Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp1473079ybg;
        Tue, 2 Jun 2020 10:54:34 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwp2ORBy/CJiN3CLLNk7zF/9phnAtX4lRhwQGONNL0GNif9CRzL44LtiqC10rr4jfCPgVwY
X-Received: by 2002:a05:6402:362:: with SMTP id s2mr11095950edw.337.1591120473957;
        Tue, 02 Jun 2020 10:54:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1591120473; cv=none;
        d=google.com; s=arc-20160816;
        b=K55UjZuT/YCPrgfiouQsWCshxoyZqnLNqQBQt+iTXzdM57hYsr7bZYszm093ZC8NZY
         2yCST8Fed9W6/yyJROgCC9VPWaEbrJ62F1/HnwpBcBlxAEU3FVqV5xRv7rejzyhtwPBJ
         DQXSvoo5XmZwdCNndk+GeTCh1IsvCjb35uLf+ucyaalTJ0Kyamc3QiOHC4rCGsjE5LSw
         gDv1Yz0fsH4WasIvG1hKn8mVeLHuYkWPA2yilrVk7eHOUcXmc9HQd0r9th3Pr5zEVwpu
         rE53vlyrGGDN/rBoDOiVXRa2aGJfm79dKJ4CIrGO7iNeH2xKWRZp8J9B7eZ+cFyZV1rZ
         x/hA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=2z7vnRyBy5ncoXlkW8cnatBQyrXfqejt94sDIEUP2j4=;
        b=sKpJnxy1KAPYbuuwrytVx3vPYqVxYTQAvoPmy7njMd2C14IBAZJJUSiXcBALHFgywd
         AWzOUw0pF/si5Q+ZXfLOtIlZwPl6ShV0ClgS3li34u74KqQtD++psBxrwt4fKC5rLii/
         zSmHfOqw3b8EAWjO2RAMW7Q74Z7nWE3RUMurDhEVP0BfbE6kfvS7egO8WB5QAPbKk8oq
         IKeBV90MguI8oVsj6loGlcDYUcYSD+uRIT5mW+owqhfUTc6GF2jI/9VYGLCIOKszIJ7n
         Iqk3T8fLSyxTgr3nGaZkfuabi0IUYBzAnP9esBtXvDrbWEjryh9S+2Ezbv9Njbroh6FV
         oqeg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=YoqpL1g4;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id di14si1745293edb.559.2020.06.02.10.54.09;
        Tue, 02 Jun 2020 10:54:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=YoqpL1g4;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726842AbgFBRvz (ORCPT <rfc822;uzarths@gmail.com> + 99 others);
        Tue, 2 Jun 2020 13:51:55 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34148 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726019AbgFBRvy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 2 Jun 2020 13:51:54 -0400
Received: from mail-ot1-x343.google.com (mail-ot1-x343.google.com [IPv6:2607:f8b0:4864:20::343])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F402C05BD1E
        for <linux-kernel@vger.kernel.org>; Tue,  2 Jun 2020 10:51:54 -0700 (PDT)
Received: by mail-ot1-x343.google.com with SMTP id k15so8161838otp.8
        for <linux-kernel@vger.kernel.org>; Tue, 02 Jun 2020 10:51:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=2z7vnRyBy5ncoXlkW8cnatBQyrXfqejt94sDIEUP2j4=;
        b=YoqpL1g4uSpW54raEZFP7I5fg43ub0VRMXONqJe6PWBdBfZTspk0CdPFnw57k8Z9Ir
         hTj8iR+QeasPEgK+GKUcHpXzxbNfRF9Vq6xIXiK7KV778JVQK+CmAsjTdNG3PUAsz3ph
         sPkjnRGu6INh8W9wgVIyRwUyN33+dHs9YEKbMt+eHFOBDMKja8gsv44X/Angdgd26Lnx
         IzP6ldkFky1kEhl61JkdHXNThGyNGBwlYUZjaXfifAGqD76aECwb7V+JjmdzjQeCozMF
         NzR76A2GFTaSyHSoSg3NRB4QS4loLkcV4sroaw/2YYtd4JtTDy1mlKfJbq46HubDmaY8
         9oMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=2z7vnRyBy5ncoXlkW8cnatBQyrXfqejt94sDIEUP2j4=;
        b=jcQDs+G1sRP5lys9VrwM+Sc1fEuO+gWVCuu5u4WsgTeswrRyzSTbKO0OCcsHEGTO5v
         gHZnKZEJ+hhfXxXVtzN/BY7k3gfSMxX994nlmUhc/BggxuI9AN3T/qHgS/0TI3xUZfIC
         d2heXFcUXJ5nc5GElh8wEgYt7jaQxTJlFYXXWCJjVVLLxCdk9ANnXjO4/UtrZmMPbxYL
         471kbGap7GpZ0UQFuCSnIXx3108jrFvk5ObSJlWnHjIFarrndRxmqSIgwMJzI+Txv3u2
         KE55kASyzbidEC8CwHqP/+y3xAsZnqZlD7LDDeGgSHNMacukQmoSY6ZYQkr6dobHVoQH
         3NDA==
X-Gm-Message-State: AOAM532+GU3k46N4dtl6ORM5u5kZVsq//pWAtXnVnseMPo17kKRUn/sL
        KSLUZrlRRzQTLqYgPjgWWEKTagSEeM5UDFz4TubdEw==
X-Received: by 2002:a9d:27a3:: with SMTP id c32mr330184otb.233.1591120313403;
 Tue, 02 Jun 2020 10:51:53 -0700 (PDT)
MIME-Version: 1.0
References: <000000000000d2474c05a6c938fe@google.com> <CACT4Y+ajjB8RmG3_H_9r-kaRAZ05ejW02-Py47o7wkkBjwup3Q@mail.gmail.com>
 <87o8q6n38p.fsf@nanos.tec.linutronix.de> <20200529160711.GC706460@hirez.programming.kicks-ass.net>
 <20200529171104.GD706518@hirez.programming.kicks-ass.net> <CACT4Y+YB=J0+w7+SHBC3KpKOzxh1Xaarj1cXOPOLKPKQwAW6nQ@mail.gmail.com>
 <CANpmjNP7mKDaXE1=5k+uPK15TDAX+PsV03F=iOR77Pnczkueyg@mail.gmail.com> <20200602094141.GR706495@hirez.programming.kicks-ass.net>
In-Reply-To: <20200602094141.GR706495@hirez.programming.kicks-ass.net>
From:   Marco Elver <elver@google.com>
Date:   Tue, 2 Jun 2020 19:51:40 +0200
Message-ID: <CANpmjNOqSQ38DZxunagMLdBi8gjRN=14+FFXPhc+9SsUk+FiXQ@mail.gmail.com>
Subject: Re: PANIC: double fault in fixup_bad_iret
To:     Peter Zijlstra <peterz@infradead.org>
Cc:     Dmitry Vyukov <dvyukov@google.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        syzbot <syzbot+dc1fa714cb070b184db5@syzkaller.appspotmail.com>,
        LKML <linux-kernel@vger.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        Oleg Nesterov <oleg@redhat.com>,
        kasan-dev <kasan-dev@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

