from bombadil.infradead.org ([198.137.202.133]:56712 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727022AbgCXBMb (ORCPT ); Mon, 23 Mar 2020 21:12:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To: Subject:Sender:Reply-To:Content-ID:Content-Description; bh=PZYj1qXP9cUJY9iynaNb4XscpCafoCGGtBKmUDfUS/4=; b=lerPhT70X2TfXzRff0m5vavcob yY1WpGXb07087FZ8mOg4nuSE+Sgfr2WuFlFbGr1XsfXNWIER+3C/z22uL+FOHJWBNQHXJfWjJdQpp Ckg061gGir6BDHQUrIaXAMXY2ArnrIGgsuZpuTvtZkKsBUCwDhqqQvlUia9qKuOiDlVp7AeGQ3Wef FA+IZlU6UUD/R7W3M8dVzvEBDqhhApaqWlYnHpgI9dVJ14bVGOFOGONUXseUd8YKnaHSCAm5yIwEr TNKZwcBdMkOJRJSCp/tyyP67NQTENbubVFoC9aeYmS4jSi89vKsg1sRvcZYu8FXtTRQszMWXULIS8 ub3XCSoQ==; Received: from [2601:1c0:6280:3f0::19c2] by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jGY7I-0001a8-UC; Tue, 24 Mar 2020 01:12:28 +0000 Subject: Re: [PATCH] objtool: Documentation: document UACCESS warnings To: Nick Desaulniers , jpoimboe@redhat.com, peterz@infradead.org Cc: Mauro Carvalho Chehab , Jonathan Corbet , Wolfram Sang , Kamalesh Babulal , Raphael Gault , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com References: <20200323212538.GN2452@worktop.programming.kicks-ass.net> <20200324001321.39562-1-ndesaulniers@google.com> From: Randy Dunlap Message-ID: Date: Mon, 23 Mar 2020 18:12:26 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <20200324001321.39562-1-ndesaulniers@google.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/23/20 5:13 PM, Nick Desaulniers wrote: > Compiling with Clang and CONFIG_KASAN=y was exposing a few warnings: > call to memset() with UACCESS enabled > > Document how to fix these for future travelers. > > Link: https://github.com/ClangBuiltLinux/linux/issues/876 > Suggested-by: Peter Zijlstra > Signed-off-by: Nick Desaulniers > --- > .../Documentation/stack-validation.txt | 20 +++++++++++++++++++ > 1 file changed, 20 insertions(+) > > diff --git a/tools/objtool/Documentation/stack-validation.txt b/tools/objtool/Documentation/stack-validation.txt > index de094670050b..156fee13ba02 100644 > --- a/tools/objtool/Documentation/stack-validation.txt > +++ b/tools/objtool/Documentation/stack-validation.txt > @@ -289,6 +289,26 @@ they mean, and suggestions for how to fix them. > might be corrupt due to a gcc bug. For more details, see: > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70646 > > +9. file.o: warning: objtool: funcA() call to funcB() with UACCESS enabled > + > + This means that an unexpected call to a non-whitelisted function exists > + outside of arch-specific guards. > + X86: SMAP (stac/clac): __uaccess_begin()/__uaccess_end() > + ARM: PAN: uaccess_enable()/uaccess_enable() > + > + These functions should called to denote a minimal critical section around should be called > + access to __user variables. See also: https://lwn.net/Articles/517475/ > + > + The intention of the warning is to prevent calls to funcB() from eventually > + calling schedule(), potentially leaking the AC flags state, and not > + restoring them correctly. > + > + To fix, either: > + 1) add the correct guards before and after calls to low level functions like > + __get_user_size()/__put_user_size(). > + 2) add funcB to uaccess_safe_builtin whitelist in tools/objtool/check.c, if > + funcB obviously does not call schedule(). > + > > If the error doesn't seem to make sense, it could be a bug in objtool. > Feel free to ask the objtool maintainer for help. > -- ~Randy