Received: by 2002:a17:90a:1609:0:0:0:0 with SMTP id n9csp2223554pja; Thu, 26 Mar 2020 11:37:56 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvxVI1cLkZX+s6eeAwNATJEVF24mzJrsW9Vxsn57X5f9Z8268vRkHZF27EcNswLZ8axNI0R X-Received: by 2002:aca:56cd:: with SMTP id k196mr1253482oib.85.1585247876267; Thu, 26 Mar 2020 11:37:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585247876; cv=none; d=google.com; s=arc-20160816; b=aWdeDd+M9bYLXs7oL6pxCJRU+nQe5rJaEZMQdfZvJHK0q9m7nSRBrW7FllsixK4Yg7 a+sdsLL958a181kXCxHkwzKFeZE/Ry9NoedWTtp5IAGvQu9HF8rz5JtQ2wuYY+V087We AkeJbp/jKWq6oThDCweiAlCpZFnq1e+fczZ0TjJmOn8+gqQTiB3tlJR5tDrRbzzzT+YR kAMnkkvyXb0IYPEUa1y//tKUKF1TRF8NBdr4n/9yOA2YR/Y0Izt+yh5lil758W7AXih0 LPurPLRmfHSTXmQ9Ip9gWhW/j8oWKp46DcZ+3MqbD5RWFNePdxJ+eRRUFOU22jMpE2X4 4cGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=1VavJ5Z7gke3ZjScCRX+571R0N4qJ3UtZHz2ejGsmPM=; b=Q7n7a+n71ZA3ufWobpFPe3sJNmrD7i3iG/hqzqdpXJB4fGPrpA+od89GGHCU4Rb/aZ g1P5L9R8xap0IUFYAHhTH7lNRCPhBCCsSkX5FUmbXr1cU4AHHIhNYat8OzdQzz3ybR1I 5Jehn+laQEoA7Uq4sMlN4FkEckQHEZyFZT6B63gqTvmguJJP4CqR3CiXQy9zNkIYSj1P uBdfRA2LG1DuOwSq0j79vY88akLCzrT9Z8VlTKVAtyf3qdmcSejo9nz++X5yyLHv6K1a EvY1MYVuRGjayjmvHvaIOXdW7oAq6263LdZWxTBgKt71rMCEU0Hgmj+ofFfNGu5CWQc2 8Spw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Mz03cmNX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a14si789368otr.170.2020.03.26.11.37.42; Thu, 26 Mar 2020 11:37:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Mz03cmNX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727907AbgCZShQ (ORCPT + 99 others); Thu, 26 Mar 2020 14:37:16 -0400 Received: from mail-pl1-f202.google.com ([209.85.214.202]:47927 "EHLO mail-pl1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726359AbgCZShP (ORCPT ); Thu, 26 Mar 2020 14:37:15 -0400 Received: by mail-pl1-f202.google.com with SMTP id l1so4932140pld.14 for ; Thu, 26 Mar 2020 11:37:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=1VavJ5Z7gke3ZjScCRX+571R0N4qJ3UtZHz2ejGsmPM=; b=Mz03cmNX3lc1A2QqylFfXvNRdrX0DjBFn1gcQjK0ks/DKwgYbSDKtGOipgxIVNOspV U3rWXJoXvESa/9DEAvWGE5+CPpTyseyH3B1GxBx7GzcIyrRQpCPuKedxRzPO0ehLzwBD PtoSBWMoIoilWe4sILCDjsEduSFQiCGXeHjuw8Ac4zX24FoXMyztCutVfu+JMtlFGrkd SUQSfU0uGngVqyJywlytT9J0ZOEs3HRFwKa8lrn8ndFP2D1dBTVw5pO/1D3GH28m/pQr JzHDh5wQCWyxzpoh6rGfgaxRXiFet/J25b44lepf/kHEqrYX1qMe/j/9GBCaB5lOK9Qp pJVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=1VavJ5Z7gke3ZjScCRX+571R0N4qJ3UtZHz2ejGsmPM=; b=OfH6i8so+KBP/jg56NSfoopvkgqOYmOPaGxxOgEZZuMjFfAuBzj8MvzCe4Vnl0pl4R 5qqKfq/TPPfb1jR7Np97FrCcQlrX5h7V0LkhgHwlB2KwZKPCznhf6PTJ+NADnnu1HLCR 1rZ2oNC1ZcN22zQx+nafS2F7yGwyXebVBuzHW0/XrYMrwB4OxJBfkr8zif7V8DWhP4/8 hhjlCy8KEmhhmVJHXHkGk9MnvA4cBfTnhqTCrJMyBhqGYpCnsK9DHT0Zf6dQ632tGCLT nRFaMRVaEZ48RAKVPSJzvHYjBYN//QCXgGI465MKhCbYDqv9yRI7MHT0vCNp/MZuUdDk nkVQ== X-Gm-Message-State: ANhLgQ3m+se+oJfPdH96EKKR4gryYeuvLio792aByhzueL6M29ybSItB jCI1CJQ+DskJbBJ3ZquwBAG96rXnVqOfjrzjLNE= X-Received: by 2002:a17:90b:1a8b:: with SMTP id ng11mr1469403pjb.109.1585247834008; Thu, 26 Mar 2020 11:37:14 -0700 (PDT) Date: Thu, 26 Mar 2020 11:37:06 -0700 In-Reply-To: <20200326134701.GA118458@rlwimi.vmware.com> Message-Id: <20200326183707.238474-1-ndesaulniers@google.com> Mime-Version: 1.0 References: <20200326134701.GA118458@rlwimi.vmware.com> X-Mailer: git-send-email 2.26.0.rc2.310.g2932bb562d-goog Subject: [PATCH v2] objtool: Documentation: document UACCESS warnings From: Nick Desaulniers To: jpoimboe@redhat.com, peterz@infradead.org Cc: Nick Desaulniers , Kamalesh Babulal , Matt Helsley , Randy Dunlap , Jonathan Corbet , Mauro Carvalho Chehab , Petr Mladek , Raphael Gault , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Compiling with Clang and CONFIG_KASAN=y was exposing a few warnings: call to memset() with UACCESS enabled Document how to fix these for future travelers. Link: https://github.com/ClangBuiltLinux/linux/issues/876 Suggested-by: Kamalesh Babulal Suggested-by: Matt Helsley Suggested-by: Peter Zijlstra Suggested-by: Randy Dunlap Signed-off-by: Nick Desaulniers --- Changes V1 -> V2: * fix typo of listing uaccess_enable() twice rather than uaccess_disable() as per Matt and Kamalesh. * fix type of "should called" to "should be called" as per Randy. * Mention non-obvious compiler instrumentation ie. -pg/mcount -mfentry/fentry via tracing as per Peter. * Add sentence "It also helps verify..." * Add potential fix "1) remove explicit..." .../Documentation/stack-validation.txt | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tools/objtool/Documentation/stack-validation.txt b/tools/objtool/Documentation/stack-validation.txt index de094670050b..faa47c3aafae 100644 --- a/tools/objtool/Documentation/stack-validation.txt +++ b/tools/objtool/Documentation/stack-validation.txt @@ -289,6 +289,32 @@ they mean, and suggestions for how to fix them. might be corrupt due to a gcc bug. For more details, see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70646 +9. file.o: warning: objtool: funcA() call to funcB() with UACCESS enabled + + This means that an unexpected call to a non-whitelisted function exists + outside of arch-specific guards. + X86: SMAP (stac/clac): __uaccess_begin()/__uaccess_end() + ARM: PAN: uaccess_enable()/uaccess_disable() + + These functions should be called to denote a minimal critical section around + access to __user variables. See also: https://lwn.net/Articles/517475/ + + The intention of the warning is to prevent calls to funcB() from eventually + calling schedule(), potentially leaking the AC flags state, and not + restoring them correctly. + + It also helps verify that there are no unexpected calls to funcB() which may + access user space pages with protections against doing so disabled. + + To fix, either: + 1) remove explicit calls to funcB() from funcA(). + 2) add the correct guards before and after calls to low level functions like + __get_user_size()/__put_user_size(). + 3) add funcB to uaccess_safe_builtin whitelist in tools/objtool/check.c, if + funcB obviously does not call schedule(), and is marked notrace (since + function tracing inserts additional calls, which is not obvious from the + sources). + If the error doesn't seem to make sense, it could be a bug in objtool. Feel free to ask the objtool maintainer for help. -- 2.26.0.rc2.310.g2932bb562d-goog