You were a bit faster with the other patches ;-) I was still
experimenting the the patches, but let me briefly respond here.

On Tue, 2 Jun 2020 at 11:41, Peter Zijlstra <peterz@infradead.org> wrote:
>
> On Mon, Jun 01, 2020 at 02:40:31PM +0200, Marco Elver wrote:
> > I think Peter wanted to send a patch to add __no_kcsan to noinstr:
> > https://lkml.kernel.org/r/20200529170755.GN706495@hirez.programming.kicks-ass.net
> >
> > In the same patch we can add __no_sanitize_address to noinstr. But:
> >
> > - We're missing a definition for __no_sanitize_undefined and
> > __no_sanitize_coverage.
>
> Do those function attributes actually work? Because the last time I
> played with some of that I didn't.

__no_sanitize_coverage won't work, because neither compiler has an
attribute to disable coverage instrumentation. I'll try and add this
to compilers, but KCOV_INSTRUMENT := n is in the right places right
now it seems. More on that in the patch adding this.

> Specifically: unmarked __always_inline functions must not generate
> instrumentation when they're inlined into a __no_*san function.
>
> (and that fails to build on some GCC versions, and I think fails to
> actually work on the rest of them, but I'd have to double check)

We'll probably need to bump the required compiler version if anybody
still attempts to use these old compilers with sanitizers. The precise
versions of compilers and what mixes with what is a bit of a
nightmare. For now I'd just say, let's add the attributes, and see
where that gets us. Surely it won't be more broken than before. ;-)

> > - We still need the above blanket no-instrument for x86 because of
> > GCC. We could guard it with "ifdef CONFIG_CC_IS_GCC".
>
> Right; so all of GCC is broken vs that function attribute stuff? Any
> plans of getting that fixed? Do we have GCC that care?
>
> Does the GCC plugin approach sound like a viable alternative
> implementation of all this?

I don't think it's realistic to maintain a GCC plugin like that
indefinitely. We can investigate, but it's not a quick fix.

> Anyway, we can make it:
>
> KASAN := SANITIZER_HAS_FUNCTION_ATTRIBUTES
>
> or something, and only make that 'y' when the compiler is sane.

We have all attributes except __no_sanitize_coverage. GCC <= 7 has
problems with __always_inline, so we may just have to bump the
required compiler or emit a warning.

> > Not sure what the best strategy is to minimize patch conflicts. For
> > now I could send just the patches to add missing definitions. If you'd
> > like me to send all patches (including modifying 'noinstr'), let me
> > know.
>
> If you're going to do patches anyway, might as well do that :-)

I was stuck on trying to find ways to emulate __no_sanitize_coverage
(with no success), and then agonizing which patches to send in which
sequence. ;-) You made that decision by sending the KCSAN noinstr
series first, so let me respond to that with what I think we can add
for KASAN and UBSAN at least.

Thanks,
-- Marco